search

BinaryAnalysisPlatform / bap-toolkit

A collection of ready to use binary analysis tools
MIT License
55 stars 14 forks source link

Use of hardcoded credentials #16

Open anzosasuke opened 1 year ago

anzosasuke commented 1 year ago

I was using BAP tool kit primus checks on Juliet test suite CWE259(child of hard-coded credentials CWE 798) to detect hardcoded passwords, but somehow it didn't detect any. Hard-coded credentials should've also accounted for hard-coded passwords, could you share some insights on why it was unsuccessful? any thoughts would be greatly appreciated. Thanks

anzosasuke commented 12 months ago

I really need to know about this. Could you share any insights or answers? @ivg

ivg commented 12 months ago

The rule policy for check-hardcoded-values only checks for hardcoded socket addresses. There's no currently any provision for passwords. 

(defun check-hardcoded-socket-address (sockaddr-ptr)
  (when (points-to-static-data sockaddr-ptr 16)
    (incident-report 'hardcoded-socket-address (incident-location))))

(defmethod call (name fd addr)
  (when (is-in name 'accept 'bind 'connect)
    (check-hardcoded-socket-address addr)))

(defmethod call (name fd buf size flags addr len)
  (when (is-in name 'sendto 'recvfrom)
    (check-hardcoded-socket-address addr)))