Skip to content

Commit a647536

Browse files
Update rule metadata (#1226)
1 parent eefcf96 commit a647536

File tree

13 files changed

+602
-121
lines changed

13 files changed

+602
-121
lines changed

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S2115.json

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -33,16 +33,8 @@
3333
"6.2.4"
3434
],
3535
"ASVS 4.0": [
36-
"2.1.1",
37-
"2.1.11",
38-
"2.1.12",
39-
"2.1.2",
40-
"2.1.3",
41-
"2.1.4",
42-
"2.1.7",
43-
"2.1.8",
44-
"2.1.9",
45-
"2.10.3"
36+
"9.2.2",
37+
"9.2.3"
4638
]
4739
},
4840
"quickfix": "unknown"

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4426.json

Lines changed: 1 addition & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -35,14 +35,7 @@
3535
"A2"
3636
],
3737
"ASVS 4.0": [
38-
"2.8.3",
39-
"6.2.3",
40-
"6.2.4",
41-
"6.2.5",
42-
"6.2.6",
43-
"6.2.7",
44-
"9.1.2",
45-
"9.1.3"
38+
"6.2.3"
4639
]
4740
},
4841
"quickfix": "unknown"

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4433.json

Lines changed: 2 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -31,16 +31,8 @@
3131
"6.2.4"
3232
],
3333
"ASVS 4.0": [
34-
"2.1.1",
35-
"2.1.11",
36-
"2.1.12",
37-
"2.1.2",
38-
"2.1.3",
39-
"2.1.4",
40-
"2.1.7",
41-
"2.1.8",
42-
"2.1.9",
43-
"2.10.3"
34+
"9.2.2",
35+
"9.2.3"
4436
]
4537
},
4638
"quickfix": "unknown"

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4792.json

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -34,10 +34,7 @@
3434
],
3535
"ASVS 4.0": [
3636
"7.1.1",
37-
"7.1.2",
38-
"7.3.1",
39-
"7.3.2",
40-
"8.3.5"
37+
"7.1.2"
4138
]
4239
}
4340
}
Lines changed: 40 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,57 @@
1-
<p>Signalling processes is security-sensitive. It has led in the past to the following vulnerabilities:</p>
2-
<ul>
3-
<li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0390">CVE-2009-0390</a> </li>
4-
<li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0839">CVE-2002-0839</a> </li>
5-
<li> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671">CVE-2008-1671</a> </li>
6-
</ul>
7-
<p>Sending signals without checking properly which process will receive it can cause a denial of service.</p>
1+
<p>Signaling processes or process groups can seriously affect the stability of this application or other applications on the same system.</p>
2+
<p>Accidentally setting an incorrect <code>PID</code> or <code>signal</code> or allowing untrusted sources to assign arbitrary values to these
3+
parameters may result in a denial of service.</p>
4+
<p>Also, the system treats the signal differently if the destination <code>PID</code> is less than or equal to 0. This different behavior may affect
5+
multiple processes with the same (E)UID simultaneously if the call is left uncontrolled.</p>
86
<h2>Ask Yourself Whether</h2>
97
<ul>
10-
<li> the PID of the process to which the signal will be sent is coming from an untrusted source. It could for example come from a world-writable
11-
file. </li>
12-
<li> users who are asking for the signal to be sent might not have the permission to send those signals. </li>
8+
<li> The parameters <code>pid</code> and <code>sig</code> are untrusted (they come from an external source). </li>
9+
<li> This function is triggered by non-administrators. </li>
10+
<li> Signal handlers on the target processes stop important functions. </li>
1311
</ul>
1412
<p>There is a risk if you answered yes to any of those questions.</p>
1513
<h2>Recommended Secure Coding Practices</h2>
1614
<ul>
17-
<li> If the signal is sent because of a user’s request. Check that the user is allowed to send this signal. You can for example forbid it if the
18-
user doesn’t own the process. </li>
19-
<li> Secure the source from which the process PID is read. </li>
20-
<li> Run the process sending the signals with minimal permissions. </li>
15+
<li> For stateful applications with user management, ensure that only administrators trigger this code. </li>
16+
<li> Verify that the <code>pid</code> and <code>sig</code> parameters are correct before using them. </li>
17+
<li> Ensure that the process sending the signals runs with as few OS privileges as possible. </li>
18+
<li> Isolate the process on the system based on its (E)UID. </li>
19+
<li> Ensure that the signal does not interrupt any essential functions when intercepted by a target’s signal handlers. </li>
2120
</ul>
2221
<h2>Sensitive Code Example</h2>
2322
<pre>
2423
import os
2524

26-
def send_signal(pid, sig, pgid):
27-
os.kill(pid, sig) # Sensitive
28-
os.killpg(pgid, sig) # Sensitive
25+
@app.route("/kill-pid/&lt;pid&gt;")
26+
def send_signal(pid):
27+
os.kill(pid, 9) # Sensitive
28+
29+
@app.route("/kill-pgid/&lt;pgid&gt;")
30+
def send_signal(pgid):
31+
os.killpg(pgid, 9) # Sensitive
32+
</pre>
33+
<h2>Compliant Solution</h2>
34+
<pre>
35+
import os
36+
37+
@app.route("/kill-pid/&lt;pid&gt;")
38+
def send_signal(pid):
39+
# Validate the untrusted PID,
40+
# With a pre-approved list or authorization checks
41+
if is_valid_pid(pid):
42+
os.kill(pid, 9)
43+
44+
@app.route("/kill-pgid/&lt;pgid&gt;")
45+
def send_signal(pgid):
46+
# Validate the untrusted PGID,
47+
# With a pre-approved list or authorization checks
48+
if is_valid_pgid(pgid):
49+
os.kill(pgid, 9)
2950
</pre>
3051
<h2>See</h2>
3152
<ul>
3253
<li> <a href="https://cwe.mitre.org/data/definitions/283">MITRE, CWE-283</a> - Unverified Ownership </li>
54+
<li> <a href="https://man7.org/linux/man-pages/man1/kill.1.html">kill(1) — Linux manual page</a> </li>
55+
<li> <a href="https://man7.org/linux/man-pages/man2/kill.2.html">kill(2) — Linux manual page</a> </li>
3356
</ul>
3457

python-checks/src/main/resources/org/sonar/l10n/py/rules/python/S4828.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
{
2-
"title": "Signalling processes is security-sensitive",
2+
"title": "Signaling processes is security-sensitive",
33
"type": "SECURITY_HOTSPOT",
44
"status": "ready",
55
"tags": [

0 commit comments

Comments
 (0)