| Project Name | CID | Checker | Category | Developer Description |
|---|---|---|---|---|
| Keldo/DCT | 1371072 | TAINTED_STRING | Insecure data handling | None, this application is far to small to have any significant effect on a systems memory |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
#include <iostream> #include <string> #include <cstdlib> #include <stdio.h> #include "version.h" int main() { static char version[] = VERSION_MAJOR "." VERSION_MINOR "." VERSION_PATCH "." VERSION_BUILD; static char timestamp[] = __DATE__ " " __TIME__; using std::string; using std::cin; using std::cout; string projectname; printf("\n"); printf("**** Created for Developers.****\n"); printf("Coded by TweDev dot Com.\n"); printf("Freedom in Open Source.\n"); printf("********************************\n"); std::cout << "Enter your project folders name: "; |
<< 1. "operator >>" taints variable "projectname".
25 26 27 28 29 30 31 32 33 |
std::cin >> projectname;
// Idea is to call tar, gzip and zip
// add the different parts into a string
// then convert to a char const* using c_str()
// create the project folder
printf("Creating your projects folders.\n"); |
<< 2. Call to function "operator +" with tainted argument "projectname" returns tainted data.
<< 3. Call to function "c_str" with tainted argument "std::basic_string<char, std::char_traits<char>, std::allocator<char> >("mkdir projects/" + projectname)" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
<<< CID 1371072: Insecure data handling TAINTED_STRING <<< 4. Passing tainted string "std::basic_string<char, std::char_traits<char>, std::allocator<char> >("mkdir projects/" + projectname).c_str()" to "system", which cannot accept tainted data.
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
system(("mkdir projects/" + projectname).c_str()); system(("mkdir projects/" + projectname + "/hash").c_str()); system(("mkdir projects/" + projectname + "/hash/zip").c_str()); system(("mkdir projects/" + projectname + "/hash/gzip").c_str()); system(("mkdir projects/" + projectname + "/hash/sha1").c_str()); system(("mkdir projects/" + projectname + "/hash/sha256").c_str()); system(("mkdir projects/" + projectname + "/hash/bz2").c_str()); printf("Compressing your application.\n"); system(("tar -cf " + projectname + ".tar " + projectname + "").c_str()); printf("Creating a gzip version.\n"); system(("gzip -9 " + projectname + ".tar ").c_str()); printf("Creating a zip version.\n"); system(("zip -rq " + projectname + ".zip " + projectname).c_str()); printf("Creating a bz2 version.\n"); system(("tar -cf " + projectname + ".tar " + projectname + "").c_str()); system(("bzip2 -zq --fast " + projectname + ".tar ").c_str()); printf("\n\n"); printf("Hashing your Compressed Files.\n"); printf("\n\n"); printf("MD5.\n"); system(("md5sum " + projectname + ".zip > zip-md5.log").c_str()); system(("md5sum " + projectname + ".tar.gz > gzip-md5.log").c_str()); system(("md5sum " + projectname + ".tar.bz2 > bz2-md5.log").c_str()); printf("\n\n"); |
| 1. tainted_string_argument | dct.cpp:25 | |
| 2. tainted_data_transitive | dct.cpp:34 | |
| 3. tainted_data_transitive | dct.cpp:34 | |
| 4. tainted_string | dct.cpp:34 |