-
Notifications
You must be signed in to change notification settings - Fork 65
/
Copy pathtypos.yaml
89 lines (89 loc) · 4.15 KB
/
typos.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
rules:
- id: raptor-typos
metadata:
author: Marco Ivaldi <raptor@0xdeadbeef.info>
references:
- https://cwe.mitre.org/data/definitions/480
- https://cwe.mitre.org/data/definitions/481
- https://cwe.mitre.org/data/definitions/482
- https://cwe.mitre.org/data/definitions/483
- https://g.co/kgs/PCHQjJ
- https://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-2016-v01.pdf
confidence: LOW
# NOTE: common issues with comments are not covered.
# NOTE: consider adding a focus-metavariable where applicable.
# NOTE: custom assertion macros are not covered.
message: >-
The programmer accidentally uses the wrong operator, which changes
the application logic in security-relevant ways. This rule also covers
some other common typo patterns.
severity: INFO
languages:
- c
- cpp
pattern-either:
# == instead of = in assignment (the ternary operator is not supported by Semgrep)
- pattern: for ($EXPR1 == $EXPR2; $EXPR3; $EXPR4) ...
- patterns:
- pattern: $EXPR1 == $EXPR2;
- pattern-not-inside: return $EXPR;
- pattern-not-inside: assert(...);
# = instead of == in comparison
- patterns:
- pattern: if (<... $EXPR1 = $EXPR2 ...>) ...
- pattern-not-inside: if (<... ($EXPR1 = $EXPR2) == $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 = $EXPR2) != $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 = $EXPR2) < $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 = $EXPR2) <= $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 = $EXPR2) > $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 = $EXPR2) >= $EXPR ...>) ...
# & instead of && in comparison
- patterns:
- pattern: if (<... $EXPR1 & $EXPR2 ...>) ...
- pattern-not-inside: if (<... ($EXPR1 & $EXPR2) == $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 & $EXPR2) != $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 & $EXPR2) < $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 & $EXPR2) <= $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 & $EXPR2) > $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 & $EXPR2) >= $EXPR ...>) ...
# | instead of || in comparison
- patterns:
- pattern: if (<... $EXPR1 | $EXPR2 ...>) ...
- pattern-not-inside: if (<... ($EXPR1 | $EXPR2) == $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 | $EXPR2) != $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 | $EXPR2) < $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 | $EXPR2) <= $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 | $EXPR2) > $EXPR ...>) ...
- pattern-not-inside: if (<... ($EXPR1 | $EXPR2) >= $EXPR ...>) ...
# =+ instead of += (and =- instead of -=)
- pattern: $EXPR1 =+ $EXPR2
# - pattern: $EXPR1 =- $EXPR2
# duplicate expressions
- pattern: ($EXPR && $EXPR)
- pattern: ($EXPR || $EXPR)
- pattern: ($EXPR == $EXPR)
- pattern: ($EXPR != $EXPR)
- pattern: ($EXPR < $EXPR)
- pattern: ($EXPR <= $EXPR)
- pattern: ($EXPR > $EXPR)
- pattern: ($EXPR >= $EXPR)
# assigning or comparing a char literal to a pointer (some types and literals are missing)
- pattern: (char * $PTR) = '\0'
- pattern: (char * $PTR) == '\0'
- pattern: (char * $PTR) != '\0'
# use of a string copy function instead of a string compare function in a condition
- pattern: if (<... strcpy(...) ...>) ...
- pattern: if (<... strncpy(...) ...>) ...
# ; at the end of if() or for() statement (empty else block not covered)
- pattern: if ($COND);
- pattern: for ($EXPR1; $EXPR2; $EXPR3);
# accidental octal conversion
- patterns:
- pattern-either:
- pattern: $TYPE $ARR[$LEN];
- pattern: $TYPE $ARR[$LEN] = $EXPR;
- metavariable-regex:
metavariable: $LEN
regex: '^0[^xX].*'
# missing {} in if() statement (too many false positives)
# - pattern: if ($COND) $BODY;