CERT C:Rec.FIO02-C

Canonicalize path names originating from tainted sources

全页展开

描述

规则定义

Canonicalize path names originating from tainted sources.¹

Polyspace 实现

规则检查项检查是否存在易受攻击的路径操作。

示例

全部展开

易受攻击的路径操作

问题

易受攻击的路径操作检测相对或绝对路径遍历。如果路径遍历包含受污染的源，或者您使用该路径打开/创建文件，Bug Finder 会引发缺陷。

风险

相对路径元素（例如 ".."）可能会解析为目标文件夹之外的位置。绝对路径元素（例如 "/abs/path"）也可以解析为目标文件夹之外的位置。

攻击者可以使用这些类型的路径遍历元素遍历文件系统的其余部分，并访问其他文件或文件夹。

修复

避免使用易受攻击的路径遍历元素，例如 /../ 和 /abs/path/。尽可能使用固定的文件名和位置。

示例 - 相对路径遍历

# include <stdio.h>
# include <string.h>
# include <wchar.h>
# include <sys/types.h>
# include <sys/stat.h>
# include <fcntl.h>
# include <unistd.h>
# include <stdlib.h>
# define BASEPATH "/tmp/"
# define FILENAME_MAX 512

static void Relative_Path_Traversal(void)
{
    char * data;
    char data_buf[FILENAME_MAX] = BASEPATH;
    char sub_buf[FILENAME_MAX];

    if (fgets(sub_buf, FILENAME_MAX, stdin) == NULL) exit (1);
    data = data_buf;
    strcat(data, sub_buf);

    FILE *file = NULL;
    file = fopen(data, "wb+");  //Noncompliant
    if (file != NULL) fclose(file);
}

int path_call(void){
    Relative_Path_Traversal();
}

此示例从 "/tmp/" 打开一个文件，但使用的是相对于该文件的相对路径。当 fopen 打开文件时，外部用户可以操作此相对路径。

更正 - 使用固定文件名

一种可能的更正方法是使用固定文件名代替相对路径。此示例使用 file.txt。

# include <stdio.h>
# include <string.h>
# include <wchar.h>
# include <sys/types.h>
# include <sys/stat.h>
# include <fcntl.h>
# include <unistd.h>
# include <stdlib.h>
# define BASEPATH "/tmp/"
# define FILENAME_MAX 512

static void Relative_Path_Traversal(void)
{
    char * data;
    char data_buf[FILENAME_MAX] = BASEPATH;
    data = data_buf;

    /* FIX: Use a fixed file name */
    strcat(data, "file.txt");
    FILE *file = NULL;
    file = fopen(data, "wb+");  
    if (file != NULL) fclose(file);
}

int path_call(void){
    Relative_Path_Traversal();
}

检查信息

组：Rec.09.输入输出 (FIO)

版本历史记录

在 R2019a 中推出

另请参阅

检查 SEI CERT-C (-cert-c)

主题

检查并审查编码标准违规

外部网站

FIO02-C

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.