-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
567cada
commit e803108
Showing
4 changed files
with
67 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
// ruleid: reinterpret_cast | ||
std::string_view der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded), cert->cbCertEncoded); | ||
// ruleid: reinterpret_cast | ||
const uint8_t* string_data =reinterpret_cast<const uint8_t*>(response_body.data()); | ||
// ruleid: reinterpret_cast | ||
uint32_t value = *reinterpret_cast<const uint32_t*>(bytes.data()); | ||
// ruleid: reinterpret_cast | ||
int rv = PKCS5_PBKDF2_HMAC(mnemonic.data(), mnemonic.length(), reinterpret_cast<const uint8_t*>(salt.data()), salt.length(), 2048, EVP_sha512(),seed->size(), seed->data()); | ||
// ruleid: reinterpret_cast | ||
float* float_data = reinterpret_cast<float*>(const_cast<uint8_t*>(data)); | ||
// ok: reinterpret_cast | ||
auto orig_fn = reinterpret_cast<GetModuleFileNameExWFunction>(g_originals.functions[GET_MODULE_FILENAME_EX_W_ID]); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
rules: | ||
- id: reinterpret_cast | ||
metadata: | ||
author: Artem Chaikin | ||
references: | ||
- https://chromium.googlesource.com/chromium/src/+/main/docs/unsafe_buffers.md#Avoid-reinterpret_cast | ||
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/reinterpret_casts.yaml | ||
assignees: | | ||
stoletheminerals | ||
thypon | ||
cdesouza-chromium | ||
languages: [cpp] | ||
message: "Using `reinterpret_cast` against some data types may lead to undefined bheaviour. In general, when needing to do these conversions, check how Chromium upstream does them. Most of the times a reinterpret_cast is wrong and there's no guarantee the compiler will generate the code that you thought it would." | ||
severity: WARNING | ||
patterns: | ||
- pattern: reinterpret_cast<$T>($ARG) | ||
- metavariable-regex: | ||
metavariable: $T | ||
regex: ^(.*int.*|.*double.*|.*float.*|.*char.*)$ # this probably needs to be tweaked |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
// ruleid: unsafe_cpp_constructs | ||
UNSAFE_BUFFERS(data()); | ||
// ruleid: unsafe_cpp_constructs | ||
UNSAFE_TODO(base::make_span(&web_script_source, 1u)); | ||
// ruleid: unsafe_cpp_constructs | ||
std::next(it); | ||
// ruleid: unsafe_cpp_constructs | ||
std::advance(cert_iter, cert_idx); | ||
// ruleid: unsafe_cpp_constructs | ||
std::prev(it); | ||
// ruleid: unsafe_cpp_constructs | ||
const void* const kUserDataKey = &kUserDataKey; | ||
// ok: unsafe_cpp_constructs | ||
static void RegisterCallback(AtExitCallbackType func, uint8_t param); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
rules: | ||
- id: unsafe_cpp_constructs | ||
metadata: | ||
author: Artem Chaikin | ||
references: | ||
- https://github.com/brave/brave-browser/wiki/Security-reviews | ||
source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/unsafe_cpp_constructs.yaml | ||
assignees: | | ||
stoletheminerals | ||
thypon | ||
cdesouza-chromium | ||
languages: [cpp] | ||
message: "Potentially unsafe C++ construct detected" | ||
severity: WARNING | ||
patterns: | ||
- pattern-either: | ||
- pattern: "UNSAFE_TODO(...)" | ||
- pattern: "UNSAFE_BUFFERS(...)" | ||
- pattern: "std::next(...)" | ||
- pattern: "std::advance(...)" | ||
- pattern: "std::prev(...)" | ||
- pattern-regex: "void\\*" |