Skip to content

Commit

Permalink
chromium-uaf.yaml: add remote and receiver
Browse files Browse the repository at this point in the history
  • Loading branch information
thypon committed Jul 17, 2023
1 parent 3ec7c07 commit e74b832
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 0 deletions.
5 changes: 5 additions & 0 deletions assets/semgrep_rules/c/chromium-uaf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ rules:
- pattern: base::Unretained(...)
- pattern-not-inside: web_ui()->RegisterMessageCallback(...)
- pattern-not-inside: pref_change_registrar_.Add(...)
- pattern-not-inside: receiver_.set_disconnect_handler(...)
- pattern-not-inside: receiver_.set_disconnect_with_reason_handler(...)
- pattern-not-inside: remote_.set_disconnect_handler(...)
- pattern-not-inside: remote_.set_disconnect_with_reason_handler(...)

metadata:
author: Andrea Brancaleoni <abc@pompel.me>
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/c/chromium-uaf.yaml
Expand Down
16 changes: 16 additions & 0 deletions t3sts/semgrep_rules/uaf.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -50,4 +50,20 @@ v8::Local<v8::Promise> uaf(v8::Isolate* isolate) {
prefs::kEnabled,
base::BindRepeating(&AdsServiceImpl::OnEnabledPrefChanged,
base::Unretained(this)));

// ok: chromium-unretained-uaf
receiver_.set_disconnect_handler(
base::BindOnce(&LoggerImpl::OnError, base::Unretained(this)));

// ok: chromium-unretained-uaf
remote_.set_disconnect_handler(
base::BindOnce(&LoggerImpl::OnError, base::Unretained(this)));

// ok: chromium-unretained-uaf
receiver_.set_disconnect_with_reason_handler(
base::BindOnce(&LoggerImpl::OnError, base::Unretained(this)));

// ok: chromium-unretained-uaf
remote_.set_disconnect_with_reason_handler(
base::BindOnce(&LoggerImpl::OnError, base::Unretained(this)));
}

0 comments on commit e74b832

Please sign in to comment.