Function cwe_checker_lib::checkers::cwe_243::check_cwe

source · 
pub fn check_cwe(
    analysis_results: &AnalysisResults<'_>,
    cwe_params: &Value
) -> (Vec<LogMessage>, Vec<CweWarning>)
Expand description

Run the check.

For each call to chroot we check

  • that it is either followed by a call to chdir in the same function
  • or that the same function contains calls to chdir and a call to a function that can be used to drop priviledges.

If both are false, we assume that the chroot-jail is insecure and report a CWE hit.