1 /* Test flawfinder.  This program won't compile or run; that's not necessary
2    for this to be a useful test. */
3 
4 #include <stdio.h>
5 #define hello(x) goodbye(x)
6 #define WOKKA "stuff"
7 
main()8 main() {
9  printf("hello\n");
10 }
11 
12 /* This is a strcpy test. */
13 
demo(char * a,char * b)14 int demo(char *a, char *b) {
15  strcpy(a, "\n"); // Did this work?
16  strcpy(a, gettext("Hello there")); // Did this work?
17  strcpy(b, a);
18  sprintf(s, "\n");
19  sprintf(s, "hello");
20  sprintf(s, "hello %s", bug);
21  sprintf(s, gettext("hello %s"), bug);
22  sprintf(s, unknown, bug);
23  printf(bf, x);
24  scanf("%d", &x);
25  scanf("%s", s);
26  scanf("%10s", s);
27  scanf("%s", s);
28  gets(f); // Flawfinder: ignore
29  printf("\\");
30  /* Flawfinder: ignore */
31  gets(f);
32  gets(f);
33  /* These are okay, but flawfinder version < 0.20 incorrectly used
34     the first parameter as the parameter for the format string */
35  syslog(LOG_ERR,"cannot open config file (%s): %s",filename,strerror(errno))
36  syslog(LOG_CRIT,"malloc() failed");
37  /* But this one SHOULD trigger a warning. */
38  syslog(LOG_ERR, attacker_string);
39 
40 }
41 
42 
43 
demo2()44 demo2() {
45   char d[20];
46   char s[20];
47   int n;
48 
49   _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */
50   memcpy(d,s);
51   CopyMemory(d,s);
52   lstrcat(d,s);
53   strncpy(d,s);
54   _tcsncpy(d,s);
55   strncat(d,s,10);
56   strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */
57   _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */
58   n = strlen(d);
59   /* This is wrong, and should be flagged as risky: */
60   MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));
61   /* This is also wrong, and should be flagged as risky: */
62   MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);
63   /* This is much better: */
64   MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));
65   /* This is much better: */
66   MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0]));
67   /* This is an example of bad code - the third paramer is NULL, so it creates
68      a NULL ACL.  Note that Flawfinder can't detect when a
69      SECURITY_DESCRIPTOR structure is manually created with a NULL value
70      as the ACL; doing so would require a tool that handles C/C++
71      and knows about types more that flawfinder currently does.
72      Anyway, this needs to be detected: */
73   SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);
74   /* This one is a bad idea - first param shouldn't be NULL */
75   CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", "");
76   /* Test interaction of quote characters */
77   printf("%c\n", 'x');
78   printf("%c\n", '"');
79   printf("%c\n", '\"');
80   printf("%c\n", '\'');
81   printf("%c\n", '\177');
82   printf("%c\n", '\xfe');
83   printf("%c\n", '\xd');
84   printf("%c\n", '\n');
85   printf("%c\n", '\\');
86   printf("%c\n", "'");
87 }
88 
89 
getopt_example(int argc,char * argv[])90 int getopt_example(int argc,char *argv[]) {
91     while ((optc = getopt_long (argc, argv, "a",longopts, NULL )) != EOF) {
92     }
93 }
94 
testfile()95 int testfile() {
96   FILE *f;
97   f = fopen("/etc/passwd", "r");
98   fclose(f);
99 }
100 
101 /* Regression test: handle \\\n after end of string */
102 
103 #define assert(x) {\
104  if (!(x)) {\
105  fprintf(stderr,"Assertion failed.\n"\
106  "File: %s\nLine: %d\n"\
107  "Assertion: %s\n\n"\
108  ,__FILE__,__LINE__,#x);\
109  exit(1);\
110  };\
111  }
112 
accesstest()113 int accesstest() {
114   int access = 0; /* Not a function call.  Should be caught by the
115                      false positive test, and NOT labelled as a problem. */
116 }
117 
118