└── FindBannedFunctions.py /FindBannedFunctions.py: -------------------------------------------------------------------------------- 1 | # This script locates potentially dangerous functions that could introduce a vulnerability if they are used incorrectly. 2 | #@author: VDA Labs (Michael Fowl) 3 | #@category Functions 4 | 5 | print "Searching for banned functions..." 6 | 7 | # Microsoft SDL banned.h list. 8 | blist = (["strcpy", "strcpyA", "strcpyW", "wcscpy", "_tcscpy", "_mbscpy", "StrCpy", 9 | "StrCpyA", "StrCpyW", "lstrcpy", "lstrcpyA", "lstrcpyW", "_tccpy", "_mbccpy", 10 | "_ftcscpy", "strcat", "strcatA", "strcatW", "wcscat", "_tcscat", "_mbscat", 11 | "StrCat", "StrCatA", "StrCatW", "lstrcat", "lstrcatA", "lstrcatW", "StrCatBuff", 12 | "StrCatBuffA", "StrCatBuffW", "StrCatChainW", "_tccat", "_mbccat", "_ftcscat", 13 | "sprintfW", "sprintfA", "wsprintf", "wsprintfW", "wsprintfA", "sprintf", "swprintf", 14 | "_stprintf", "wvsprintf", "wvsprintfA", "wvsprintfW", "vsprintf", "_vstprintf", 15 | "vswprintf", "strncpy", "wcsncpy", "_tcsncpy", "_mbsncpy", "_mbsnbcpy", "StrCpyN", 16 | "StrCpyNA", "StrCpyNW", "StrNCpy", "strcpynA", "StrNCpyA", "StrNCpyW", "lstrcpyn", 17 | "lstrcpynA", "lstrcpynW", "strncat", "wcsncat", "_tcsncat", "_mbsncat", "_mbsnbcat", 18 | "StrCatN", "StrCatNA", "StrCatNW", "StrNCat", "StrNCatA", "StrNCatW", "lstrncat", 19 | "lstrcatnA", "lstrcatnW", "lstrcatn", "gets", "_getts", "_gettws", "IsBadWritePtr", 20 | "IsBadHugeWritePtr", "IsBadReadPtr", "IsBadHugeReadPtr", "IsBadCodePtr", "IsBadStringPtr"]) 21 | 22 | # loop through program functions 23 | function = getFirstFunction() 24 | while function is not None: 25 | for banned in blist: 26 | if function.getName() == banned: 27 | print "%s found at %s" % (function.getName(),function.getEntryPoint()) 28 | #function.setComment("Badness!") 29 | function = getFunctionAfter(function) 30 | print 31 | --------------------------------------------------------------------------------