IO.TAINT.ADDR : 汚染されたネットワークアドレス

汚染された可能性のあるネットワークアドレスが使用されています。

プロパティ

クラス名

Tainted Network Address

日本語クラス名

汚染されたネットワークアドレス

クラス分類

セキュリティ (security)

ニーモニック

IO.TAINT.ADDR

カテゴリー

MisraC2023	MisraC2023:D.4.14	The validity of values received from external sources shall be checked
Misra2012	Misra2012:D.4.14	The validity of values received from external sources shall be checked
AUTOSARC++14	AUTOSARC++14:A27-0-1	Inputs from independent components shall be validated.
CWE	CWE:99	Improper Control of Resource Identifiers ('Resource Injection')
	CWE:610	Externally Controlled Reference to a Resource in Another Sphere
	CWE:641	Improper Restriction of Names for Files and Other Resources
CERT-C	CERT-C:INT04-C	Enforce limits on integer values originating from tainted sources
DISA-6r1	DISA-6r1:V-222606	The application must validate all input.
	DISA-6r1:V-222609	The application must not be subject to input handling vulnerabilities.
DISA-5r3	DISA-5r3:V-70265	The application must validate all input.
	DISA-5r3:V-70271	The application must not be subject to input handling vulnerabilities.
DISA-4r3	DISA-4r3:V-70265	The application must validate all input.
	DISA-4r3:V-70271	The application must not be subject to input handling vulnerabilities.
DISA-3r10	DISA-3r10:V-6157	The designer will ensure the application does not contain invalid URL or path references.
	DISA-3r10:V-6164	The designer will ensure the application validates all input.

対応言語

C および C++ で利用可能です。

有効/無効設定

このワーニングクラスのチェックはデフォルトで無効になっています。チェックを有効にするにはプロジェクト設定ファイル（configuration file）に以下の WARNING_FILTER ルールを追加してください。

WARNING_FILTER += allow class="Tainted Network Address"

例

#include <sys/socket.h>
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int use_specified_socket(FILE *f){
    int status;
    int socketfd;
    char hostname[256];
    struct addrinfo *res;

    if (fgets(hostname, 256, f) == NULL ) return -1;

    status = getaddrinfo(hostname, "80", NULL, &res);
    if (status != 0) {return status;}

    socketfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);

    if (socketfd == -1) {freeaddrinfo(res); return -1;}
    status = connect(socketfd,   /* 'Tainted Network Address' warning issued here
                                  * when TAINT_MAX_EXPRESSION_COMPLEXITY setting is sufficiently high
                                  * e.g. TAINT_MAX_EXPRESSION_COMPLEXITY=80
                                  * ('Tainted Buffer Access' warning also issued when enabled)
                                  */
                     res->ai_addr,
                     res->ai_addrlen);
    freeaddrinfo(res);
    if (status < 0) {close(socketfd);return status;}
    /* ...remainder of function */
    return close(socketfd);
}

ワーニングを引き起こす関数

CodeSonar ships with library models that allow it to functions such as libc bind() that take a network address parameter. If one of these functions is called with a potentially-tainted value in the network address parameter position, a warning will be issued.

If you have created a custom library model for some function f() in terms of one of these existing models, calls to f() will also be capable of triggering Tainted Network Address warnings.

関連のある設定ファイルパラメータ

設定ファイルの以下のパラメータがこのワーニングクラスのチェックに影響します。