CWE78_OS_Command_Injection

[ch4rli3kop]

os command injection

todo

• [x] taint analysis: How to taint analysis with BNILVisitor?
• [x] middle case: Inner-procedure taint analysis
• [ ] hard case: Inter-procedure taint analysis
• [ ] realworld target: Use this snippet to find 1-day vulnerability

[gnbon]

cwe78: Add easy case(pattern match) & middle case(taint analysis): https://github.com/ssl3rd-svd/binja-snippets/pull/13

result [File]: 
good: 21/38     missed: 17/38   false positive: 0/38
result [Vulnerabilities]: 
good: 21/38     missed: 17/38   false positive: 0/38

[gnbon]

cwe78: implement inner-procedure case cwe23에서 사용하는 로직을 동일하게 재사용하였습니다.

c : 228 cpp : 60
result [File]: 
detect: 120/228 (good: 120|false positive: 0)   missed: 108/228

추가적으로 기존 visitor 디버깅 과정에서 다음과 같이 exception을 출력하도록 해봤는데,

     try:
        ...
    except Exception as e:
        print(e)
        print(type(e))

아래와 같은 에러가 지속적으로 발생하는 것을 확인하여 수정 중입니다.

CWE78_OS_Command_Injection__char_console_system_45.out is running... 
<class 'AttributeError'>
'MediumLevelILConstPtr' object has no attribute 'src'