Struct cwe_checker_lib::checkers::cwe_337::Context

source · 
pub struct Context<'a> { /* private fields */ }
Expand description

The Context struct for the taint analysis.

Trait Implementations§

source§

impl<'a> AsRef<Project> for Context<'a>

source§

fn as_ref(&self) -> &Project

Converts this type into a shared reference of the (usually inferred) input type.
source§

impl<'a> HasCfg<'a> for Context<'a>

source§

fn get_cfg(&self) -> &Graph<'a>

Returns a reference to the control flow graph managed by this type.
source§

impl<'a> HasVsaResult<DataDomain<IntervalDomain>> for Context<'a>

source§

fn vsa_result(&self) -> &impl VsaResult<ValueDomain = PiData>

Converts a reference to Self into a reference to a type that implements VsaResult with ValueDomain T.
source§

impl<'a> TaintAnalysis<'a> for Context<'a>

source§

fn update_call_stub(&self, state: &TaState, call: &Term<Jmp>) -> Option<TaState>

Generate a CWE warning if taint may be contained in the arguments to a sink function.

If this is a call to a sink function and the passed arguments may contain taint we generate a CWE waning and return None to suppress the generation of further warnings. Else we just clear the taint from all non-caller-saved registers.

source§

fn handle_empty_state_out(&self, _tid: &Tid) -> Option<State>

Called when a transition function mapped the input state to the empty state. Read more
source§

fn update_call_generic( &self, state: &State, call_tid: &Tid, calling_convention_hint: &Option<String> ) -> Option<State>

Update taint state on a function call without further target information. Read more
source§

fn update_call( &self, _state: &State, _call: &Term<Jmp>, _target: &CfgNode<'_>, _calling_convention: &Option<String> ) -> Option<State>

Transition function for edges of type Call. Read more
source§

fn update_extern_call( &self, state: &State, _call: &Term<Jmp>, project: &Project, extern_symbol: &ExternSymbol ) -> Option<State>

Transition function for calls to external functions. Read more
source§

fn update_jump( &self, state: &State, jump: &Term<Jmp>, _untaken_conditional: Option<&Term<Jmp>>, _target: &Term<Blk> ) -> Option<State>

Returns the new taint state after a jump. Read more
source§

fn update_return_callee( &self, _state: &State, _call_term: &Term<Jmp>, _return_term: &Term<Jmp>, _calling_convention: &Option<String> ) -> Option<State>

Corresponds to returns from calls to other functions within the program. Read more
source§

fn update_return( &self, state_before_return: Option<&State>, state_before_call: Option<&State>, call_term: &Term<Jmp>, return_term: &Term<Jmp>, calling_convention: &Option<String> ) -> Option<State>

Corresponds to returns from calls to other functions within the program. Read more
source§

fn update_def_assign( &self, state: &State, _tid: &Tid, var: &Variable, value: &Expression ) -> State

Returns the new taint state after an assignment. Read more
source§

fn update_def_load( &self, state: &State, tid: &Tid, var: &Variable, _address: &Expression ) -> State

Returns the new taint state after a load from memory. Read more
source§

fn update_def_store( &self, state: &State, tid: &Tid, _address: &Expression, value: &Expression ) -> State

Returns the new taint state after a store to memory. Read more
source§

fn update_def_post( &self, _old_state: &State, new_state: State, def: &Term<Def> ) -> Option<State>

Returns the new taint state after processing a single Def term. Read more

Auto Trait Implementations§

§

impl<'a> RefUnwindSafe for Context<'a>

§

impl<'a> Send for Context<'a>

§

impl<'a> Sync for Context<'a>

§

impl<'a> Unpin for Context<'a>

§

impl<'a> UnwindSafe for Context<'a>

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<'a, T> Context<'a> for T
where T: TaintAnalysis<'a>,

§

type Value = State

The type of the values that are assigned to nodes during the fixpoint computation.
source§

fn get_graph(&self) -> &Graph<Node<'a>, Edge<'a>>

Get a reference to the graph that the fixpoint is computed on.
source§

fn merge( &self, state1: &<T as Context<'a>>::Value, state2: &<T as Context<'a>>::Value ) -> <T as Context<'a>>::Value

Merge two node values.
source§

fn specialize_conditional( &self, state: &<T as Context<'a>>::Value, _condition: &Expression, _block_before_condition: &Term<Blk>, _is_true: bool ) -> Option<<T as Context<'a>>::Value>

This function is used to refine the value using the information on which branch was taken on a conditional jump.
source§

fn update_call( &self, state: &<T as Context<'a>>::Value, call: &Term<Jmp>, target: &Node<'_>, calling_convention: &Option<String> ) -> Option<<T as Context<'a>>::Value>

Transition function for in-program calls.
source§

fn update_call_stub( &self, state: &<T as Context<'a>>::Value, call: &Term<Jmp> ) -> Option<<T as Context<'a>>::Value>

Transition function for calls to functions not contained in the binary. The corresponding edge goes from the callsite to the returned-to block.
source§

fn update_jump( &self, state: &<T as Context<'a>>::Value, jump: &Term<Jmp>, untaken_conditional: Option<&Term<Jmp>>, target: &Term<Blk> ) -> Option<<T as Context<'a>>::Value>

Transition function for (conditional and unconditional) Jmp terms.
source§

fn update_def( &self, state: &<T as Context<'a>>::Value, def: &Term<Def> ) -> Option<<T as Context<'a>>::Value>

Transition function for Def terms. The transition function for a basic block is computed by iteratively applying this function to the starting value for each Def term in the basic block. The iteration short-circuits and returns None if update_def returns None at any point.
source§

fn update_return( &self, state_before_return: Option<&State>, state_before_call: Option<&State>, call_term: &Term<Jmp>, return_term: &Term<Jmp>, calling_convention: &Option<String> ) -> Option<State>

Transition function for return instructions. Has access to the value at the callsite corresponding to the return edge. This way one can recover caller-specific information on return from a function.
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.