chains-project / GoSurf

Static analyzer to find locations to hide malicious code in Go
2 stars 1 forks source link

globalvar: ast approach #11

Closed vivi365 closed 4 months ago

vivi365 commented 4 months ago

Global variable parser using ast approach.

Seems to catch all correct POC cases:

[
  {
    "PackageName": "mylib",
    "Type": "global",
    "FilePath": "attack_vectors/init_time/global_init/mylib/mylib.go",
    "LineNumber": 15,
    "MethodInvoked": "normal_func()",
    "VariableName": "global_var1"
  },
  {
    "Type": "global",
    "FilePath": "attack_vectors/init_time/global_init/mylib/mylib.go",
    "LineNumber": 26,
    "MethodInvoked": "anonym func",
    "VariableName": "global_var2"
  },
  {
    "Type": "global",
    "FilePath": "attack_vectors/init_time/global_init/mylib/mylib.go",
    "LineNumber": 35,
    "MethodInvoked": "anonym func",
    "VariableName": "global_var3"
  },
  {
    "Type": "global",
    "FilePath": "attack_vectors/init_time/global_init/mylib/mylib.go",
    "LineNumber": 44,
    "MethodInvoked": "anonym func",
    "VariableName": "global_var4"
  }
]
vivi365 commented 4 months ago

Note: Running old version and new on geth gives different results.

Regex version: [I1] Global Variable Initialization: 6 (main at 34bf1292) AST version: [I1] Global Variable Initialization: 65

vivi365 commented 4 months ago

These are all I2 reports with AST analyzer (geth v1.14.5)

