From patchwork Wed Aug 12 23:35:04 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mohammed Billoo <mab@mab-labs.com>
X-Patchwork-Id: 11711447
Return-Path: 
 <SRS0=0xXE=BW=lists.elisa.tech=bounce+72012+3+4688437+8417402@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B1E4B16B1
	for <patchwork-linux-safety@patchwork.kernel.org>;
 Wed, 12 Aug 2020 23:35:25 +0000 (UTC)
Received: from web01.groups.io (web01.groups.io [66.175.222.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 2869C2053B
	for <patchwork-linux-safety@patchwork.kernel.org>;
 Wed, 12 Aug 2020 23:35:24 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=lists.elisa.tech header.i=@lists.elisa.tech
 header.b="RoC0m5Ca"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2869C2053B
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=mab-labs.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=bounce+72012+3+4688437+8417402@lists.elisa.tech
X-Received: by 127.0.0.2 with SMTP id MRhYYY4689772xxqtFDsh55Y;
 Wed, 12 Aug 2020 16:35:24 -0700
X-Received: from mail-qt1-f196.google.com (mail-qt1-f196.google.com
 [209.85.160.196])
 by mx.groups.io with SMTP id smtpd.web11.591.1597275323116676502
 for <linux-safety@lists.elisa.tech>;
 Wed, 12 Aug 2020 16:35:23 -0700
X-Received: by mail-qt1-f196.google.com with SMTP id c12so2968265qtn.9
        for <linux-safety@lists.elisa.tech>;
 Wed, 12 Aug 2020 16:35:23 -0700 (PDT)
X-Gm-Message-State: ms5g3eYDUnhsrfVGsr4JXvYsx4688437AA=
X-Google-Smtp-Source: 
 ABdhPJyqrQcI6AHPqOEumjZ6DtAWWbRPpfcMHUtql6elcZZ8e/VScrD475LKv0Kw+PeK5y2d4btirw==
X-Received: by 2002:ac8:4e4a:: with SMTP id e10mr2260296qtw.315.1597275321971;
        Wed, 12 Aug 2020 16:35:21 -0700 (PDT)
X-Received: from localhost.localdomain (ool-45752a48.dyn.optonline.net.
 [69.117.42.72])
        by smtp.googlemail.com with ESMTPSA id
 d8sm4373545qtr.12.2020.08.12.16.35.21
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Aug 2020 16:35:21 -0700 (PDT)
From: "Mohammed Billoo" <mab@mab-labs.com>
To: linux-safety@lists.elisa.tech
Cc: Mohammed Billoo <mab@mab-labs.com>
Subject: [linux-safety] [PATCH] coccinelle: misc: Check for hard-coded
 constants
Date: Wed, 12 Aug 2020 19:35:04 -0400
Message-Id: <20200812233504.31666-1-mab@mab-labs.com>
Precedence: Bulk
List-Unsubscribe: <https://lists.elisa.tech/g/linux-safety/unsub>
Sender: linux-safety@lists.elisa.tech
List-Id: <linux-safety.lists.elisa.tech>
Mailing-List: list linux-safety@lists.elisa.tech;
 contact linux-safety+owner@lists.elisa.tech
Delivered-To: mailing list linux-safety@lists.elisa.tech
List-Post: <mailto:linux-safety@lists.elisa.tech>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=lists.elisa.tech; q=dns/txt; s=20140610; t=1597275324;
 bh=ZKj5IJ/xEKNHBXijsnOERaKqrfrpDCaTxIvKFs7BLfU=;
 h=Cc:Date:From:Subject:To;
 b=RoC0m5CamZQsuKlu+3J9dysHT4w/3o6QbR3C+jPdMOIn6R3GT0ILnspCctoWi1FxkBa
 Lor06gx5f/0TpNpus9VQm4DY8PDv3awm/mCcomWzHvvJ+I2f+ZWlLpxNH03USfiIcHl5w
 XXNPaOdgaIIDcbdJN+ODXJZvjVTzssP/rmg=

This semantic patch looks for variables that are initialized to
constants, arrays that are both declared and indexed with constants.
A false positive will occur  when a variable is initialized to 0, which
must happen for auto variables. This will be resolved in a future patch.

The patch was tested against the following snippet:

int main()
{
    int iarr[54]; /* instance 1 */
    int j = 0;    /* instance 2 */
    int i = 1;    /* instance 3 */
    iarr[0] = 3;  /* instance 4 */
    return 0;
}

and it correctly identified instances 1, 3, and 4. It incorrectly
identified instance 2, which will be addressed in a future patch.
---
 scripts/coccinelle/misc/magic_numbers.cocci | 45 +++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 scripts/coccinelle/misc/magic_numbers.cocci

diff --git a/scripts/coccinelle/misc/magic_numbers.cocci b/scripts/coccinelle/misc/magic_numbers.cocci
new file mode 100644
index 000000000000..be6df33d28e4
--- /dev/null
+++ b/scripts/coccinelle/misc/magic_numbers.cocci
@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/// Capture and instances of CWE-547 (https://cwe.mitre.org/data/definitions/547.html)
+///
+//# This attempts to capture instances of magic numbers and report them
+
+virtual report
+
+@r1 depends on report@
+type T;
+constant C;
+identifier var;
+position p;
+@@
+* T var@p = C;
+
+@script:python depends on report@
+p << r1.p;
+@@
+coccilib.report.print_report(p[0], "Hard-coded constant, consider using #define")
+
+@r2 depends on report@
+type T;
+identifier var;
+constant C;
+position p;
+@@
+* T var[C];
+
+@script:python depends on report@
+p << r2.p;
+@@
+coccilib.report.print_report(p[0], "Hard-coded constant, consider using #define")
+
+@r3 depends on report@
+type T;
+constant C;
+position p;
+T[] E;
+@@
+* E[C]@p = ... ;
+
+@script:python depends on report@
+p << r3.p;
+@@
+coccilib.report.print_report(p[0], "Hard-coded constant, consider using #define")