|
- /* TEMPLATE GENERATED TESTCASE FILE
- Filename: CWE606_Unchecked_Loop_Condition__char_environment_01.c
- Label Definition File: CWE606_Unchecked_Loop_Condition.label.xml
- Template File: sources-sinks-01.tmpl.c
- */
- /*
- * @description
- * CWE: 606 Unchecked Input For Loop Condition
- * BadSource: environment Read input from an environment variable
- * GoodSource: Input a number less than MAX_LOOP
- * Sinks:
- * GoodSink: Use data as the for loop variant after checking to see if it is less than MAX_LOOP
- * BadSink : Use data as the for loop variant without checking its size
- * Flow Variant: 01 Baseline
- *
- * */
-
- #include "std_testcase.h"
-
- #define MAX_LOOP 10000
-
- #ifndef _WIN32
- #include <wchar.h>
- #endif
-
- #define ENV_VARIABLE "ADD"
-
- #ifdef _WIN32
- #define GETENV getenv
- #else
- #define GETENV getenv
- #endif
-
- #ifndef OMITBAD
-
- void CWE606_Unchecked_Loop_Condition__char_environment_01_bad()
- {
- char * data;
- char dataBuffer[100] = "";
- data = dataBuffer;
- {
- /* Append input from an environment variable to data */
- size_t dataLen = strlen(data);
- char * environment = GETENV(ENV_VARIABLE);
- /* If there is data in the environment variable */
- if (environment != NULL)
- {
- /* POTENTIAL FLAW: Read data from an environment variable */
- strncat(data+dataLen, environment, 100-dataLen-1);
- }
- }
- {
- int i, n, intVariable;
- if (sscanf(data, "%d", &n) == 1)
- {
- /* POTENTIAL FLAW: user-supplied value 'n' could lead to very large loop iteration */
- intVariable = 0;
- for (i = 0; i < n; i++)
- {
- /* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */
- intVariable++; /* avoid a dead/empty code block issue */
- }
- printIntLine(intVariable);
- }
- }
- }
-
- #endif /* OMITBAD */
-
- #ifndef OMITGOOD
-
- /* goodG2B uses the GoodSource with the BadSink */
- static void goodG2B()
- {
- char * data;
- char dataBuffer[100] = "";
- data = dataBuffer;
- /* FIX: Set data to a number less than MAX_LOOP */
- strcpy(data, "15");
- {
- int i, n, intVariable;
- if (sscanf(data, "%d", &n) == 1)
- {
- /* POTENTIAL FLAW: user-supplied value 'n' could lead to very large loop iteration */
- intVariable = 0;
- for (i = 0; i < n; i++)
- {
- /* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */
- intVariable++; /* avoid a dead/empty code block issue */
- }
- printIntLine(intVariable);
- }
- }
- }
-
- /* goodB2G uses the BadSource with the GoodSink */
- static void goodB2G()
- {
- char * data;
- char dataBuffer[100] = "";
- data = dataBuffer;
- {
- /* Append input from an environment variable to data */
- size_t dataLen = strlen(data);
- char * environment = GETENV(ENV_VARIABLE);
- /* If there is data in the environment variable */
- if (environment != NULL)
- {
- /* POTENTIAL FLAW: Read data from an environment variable */
- strncat(data+dataLen, environment, 100-dataLen-1);
- }
- }
- {
- int i, n, intVariable;
- if (sscanf(data, "%d", &n) == 1)
- {
- /* FIX: limit loop iteration counts */
- if (n < MAX_LOOP)
- {
- intVariable = 0;
- for (i = 0; i < n; i++)
- {
- /* INCIDENTAL: CWE 561: Dead Code - non-avoidable if n <= 0 */
- intVariable++; /* avoid a dead/empty code block issue */
- }
- printIntLine(intVariable);
- }
- }
- }
- }
-
- void CWE606_Unchecked_Loop_Condition__char_environment_01_good()
- {
- goodG2B();
- goodB2G();
- }
-
- #endif /* OMITGOOD */
-
- /* Below is the main(). It is only used when building this testcase on
- its own for testing or for building a binary to use in testing binary
- analysis tools. It is not used when compiling all the testcases as one
- application, which is how source code analysis tools are tested. */
-
- #ifdef INCLUDEMAIN
-
- int main(int argc, char * argv[])
- {
- /* seed randomness */
- srand( (unsigned)time(NULL) );
- #ifndef OMITGOOD
- printLine("Calling good()...");
- CWE606_Unchecked_Loop_Condition__char_environment_01_good();
- printLine("Finished good()");
- #endif /* OMITGOOD */
- #ifndef OMITBAD
- printLine("Calling bad()...");
- CWE606_Unchecked_Loop_Condition__char_environment_01_bad();
- printLine("Finished bad()");
- #endif /* OMITBAD */
- return 0;
- }
-
- #endif
|
