From 7d267e8e4ca086844c78e3922a7232091036f958 Mon Sep 17 00:00:00 2001
From: Or Toren <129293360+orto17@users.noreply.github.com>
Date: Tue, 1 Oct 2024 12:08:09 +0300
Subject: [PATCH] Sast CPP Flag integration Tests (#195)

---
 audit_test.go                                 |  49 ++++++++
 .../package-managers/c/sast_vulnerability.c   | 115 ++++++++++++++++++
 2 files changed, 164 insertions(+)
 create mode 100644 tests/testdata/projects/package-managers/c/sast_vulnerability.c

diff --git a/audit_test.go b/audit_test.go
index d585deb9..86c2829c 100644
--- a/audit_test.go
+++ b/audit_test.go
@@ -473,6 +473,39 @@ func addDummyPackageDescriptor(t *testing.T, hasPackageJson bool) {
 
 // JAS
 
+func TestXrayAuditSastCppFlagSimpleJson(t *testing.T) {
+	output := testAuditC(t, string(format.SimpleJson), true)
+	securityTestUtils.VerifySimpleJsonJasResults(t, output, 1, 0, 0, 0, 0, 0, 0, 0, 0)
+
+}
+
+func TestXrayAuditWithoutSastCppFlagSimpleJson(t *testing.T) {
+	output := testAuditC(t, string(format.SimpleJson), false)
+	securityTestUtils.VerifySimpleJsonJasResults(t, output, 0, 0, 0, 0, 0, 0, 0, 0, 0)
+}
+
+// Helper for both C & Cpp Sast scans tests
+func testAuditC(t *testing.T, format string, enableCppFlag bool) string {
+	cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, getJasAuditMockCommand)
+	defer cleanUp()
+	securityTestUtils.InitSecurityTest(t, scangraph.GraphScanMinXrayVersion)
+	tempDirPath, createTempDirCallback := coreTests.CreateTempDirWithCallbackAndAssert(t)
+	defer createTempDirCallback()
+	cProjectPath := filepath.Join(filepath.FromSlash(securityTestUtils.GetTestResourcesPath()), "projects", "package-managers", "c")
+	// Copy the c project from the testdata to a temp dir
+	assert.NoError(t, biutils.CopyDir(cProjectPath, tempDirPath, true, nil))
+	prevWd := securityTestUtils.ChangeWD(t, tempDirPath)
+	defer clientTests.ChangeDirAndAssert(t, prevWd)
+	watchName, deleteWatch := securityTestUtils.CreateTestWatch(t, "audit-policy", "audit-watch", xrayUtils.High)
+	defer deleteWatch()
+	if enableCppFlag {
+		unsetEnv := clientTests.SetEnvWithCallbackAndAssert(t, "JFROG_SAST_ENABLE_CPP", "1")
+		defer unsetEnv()
+	}
+	args := []string{"audit", "--licenses", "--vuln", "--format=" + format, "--watches=" + watchName, "--fail=false"}
+	return cliToRun.WithoutCredentials().RunCliCmdWithOutput(t, args...)
+}
+
 func TestXrayAuditNotEntitledForJas(t *testing.T) {
 	cliToRun, cleanUp := securityTestUtils.InitTestWithMockCommandOrParams(t, getNoJasAuditMockCommand)
 	defer cleanUp()
@@ -483,6 +516,22 @@ func TestXrayAuditNotEntitledForJas(t *testing.T) {
 	securityTestUtils.VerifySimpleJsonJasResults(t, output, 0, 0, 0, 0, 0, 0, 0, 0, 0)
 }
 
+func getJasAuditMockCommand() components.Command {
+	return components.Command{
+		Name:  docs.Audit,
+		Flags: docs.GetCommandFlags(docs.Audit),
+		Action: func(c *components.Context) error {
+			auditCmd, err := cli.CreateAuditCmd(c)
+			if err != nil {
+				return err
+			}
+			// Disable Jas for this test
+			auditCmd.SetUseJas(true)
+			return progressbar.ExecWithProgress(auditCmd)
+		},
+	}
+}
+
 func getNoJasAuditMockCommand() components.Command {
 	return components.Command{
 		Name:  docs.Audit,
diff --git a/tests/testdata/projects/package-managers/c/sast_vulnerability.c b/tests/testdata/projects/package-managers/c/sast_vulnerability.c
new file mode 100644
index 00000000..d7cb5be9
--- /dev/null
+++ b/tests/testdata/projects/package-managers/c/sast_vulnerability.c
@@ -0,0 +1,115 @@
+/*
+Author: Hardik Shah
+Email: hardik05@gmail.com
+Web: http://hardik05.wordpress.com
+*/
+
+//a vulnerable c program to explain common vulnerability types
+//fuzz with AFL
+
+#include<stdio.h>
+#include<stdlib.h>
+#include<string.h>
+
+struct Image
+{
+	char header[4];
+	int width;
+	int height;
+	char data[10];
+};
+
+int ProcessImage(char* filename){
+	FILE *fp;
+	char ch;
+	struct Image img;
+
+	fp = fopen(filename,"r");            //Statement   1
+
+	if(fp == NULL)
+	{
+		printf("\nCan't open file or file doesn't exist.\r\n");
+		exit(0);
+	}
+
+
+	while(fread(img,sizeof(img),1,fp)>0)
+	{
+		//if(strcmp(img.header,"IMG")==0)
+		//{
+		printf("\n\tHeader\twidth\theight\tdata\t\r\n");
+
+		printf("\n\t%s\t%d\t%d\t%s\r\n",img.header,img.width,img.height,img.data);
+
+
+		//integer overflow 0x7FFFFFFF+1=0
+		//0x7FFFFFFF+2 = 1
+		//will cause very large/small memory allocation.
+		int size1 = img.width + img.height;
+		char* buff1=(char*)malloc(size1);
+
+		//heap buffer overflow
+		memcpy(buff1,img.data,sizeof(img.data));
+		free(buff1);
+		//double free	
+		if (size1/2==0){
+			free(buff1);
+		}
+		else{
+			//use after free
+			if(size1/3 == 0){
+				buff1[0]='a';
+			}
+		}
+
+
+		//integer underflow 0-1=-1
+		//negative so will cause very large memory allocation
+		int size2 = img.width - img.height+100;
+		//printf("Size1:%d",size1);
+		char* buff2=(char*)malloc(size2);
+
+		//heap buffer overflow
+		memcpy(buff2,img.data,sizeof(img.data));
+
+		//divide by zero
+		int size3= img.width/img.height;
+		//printf("Size2:%d",size3);
+
+		char buff3[10];
+		char* buff4 =(char*)malloc(size3);
+		something(buff4);
+		memcpy(buff4,img.data,sizeof(img.data));
+
+		//OOBR read bytes past stack/heap buffer
+		char OOBR = buff3[size3];
+		char OOBR_heap = buff4[size3];
+
+		//OOBW write bytes past stack/heap buffer
+		buff3[size3]='c';
+		buff4[size3]='c';
+
+		if(size3>10){
+			//memory leak here
+			buff4=0;
+		}
+		else{
+			free(buff4);
+		}
+
+		free(buff2);
+		//}
+		//else
+		//	printf("invalid header\r\n");
+
+	}
+	fclose(fp);
+
+	return 0;
+}
+
+int main(int argc,char **argv)
+{
+	ProcessImage(argv[1]);
+
+}