From 707bfb1404b686328fc0847e6b5fa086ead4323b Mon Sep 17 00:00:00 2001 From: Sameer <142401625+sameer6pre@users.noreply.github.com> Date: Thu, 4 Dec 2025 12:07:39 +0530 Subject: [PATCH 1/4] Update src/state_example/crypto/crypto_1.c in branch Precogs-fix-9tz2il11 --- src/state_example/crypto/crypto_1.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/state_example/crypto/crypto_1.c b/src/state_example/crypto/crypto_1.c index f3f09ab..7ba2aac 100644 --- a/src/state_example/crypto/crypto_1.c +++ b/src/state_example/crypto/crypto_1.c @@ -10,12 +10,22 @@ static crypto_nonce *current_nonce = 0; void crypto_init() { memset(¤t_key, 0, sizeof(current_key)); - if (current_nonce != 0) { + if (current_nonce != NULL) { free(current_nonce); + current_nonce = NULL; // FIX: Prevent double free/use-after-free } current_nonce = calloc(1, sizeof(crypto_nonce)); + if (current_nonce == NULL) { + // Handle allocation failure securely + // Optionally set an error state or abort + // For example: + // fprintf(stderr, "crypto_init: calloc failed\n"); + // abort(); + return; + } current_state = initialized; } +// FIX EXPLANATION: After freeing 'current_nonce', we immediately set it to NULL to prevent accidental double free or use-after-free. We also check the result of 'calloc' for allocation failure, which is a best practice for robust and secure C code. enum crypto_state crypto_get_state() { return current_state; } From 44daf8c6193ba28479f18a5e56388ad7cb1d1add Mon Sep 17 00:00:00 2001 From: Sameer <142401625+sameer6pre@users.noreply.github.com> Date: Mon, 2 Feb 2026 18:52:50 +0530 Subject: [PATCH 2/4] Create app.py Signed-off-by: Sameer <142401625+sameer6pre@users.noreply.github.com> --- src/app.py | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 src/app.py diff --git a/src/app.py b/src/app.py new file mode 100644 index 0000000..15a3f51 --- /dev/null +++ b/src/app.py @@ -0,0 +1,71 @@ +import os +import pickle +import sqlite3 +import yaml +from flask import Flask, request + +app = Flask(__name__) + +# --- VULN 1: Hard-coded secret --- +API_KEY = "SUPER_SECRET_API_KEY_12345" # Snyk should flag this + + +# --- VULN 2: SQL Injection --- +def get_user_by_name(username): + conn = sqlite3.connect("test.db") + cursor = conn.cursor() + # Intentionally vulnerable query + query = f"SELECT * FROM users WHERE username = '{username}'" + cursor.execute(query) + result = cursor.fetchall() + conn.close() + return result + + +@app.route("/user") +def user(): + username = request.args.get("username", "test") + data = get_user_by_name(username) + return {"data": str(data)} + + +# --- VULN 3: Command Injection --- +@app.route("/ping") +def ping(): + ip = request.args.get("ip", "127.0.0.1") + # Intentionally dangerous: using user input in shell command + os.system(f"ping -c 1 {ip}") + return {"status": "ok"} + + +# --- VULN 4: Insecure Deserialization --- +@app.route("/load") +def load(): + raw = request.args.get("data", None) + if not raw: + return {"error": "no data"}, 400 + + # Intentionally insecure: untrusted pickle.loads + obj = pickle.loads(bytes.fromhex(raw)) + return {"loaded": str(obj)} + + +# --- VULN 5: Unsafe YAML load --- +@app.route("/yaml") +def yaml_load(): + data = request.args.get("data", "a: 1") + # Unsafe loader (yaml.load instead of safe_load) + loaded = yaml.load(data, Loader=yaml.Loader) # vulnerable usage + return {"parsed": str(loaded)} + + +if __name__ == "__main__": + # Simple DB init to avoid runtime errors + conn = sqlite3.connect("test.db") + c = conn.cursor() + c.execute("CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY, username TEXT)") + c.execute("INSERT OR IGNORE INTO users (id, username) VALUES (1, 'test')") + conn.commit() + conn.close() + + app.run(debug=True) From a0a2482f673bce84ddb761a48f615df000de608a Mon Sep 17 00:00:00 2001 From: Sameer <142401625+sameer6pre@users.noreply.github.com> Date: Tue, 24 Feb 2026 14:15:05 +0530 Subject: [PATCH 3/4] Update README.md Signed-off-by: Sameer <142401625+sameer6pre@users.noreply.github.com> --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index e9c498d..bd128ef 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,6 @@ Building robust C/C++ applications is a highly challenging endeavor that require These examples require libssl-dev and libzstd-dev installed on Ubuntu. To install both dependencies you can run: ```sh -sudo apt install libssl-dev libzstd-dev -y ``` If you do not want to install both packages, you can use a devcontainer to run the examples, or comment out the include of the simple_examples folder in the main [CMakeLists.txt](CMakeLists.txt#L23) file. From 29e25682e88a67cab63f3cfc03a183e2d91e2f8a Mon Sep 17 00:00:00 2001 From: Sameer <142401625+sameer6pre@users.noreply.github.com> Date: Tue, 24 Feb 2026 14:15:35 +0530 Subject: [PATCH 4/4] Update README.md Signed-off-by: Sameer <142401625+sameer6pre@users.noreply.github.com> --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index bd128ef..c29edab 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,6 @@ # Testing C/C++ for Security and Reliability Building robust C/C++ applications is a highly challenging endeavor that requires thorough testing. While C/C++ enables us to write high-performance code, the memory-unsafety nature of the language brings a broad spectrum of security risks. Memory corruption issues constitute the vast majority of bugs and security vulnerabilities found in C/C++ projects, and their impact is best demonstrated by the [Heartbleed](https://en.wikipedia.org/wiki/Heartbleed) bug on OpenSSL. Regular unit and integration tests are essential to test that our code functions correctly - they are not enough to uncover memory-corruption bugs. (Whitebox and smart) Fuzz testing on the other hand, has established itself as the best practical method to find these issues in large code bases such as Google Chrome. - -These examples require libssl-dev and libzstd-dev installed on Ubuntu. To install both dependencies you can run: ```sh ``` If you do not want to install both packages, you can use a devcontainer to run the examples, or comment out the include of the simple_examples folder in the main [CMakeLists.txt](CMakeLists.txt#L23) file.