From patchwork Wed Aug 12 23:41:29 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Mohammed Billoo <mab@mab-labs.com>
X-Patchwork-Id: 11711449
Return-Path: 
 <SRS0=6/Xi=BW=lists.elisa.tech=bounce+72012+4+4688437+8417402@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E8AC2913
	for <patchwork-linux-safety@patchwork.kernel.org>;
 Wed, 12 Aug 2020 23:41:49 +0000 (UTC)
Received: from web01.groups.io (web01.groups.io [66.175.222.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 7721620771
	for <patchwork-linux-safety@patchwork.kernel.org>;
 Wed, 12 Aug 2020 23:41:49 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=lists.elisa.tech header.i=@lists.elisa.tech
 header.b="m/Vdj05d"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7721620771
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=mab-labs.com
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=bounce+72012+4+4688437+8417402@lists.elisa.tech
X-Received: by 127.0.0.2 with SMTP id rJA3YY4689772xaIGPt2WpGu;
 Wed, 12 Aug 2020 16:41:49 -0700
X-Received: from mail-qt1-f195.google.com (mail-qt1-f195.google.com
 [209.85.160.195])
 by mx.groups.io with SMTP id smtpd.web12.728.1597275708014193127
 for <linux-safety@lists.elisa.tech>;
 Wed, 12 Aug 2020 16:41:48 -0700
X-Received: by mail-qt1-f195.google.com with SMTP id o22so2965457qtt.13
        for <linux-safety@lists.elisa.tech>;
 Wed, 12 Aug 2020 16:41:47 -0700 (PDT)
X-Gm-Message-State: PpwL6W4OVZh4zuJ8xIVgUS1Fx4688437AA=
X-Google-Smtp-Source: 
 ABdhPJxdumkiO/Z1ypIGxdi4i8fN9WEhCLgDAAHrLXIGCh5csNi7iRFojGMKB0aMwCntkC4hd9AwyA==
X-Received: by 2002:ac8:65d3:: with SMTP id t19mr2347552qto.193.1597275706986;
        Wed, 12 Aug 2020 16:41:46 -0700 (PDT)
X-Received: from localhost.localdomain (ool-45752a48.dyn.optonline.net.
 [69.117.42.72])
        by smtp.googlemail.com with ESMTPSA id
 c42sm5008868qte.5.2020.08.12.16.41.46
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 12 Aug 2020 16:41:46 -0700 (PDT)
From: "Mohammed Billoo" <mab@mab-labs.com>
To: linux-safety@lists.elisa.tech
Cc: Mohammed Billoo <mab@mab-labs.com>
Subject: [linux-safety] [PATCH] coccinelle: misc: Check for hard-coded
 constants
Date: Wed, 12 Aug 2020 19:41:29 -0400
Message-Id: <20200812234129.32109-1-mab@mab-labs.com>
Precedence: Bulk
List-Unsubscribe: <https://lists.elisa.tech/g/linux-safety/unsub>
Sender: linux-safety@lists.elisa.tech
List-Id: <linux-safety.lists.elisa.tech>
Mailing-List: list linux-safety@lists.elisa.tech;
 contact linux-safety+owner@lists.elisa.tech
Delivered-To: mailing list linux-safety@lists.elisa.tech
List-Post: <mailto:linux-safety@lists.elisa.tech>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
 d=lists.elisa.tech; q=dns/txt; s=20140610; t=1597275709;
 bh=NiYRPgv8ZanjCExbDSCJQunkFDqgk7Q5xJ//R7e/j18=;
 h=Cc:Date:From:Subject:To;
 b=m/Vdj05dXvIJwmsMjJI+ZW5OkMtZN8ot2wN312V0HB8Ihd0eAUGMdCoRleDBz9IvNpc
 BdYrnrov0Wi2/LdZVWWqY/6nVcg4dawtAe++54ArGN3r77Fp42fQh/UelOrVsoYWSF42u
 4jPksFDDQ29omek80qcYl/Jcfh439QvSbh0=

This semantic patch looks for variables that are initialized to
constants, arrays that are both declared and indexed with constants.
A false positive will occur  when a variable is initialized to 0, which
must happen for auto variables. This will be resolved in a future patch.

The patch was tested against the following snippet:

int main()
{
    int iarr[54]; /* instance 1 */
    int j = 0;    /* instance 2 */
    int i = 1;    /* instance 3 */
    iarr[0] = 3;  /* instance 4 */
    return 0;
}

and it correctly identified instances 1, 3, and 4. It incorrectly
identified instance 2, which will be addressed in a future patch.
---
 scripts/coccinelle/misc/magic_numbers.cocci | 45 +++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 scripts/coccinelle/misc/magic_numbers.cocci

diff --git a/scripts/coccinelle/misc/magic_numbers.cocci b/scripts/coccinelle/misc/magic_numbers.cocci
new file mode 100644
index 000000000000..be6df33d28e4
--- /dev/null
+++ b/scripts/coccinelle/misc/magic_numbers.cocci
@@ -0,0 +1,45 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/// Capture and instances of CWE-547 (https://cwe.mitre.org/data/definitions/547.html)
+///
+//# This attempts to capture instances of magic numbers and report them
+
+virtual report
+
+@r1 depends on report@
+type T;
+constant C;
+identifier var;
+position p;
+@@
+* T var@p = C;
+
+@script:python depends on report@
+p << r1.p;
+@@
+coccilib.report.print_report(p[0], "Hard-coded constant, consider using #define")
+
+@r2 depends on report@
+type T;
+identifier var;
+constant C;
+position p;
+@@
+* T var[C];
+
+@script:python depends on report@
+p << r2.p;
+@@
+coccilib.report.print_report(p[0], "Hard-coded constant, consider using #define")
+
+@r3 depends on report@
+type T;
+constant C;
+position p;
+T[] E;
+@@
+* E[C]@p = ... ;
+
+@script:python depends on report@
+p << r3.p;
+@@
+coccilib.report.print_report(p[0], "Hard-coded constant, consider using #define")