Comments (3)
jbj
commented on May 19, 2024
Thanks for the report. It looks like the our analysis is getting confused by the reuse of buffer for two different purposes in one function. When a tainted value is assigned by reference, taint will flow from the argument to all other uses of the same variable. We're working on new taint-tracking libraries that should not be fooled by such code, but I can't say when we'll start using them in exactly that query.
As a mitigation, I recommend using two different buffers for the two different purposes. A good optimizing compiler should allocate them on top of each other because their uses don't overlap.
If you are ever concerned that someone can be tricked into running your program with a cgroup name containing a single quote, then perhaps you'll want to avoid composing a shell command in the buffer at all.
from codeql.
ktsaou
commented on May 19, 2024
Thank you!
If you are ever concerned that someone can be tricked into running your program with a cgroup name containing a single quote, then perhaps you'll want to avoid composing a shell command in the buffer at all.
Yes, this is already taken care of: https://github.com/firehol/netdata/blob/49dea6ba3f842cd0ee4765dd1f2ecda1d294193a/src/cgroup-network.c#L512-L555
from codeql.
jbj
commented on May 19, 2024
The internal Jira ticket for the taint-tracking library replacement is CPP-462.
from codeql.
Related Issues (20)
- Add dummy passwords to documentation for rule 'js/hardcoded-passwords' HOT 4
- False positive for jsonwebtoken.sign with a dummy password used as a secret key HOT 7
- CodeQL being very slow when passed --command parameter HOT 3
- False positive - go/allocation-size-overflow HOT 2
- CodeQL python scan failing HOT 5
- False positive: go/uncontrolled-allocation-size, even though length is limited via `min` function HOT 1
- General issue
- CPP SimpleRangeAnalysis::getTruncatedUpperBounds NegativeArraySizeException HOT 3
- Taint Tracking to a LocalVariable HOT 2
- General issue
- CodeQL run time increased from mins to hours HOT 8
- [cpp] extractor crashed when creating database HOT 4
- Create a database from a project with Bazel, can't do it HOT 2
- CodeQL is throwing errors while analyzing on a python flask app HOT 4
- Go Autobuild failure reason unclear HOT 2
- Problems porting deprecated DataFlow to new IR DataFlow (field-involved) HOT 2
- False positive - A secret detected in a go context causes codeql to think all context values are secret HOT 3
- [REMOVED]
- Insecure randomness - Documentation issue - Code example is misleading and could be improved HOT 3
- Python: Dataflow fails when Class attributes are accessed as Instance attributes. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from codeql.