0xdea
Rules update
Hi Marco, congratulations for this repository!
With this pull request, I propose a little update about these rules:
- command-injection: exec* checks
- double-free: support to loops
- incorrect-use-of-free: return without free
- incorrect-use-of-strncat: added the use of strnlen
And a new rule:
- insecure-random-seed: situations about the use of dangerous seeds.
I hope to have time in future to contribute also on the other rules. ✌️
Hi Riccardo, thank you for your interest in this project!
I'm going to need some time to properly review your PR before accepting it. Just a few remarks after a cursory look:
- command-injection: exec* checks - unless I'm missing something, these are not command injections, but argument injections at best
- double-free: support to loops - this could be a valid PR, I've got to look into it more closely to ensure that it doesn't cause too many false positives... My original rule is definitely suboptimal, but I found it tricky to improve it while keeping it reliable enough
- incorrect-use-of-free: return without free - this detects a memory leak; as a choice, my ruleset doesn't detect those as their security impact is not particularly interesting
- incorrect-use-of-strncat: added the use of strnlen - this looks like a valid improvement
- insecure-random-seed: situations about the use of dangerous seeds - this new rule looks interesting, but so far I don't have any taint rules in my ruleset, so it would need some testing to get used to it
Thanks again for the contribution 👍
Hi Marco, I completely agree with your comments. Please let me know if you would like me to modify anything.
Regarding the taint mode, I strongly suggest considering it, since Semgrep Pro (taint mode with interfile and interprocedure) offers interfile and interprocedure analysis at no extra cost (for single users).
Cheers!