[
  {
    "PackageName": "abi",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/accounts/abi/abi_test.go",
    "LineNumber": 65,
    "MethodInvoked": "NewType()",
    "VariableName": "Uint256"
  },
  {
    "PackageName": "keystore",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/accounts/keystore/keystore_test.go",
    "LineNumber": 36,
    "MethodInvoked": "make()",
    "VariableName": "testSigData"
  },
  {
    "PackageName": "scwallet",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/accounts/scwallet/wallet.go",
    "LineNumber": 96,
    "MethodInvoked": "uint8()",
    "VariableName": "P1DeriveKeyFromMaster"
  },
  {
    "PackageName": "blsync",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/beacon/blsync/block_sync_test.go",
    "LineNumber": 30,
    "MethodInvoked": "testServer()",
    "VariableName": "testServer1"
  },
  {
    "PackageName": "engine",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/beacon/engine/errors.go",
    "LineNumber": 52,
    "MethodInvoked": "new()",
    "VariableName": "_"
  },
  {
    "PackageName": "light",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/beacon/light/committee_chain_test.go",
    "LineNumber": 30,
    "MethodInvoked": "newTestGenesis()",
    "VariableName": "testGenesis"
  },
  {
    "PackageName": "sync",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/beacon/light/sync/head_sync_test.go",
    "LineNumber": 27,
    "MethodInvoked": "testServer()",
    "VariableName": "testServer1"
  },
  {
    "PackageName": "bitutil",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/common/bitutil/bitutil.go",
    "LineNumber": 15,
    "MethodInvoked": "int()",
    "VariableName": "wordSize"
  },
  {
    "PackageName": "math",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/common/math/big.go",
    "LineNumber": 26,
    "MethodInvoked": "BigPow()",
    "VariableName": "tt255"
  },
  {
    "PackageName": "mclock",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/common/mclock/simclock_test.go",
    "LineNumber": 25,
    "MethodInvoked": "new()",
    "VariableName": "_"
  },
  {
    "PackageName": "clique",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/consensus/clique/clique.go",
    "LineNumber": 58,
    "MethodInvoked": "uint64()",
    "VariableName": "epochLength"
  },
  {
    "PackageName": "prompt",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/console/prompt/prompter.go",
    "LineNumber": 28,
    "MethodInvoked": "newTerminalPrompter()",
    "VariableName": "Stdin"
  },
  {
    "PackageName": "core",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/bench_test.go",
    "LineNumber": 104,
    "MethodInvoked": "make()",
    "VariableName": "ringKeys"
  },
  {
    "PackageName": "core",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/sender_cacher.go",
    "LineNumber": 26,
    "MethodInvoked": "newTxSenderCacher()",
    "VariableName": "SenderCacher"
  },
  {
    "PackageName": "rawdb",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/rawdb/accessors_sync.go",
    "LineNumber": 80,
    "MethodInvoked": "uint8()",
    "VariableName": "StateSyncUnknown"
  },
  {
    "PackageName": "state",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/state/access_events.go",
    "LineNumber": 35,
    "MethodInvoked": "mode()",
    "VariableName": "AccessWitnessReadFlag"
  },
  {
    "PackageName": "snapshot",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/state/snapshot/difflayer.go",
    "LineNumber": 35,
    "MethodInvoked": "uint64()",
    "VariableName": "aggregatorMemoryLimit"
  },
  {
    "PackageName": "blobpool",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/txpool/blobpool/blobpool_test.go",
    "LineNumber": 51,
    "MethodInvoked": "new()",
    "VariableName": "emptyBlob"
  },
  {
    "PackageName": "types",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/types/receipt.go",
    "LineNumber": 43,
    "MethodInvoked": "uint64()",
    "VariableName": "ReceiptStatusFailed"
  },
  {
    "PackageName": "types",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/types/tx_blob_test.go",
    "LineNumber": 61,
    "MethodInvoked": "new()",
    "VariableName": "emptyBlob"
  },
  {
    "PackageName": "vm",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/vm/analysis.go",
    "LineNumber": 19,
    "MethodInvoked": "uint16()",
    "VariableName": "set2BitsMask"
  },
  {
    "PackageName": "vm",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/vm/gas_table.go",
    "LineNumber": 91,
    "MethodInvoked": "memoryCopierGas()",
    "VariableName": "gasCallDataCopy"
  },
  {
    "PackageName": "vm",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/vm/jump_table.go",
    "LineNumber": 47,
    "MethodInvoked": "newFrontierInstructionSet()",
    "VariableName": "frontierInstructionSet"
  },
  {
    "PackageName": "vm",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/vm/operations_acl.go",
    "LineNumber": 200,
    "MethodInvoked": "makeCallVariantGasCallEIP2929()",
    "VariableName": "gasCallEIP2929"
  },
  {
    "PackageName": "vm",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/core/vm/operations_verkle.go",
    "LineNumber": 92,
    "MethodInvoked": "makeCallVariantGasEIP4762()",
    "VariableName": "gasCallEIP4762"
  },
  {
    "PackageName": "specifically",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/crypto/bn256/cloudflare/constants.go",
    "LineNumber": 17,
    "MethodInvoked": "bigFromBase10()",
    "VariableName": "u"
  },
  {
    "PackageName": "specifically",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/crypto/bn256/cloudflare/constants.go",
    "LineNumber": 23,
    "MethodInvoked": "bigFromBase10()",
    "VariableName": "Order"
  },
  {
    "PackageName": "specifically",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/crypto/bn256/cloudflare/constants.go",
    "LineNumber": 26,
    "MethodInvoked": "bigFromBase10()",
    "VariableName": "P"
  },
  {
    "PackageName": "specifically",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/crypto/bn256/cloudflare/curve.go",
    "LineNumber": 13,
    "MethodInvoked": "newGFp()",
    "VariableName": "curveB"
  },
  {
    "PackageName": "specifically",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/crypto/bn256/google/constants.go",
    "LineNumber": 17,
    "MethodInvoked": "bigFromBase10()",
    "VariableName": "u"
  },
  {
    "PackageName": "specifically",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/crypto/bn256/google/constants.go",
    "LineNumber": 20,
    "MethodInvoked": "bigFromBase10()",
    "VariableName": "P"
  },
  {
    "PackageName": "specifically",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/crypto/bn256/google/constants.go",
    "LineNumber": 26,
    "MethodInvoked": "bigFromBase10()",
