From f975d4dc3fab74b5f6a2514efa91e228738371b0 Mon Sep 17 00:00:00 2001
From: Thomas Barabosch <thomas.barabosch@fkie.fraunhofer.de>
Date: Thu, 18 Jul 2019 16:47:26 +0200
Subject: [PATCH] Fixed CWE367: use symbols defined in config.json

---
 CHANGES.md              |  1 +
 src/checkers/cwe_367.ml | 53 ++++++++++++++++++++++-------------------
 2 files changed, 30 insertions(+), 24 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index ebb561d9d..f94a36694 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -2,6 +2,7 @@ dev
 ====
 
 -   Added more documentation to checks (PR #26)
+-   Fixed check CWE367: use symbols defined in config.json (PR #28)
 
 0.2 (2019-06-25)
 =====
diff --git a/src/checkers/cwe_367.ml b/src/checkers/cwe_367.ml
index fd0f72ada..17bc6dab5 100644
--- a/src/checkers/cwe_367.ml
+++ b/src/checkers/cwe_367.ml
@@ -34,29 +34,34 @@ let is_reachable sub source sink =
   let sink_blk = get_blk_tid_of_tid sub sink_tid in
   Graphlib.Std.Graphlib.is_reachable (module Graphs.Tid) cfg source_blk sink_blk
 
-let handle_sub sub program tid_map _symbols source sink =
-  if (Symbol_utils.sub_calls_symbol program sub source) && (Symbol_utils.sub_calls_symbol program sub sink) then
-    begin
-      let calls = Symbol_utils.get_direct_callsites_of_sub sub in
-      let source_calls = get_calls_to_symbol source calls program in
-      let sink_calls = get_calls_to_symbol sink calls program in
-      Seq.iter source_calls ~f:(fun source_call ->
-          Seq.iter sink_calls ~f:(fun sink_call ->
-                                if is_reachable sub source_call sink_call then
-                                  Log_utils.warn
-                                    "[%s] {%s} (Time-of-check Time-of-use Race Condition) %s is reachable from %s at %s (%s). This could lead to a TOCTOU."
-                                    name
-                                    version
-                                    sink
-                                    source
-                                    (Address_translation.translate_tid_to_assembler_address_string (Term.tid sub) tid_map)
-                                    (Term.name sub)
-                                else
-                                  ()))
+let handle_sub sub program tid_map _symbols source_sink_pair =
+  match source_sink_pair with
+  | [source;sink;] -> begin
+      if (Symbol_utils.sub_calls_symbol program sub source) && (Symbol_utils.sub_calls_symbol program sub sink) then
+        begin
+          let calls = Symbol_utils.get_direct_callsites_of_sub sub in
+          let source_calls = get_calls_to_symbol source calls program in
+          let sink_calls = get_calls_to_symbol sink calls program in
+          Seq.iter source_calls ~f:(fun source_call ->
+              Seq.iter sink_calls ~f:(fun sink_call ->
+                  if is_reachable sub source_call sink_call then
+                    Log_utils.warn
+                      "[%s] {%s} (Time-of-check Time-of-use Race Condition) %s is reachable from %s at %s (%s). This could lead to a TOCTOU."
+                      name
+                      version
+                      sink
+                      source
+                      (Address_translation.translate_tid_to_assembler_address_string (Term.tid sub) tid_map)
+                      (Term.name sub)
+                  else
+                    ()))
+        end
+      else
+        ()
     end
-  else
-    ()
+  | _ -> ()
 
-let check_cwe program _proj tid_map _symbol_pairs _ =
-  let symbols = Symbol_utils.build_symbols ["access"; "open";] in
-  Seq.iter (Term.enum sub_t program) ~f:(fun s -> handle_sub s program tid_map symbols "access" "open")
+let check_cwe program _proj tid_map symbol_pairs _ =
+  List.iter symbol_pairs ~f:(fun current_pair -> 
+  let symbols = Symbol_utils.build_symbols current_pair in
+  Seq.iter (Term.enum sub_t program) ~f:(fun s -> handle_sub s program tid_map symbols current_pair))