From 6593c99ad6b496cba89f3d43be83bc1d1ae99fd4 Mon Sep 17 00:00:00 2001 From: Rog3rSm1th Date: Thu, 27 Jul 2023 17:53:43 +0200 Subject: [PATCH] Implement user defined function call analyzer --- README.md | 1 + sierra/analyzer/__init__.py | 6 ++- .../user_defined_function_call_analyzer.py | 49 +++++++++++++++++++ 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 sierra/analyzer/security/user_defined_function_call_analyzer.py diff --git a/README.md b/README.md index 5206902..8d9356f 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,7 @@ The static analysis is performed using *analyzers* which can be either informati |**Delegate calls detector**|`delegate_call`|Detect delegate calls|Informational|High|Security|❌|✔️| |**Dead code detector**|`dead_code`|Detect dead code|Informational|High|Security|❌|✔️| |**Unused arguments detector**|`unused_arguments`|Detect unused arguments|Informational|High|Security|❌|✔️| +|**User defined function call**|`user_defined`|Detect calls of user defined functions|Informational|High|Security|❌|✔️| #### Run all the analyzers ``` python diff --git a/sierra/analyzer/__init__.py b/sierra/analyzer/__init__.py index 8660ecc..a2b2172 100644 --- a/sierra/analyzer/__init__.py +++ b/sierra/analyzer/__init__.py @@ -1,6 +1,9 @@ from sierra.analyzer.functions.functions_analyzer import FunctionsAnalyzer from sierra.analyzer.security.dead_code_analyzer import DeadCodeAnalyzer from sierra.analyzer.security.delegate_call_analyzer import DelegateCallAnalyzer +from sierra.analyzer.security.user_defined_function_call_analyzer import ( + UserDefinedFunctionCallAnalyzer, +) from sierra.analyzer.security.usused_arguments_analyzer import UnusedArgumentsAnalyzer from sierra.analyzer.statistics.statistics_analyzer import StatisticsAnalyzer from sierra.analyzer.strings.strings_analyzer import StringsAnalyzer @@ -8,11 +11,12 @@ all_analyzers = [ # Security + UserDefinedFunctionCallAnalyzer, DeadCodeAnalyzer, DelegateCallAnalyzer, UnusedArgumentsAnalyzer, # Informational FunctionsAnalyzer, - StringsAnalyzer, StatisticsAnalyzer, + StringsAnalyzer, ] diff --git a/sierra/analyzer/security/user_defined_function_call_analyzer.py b/sierra/analyzer/security/user_defined_function_call_analyzer.py new file mode 100644 index 0000000..c59275e --- /dev/null +++ b/sierra/analyzer/security/user_defined_function_call_analyzer.py @@ -0,0 +1,49 @@ +from sierra.analyzer.abstract_analyzer import ( + AbstractAnalyzer, + CategoryClassification, + ImpactClassification, + PrecisionClassification, +) +from sierra.objects.objects import SierraConditionalBranch, SierraVariableAssignation + + +class UserDefinedFunctionCallAnalyzer(AbstractAnalyzer): + """ + Detect user defined function call + """ + + NAME = "user defined function call" + ARGUMENT = "user_defined" + HELP = "Find user defined function calls" + IMPACT: ImpactClassification = ImpactClassification.MEDIUM + PRECISION: PrecisionClassification = PrecisionClassification.MEDIUM + CATEGORY: CategoryClassification = CategoryClassification.OPTIMIZATION + + def _detect(self) -> bool: + for f in self.program.functions: + statements = f.statements + + for statement in statements: + if isinstance(statement, SierraVariableAssignation): + libfunc_call = statement.function.id + elif isinstance(statement, SierraConditionalBranch): + libfunc_call = statement.function + else: + continue + + # user defined function + if libfunc_call.startswith("function_call"): + # Core functions + if libfunc_call.startswith("function_call wrapper + function_name = libfunc_call[19:-1] + + self.detected = True + self.result.append( + "User defined function %s called in %s" + % (function_name.split("::")[-1], f.id.split("::")[-1]) + ) + + return self.detected