1 /* Test flawfinder. This program won't compile or run; that's not necessary
2 for this to be a useful test. */
3
4 #include <stdio.h>
5 #define hello(x) goodbye(x)
6 #define WOKKA "stuff"
7
main()8 main() {
9 printf("hello\n");
10 }
11
12 /* This is a strcpy test. */
13
demo(char * a,char * b)14 int demo(char *a, char *b) {
15 strcpy(a, "\n"); // Did this work?
16 strcpy(a, gettext("Hello there")); // Did this work?
17 strcpy(b, a);
18 sprintf(s, "\n");
19 sprintf(s, "hello");
20 sprintf(s, "hello %s", bug);
21 sprintf(s, gettext("hello %s"), bug);
22 sprintf(s, unknown, bug);
23 printf(bf, x);
24 scanf("%d", &x);
25 scanf("%s", s);
26 scanf("%10s", s);
27 scanf("%s", s);
28 gets(f); // Flawfinder: ignore
29 printf("\\");
30 /* Flawfinder: ignore */
31 gets(f);
32 gets(f);
33 /* These are okay, but flawfinder version < 0.20 incorrectly used
34 the first parameter as the parameter for the format string */
35 syslog(LOG_ERR,"cannot open config file (%s): %s",filename,strerror(errno))
36 syslog(LOG_CRIT,"malloc() failed");
37 /* But this one SHOULD trigger a warning. */
38 syslog(LOG_ERR, attacker_string);
39
40 }
41
42
43
demo2()44 demo2() {
45 char d[20];
46 char s[20];
47 int n;
48
49 _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */
50 memcpy(d,s);
51 CopyMemory(d,s);
52 lstrcat(d,s);
53 strncpy(d,s);
54 _tcsncpy(d,s);
55 strncat(d,s,10);
56 strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */
57 _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */
58 n = strlen(d);
59 /* This is wrong, and should be flagged as risky: */
60 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));
61 /* This is also wrong, and should be flagged as risky: */
62 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);
63 /* This is much better: */
64 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));
65 /* This is much better: */
66 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0]));
67 /* This is an example of bad code - the third paramer is NULL, so it creates
68 a NULL ACL. Note that Flawfinder can't detect when a
69 SECURITY_DESCRIPTOR structure is manually created with a NULL value
70 as the ACL; doing so would require a tool that handles C/C++
71 and knows about types more that flawfinder currently does.
72 Anyway, this needs to be detected: */
73 SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);
74 /* This one is a bad idea - first param shouldn't be NULL */
75 CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", "");
76 /* Test interaction of quote characters */
77 printf("%c\n", 'x');
78 printf("%c\n", '"');
79 printf("%c\n", '\"');
80 printf("%c\n", '\'');
81 printf("%c\n", '\177');
82 printf("%c\n", '\xfe');
83 printf("%c\n", '\xd');
84 printf("%c\n", '\n');
85 printf("%c\n", '\\');
86 printf("%c\n", "'");
87 }
88
89
getopt_example(int argc,char * argv[])90 int getopt_example(int argc,char *argv[]) {
91 while ((optc = getopt_long (argc, argv, "a",longopts, NULL )) != EOF) {
92 }
93 }
94
testfile()95 int testfile() {
96 FILE *f;
97 f = fopen("/etc/passwd", "r");
98 fclose(f);
99 }
100
101 /* Regression test: handle \\\n after end of string */
102
103 #define assert(x) {\
104 if (!(x)) {\
105 fprintf(stderr,"Assertion failed.\n"\
106 "File: %s\nLine: %d\n"\
107 "Assertion: %s\n\n"\
108 ,__FILE__,__LINE__,#x);\
109 exit(1);\
110 };\
111 }
112
accesstest()113 int accesstest() {
114 int access = 0; /* Not a function call. Should be caught by the
115 false positive test, and NOT labelled as a problem. */
116 }
117
118