    "VariableName": "Order"
  },
  {
    "PackageName": "specifically",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/crypto/bn256/google/constants.go",
    "LineNumber": 38,
    "MethodInvoked": "bigFromBase10()",
    "VariableName": "xiToPSquaredMinus1Over3"
  },
  {
    "PackageName": "specifically",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/crypto/bn256/google/constants.go",
    "LineNumber": 41,
    "MethodInvoked": "bigFromBase10()",
    "VariableName": "xiTo2PSquaredMinus2Over3"
  },
  {
    "PackageName": "specifically",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/crypto/bn256/google/constants.go",
    "LineNumber": 44,
    "MethodInvoked": "bigFromBase10()",
    "VariableName": "xiToPSquaredMinus1Over6"
  },
  {
    "PackageName": "secp256k1",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/crypto/secp256k1/curve.go",
    "LineNumber": 280,
    "MethodInvoked": "new()",
    "VariableName": "theCurve"
  },
  {
    "PackageName": "downloader",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/eth/downloader/queue.go",
    "LineNumber": 38,
    "MethodInvoked": "uint()",
    "VariableName": "bodyType"
  },
  {
    "PackageName": "downloader",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/eth/downloader/testchain_test.go",
    "LineNumber": 189,
    "MethodInvoked": "make()",
    "VariableName": "testBlockchains"
  },
  {
    "PackageName": "js",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/eth/tracers/js/goja.go",
    "LineNumber": 40,
    "MethodInvoked": "make()",
    "VariableName": "assetTracers"
  },
  {
    "PackageName": "is",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/internal/debug/api.go",
    "LineNumber": 43,
    "MethodInvoked": "new()",
    "VariableName": "Handler"
  },
  {
    "PackageName": "reexec",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/internal/reexec/reexec.go",
    "LineNumber": 17,
    "MethodInvoked": "make()",
    "VariableName": "registeredInitializers"
  },
  {
    "PackageName": "testrand",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/internal/testrand/rand.go",
    "LineNumber": 29,
    "MethodInvoked": "initRand()",
    "VariableName": "prng"
  },
  {
    "PackageName": "metrics",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/metrics/registry.go",
    "LineNumber": 328,
    "MethodInvoked": "NewRegistry()",
    "VariableName": "DefaultRegistry"
  },
  {
    "PackageName": "discover",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/p2p/discover/v4_udp_test.go",
    "LineNumber": 43,
    "MethodInvoked": "uint64()",
    "VariableName": "futureExp"
  },
  {
    "PackageName": "v4wire",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/p2p/discover/v4wire/v4wire.go",
    "LineNumber": 209,
    "MethodInvoked": "make()",
    "VariableName": "headSpace"
  },
  {
    "PackageName": "enode",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/p2p/enode/nodedb_test.go",
    "LineNumber": 30,
    "MethodInvoked": "HexID()",
    "VariableName": "keytestID"
  },
  {
    "PackageName": "enr",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/p2p/enr/entries.go",
    "LineNumber": 83,
    "MethodInvoked": "ID()",
    "VariableName": "IDv4"
  },
  {
    "PackageName": "rlpx",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/p2p/rlpx/buffer.go",
    "LineNumber": 105,
    "MethodInvoked": "int()",
    "VariableName": "maxUint24"
  },
  {
    "PackageName": "simulations",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/p2p/simulations/http.go",
    "LineNumber": 44,
    "MethodInvoked": "NewClient()",
    "VariableName": "DefaultClient"
  },
  {
    "PackageName": "adapters",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/p2p/simulations/adapters/types.go",
    "LineNumber": 277,
    "MethodInvoked": "make()",
    "VariableName": "lifecycleConstructorFuncs"
  },
  {
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/params/version.go",
    "LineNumber": 31,
    "MethodInvoked": "anonym func",
    "VariableName": "Version"
  },
  {
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/params/version.go",
    "LineNumber": 36,
    "MethodInvoked": "anonym func",
    "VariableName": "VersionWithMeta"
  },
  {
    "PackageName": "rlp",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/rlp/encode_test.go",
    "LineNumber": 79,
    "MethodInvoked": "Encoder()",
    "VariableName": "_"
  },
  {
    "PackageName": "rlp",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/rlp/typecache.go",
    "LineNumber": 48,
    "MethodInvoked": "newTypeCache()",
    "VariableName": "theTC"
  },
  {
    "PackageName": "rpc",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/rpc/errors.go",
    "LineNumber": 50,
    "MethodInvoked": "new()",
    "VariableName": "_"
  },
  {
    "PackageName": "rpc",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/rpc/ipc_unix.go",
    "LineNumber": 33,
    "MethodInvoked": "len()",
    "VariableName": "maxPathSize"
  },
  {
    "PackageName": "rpc",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/rpc/subscription.go",
    "LineNumber": 50,
    "MethodInvoked": "randomIDGenerator()",
    "VariableName": "globalGen"
  },
  {
    "PackageName": "rpc",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/rpc/types.go",
    "LineNumber": 65,
    "MethodInvoked": "BlockNumber()",
    "VariableName": "SafeBlockNumber"
  },
  {
    "PackageName": "rpc",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/rpc/websocket.go",
    "LineNumber": 44,
    "MethodInvoked": "new()",
    "VariableName": "wsBufferPool"
  },
  {
    "PackageName": "bls",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/tests/fuzzers/bls12381/precompile_fuzzer.go",
    "LineNumber": 27,
    "MethodInvoked": "byte()",
    "VariableName": "blsG1Add"
  },
  {
    "PackageName": "trie",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/trie/node.go",
    "LineNumber": 52,
    "MethodInvoked": "valueNode()",
    "VariableName": "nilValueNode"
  },
  {
    "PackageName": "trie",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/trie/node.go",
    "LineNumber": 207,
    "MethodInvoked": "len()",
    "VariableName": "hashLen"
  },
  {
    "PackageName": "trie",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/trie/proof_test.go",
    "LineNumber": 36,
    "MethodInvoked": "initRnd()",
    "VariableName": "prng"
  },
  {
    "PackageName": "trie",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/trie/verkle.go",
    "LineNumber": 278,
    "MethodInvoked": "byte()",
    "VariableName": "PUSH1"
  },
  {
    "PackageName": "hashdb",
    "Type": "global",
    "FilePath": "/Users/viviandersson/go-ethereum/triedb/hashdb/database.go",
    "LineNumber": 121,
    "MethodInvoked": "int()",
    "VariableName": "cachedNodeSize"
  }
]