Reasons for failing to find target api using codeql

本文原载于我的博客 http://www.hupeiwei.com


As a new practical tool to search bugs in target programs, codeql is more and more popular among software security researchers. A crucial step using codeql is to find target api, then you can define your own violation check. However, due to many possible factors, users may fail to find target api. Here I present a simple guide to find reasons.we assume the target api is tgt_api() in code.c.

step 1. check whether object file exists

First of all, we need to figure out if code.c is compiled or not. Under linux, the object file of code.c can be code.o. So run find ./ -name code.o in program root directory. If it does not exist, you need to think about compile course. The reasons may lead to fail to output object files can be found in my another blog post. If code.o does exist, do next step.

step 2. find target api in source file and check conditional compilation around it

If situation appears like this:

#ifdef HAVE_SQLITE3
tgt_api()
#endif

it’s not surprised that when you don’t hit HAVE_SQLITE3, you can not find target api using codeql query. If you are pretty sure that target api is not surrounded by conditional compilation statements (sometimes they are far from target api) , do next step.

step 3. check api defination and make sure you are using proper query sentence

Sometimes, especially using three-party library such as openssl, your target api is not a function call while it seems like. See this:

 #define tgt_api(x) x*x

If you are not familiar with tgt_api, maybe query sentence is written like:

from FunctionCall fc
where fc.getTarget().hasQualifiedName("tgt_api")
select fc.getLocation()

You can not find tgt_api by aforementioned one, use this instead:

from MacroInvocation mi
where mi.getMacroName() = "tgt_api"
select mi.getLocation()

Hope my tips can give you some inspiration!

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值