Comments (2)
构造的 lua 文件如下所示,也可以将其加到任意 lua 文件中,用于对抗扫描器:
function test(a) local result = false if result then if a[0] == "A" then result = true print("A") else print("B") end end if result then print("C") else print("D") end end test({"A", "B"})
正常运行:
$ lua -v Lua 5.3.3 Copyright (C) 1994-2016 Lua.org, PUC-Rio $ lua test.lua D
崩溃:
$ ./tsclua test.lua tokenize... [tokenize][1/1] /home/firmy/TscLua/test.lua analyze entry file... check... [preRuleAnalyze][1/9] uninitvar [preRuleAnalyze][2/9] OrTrue [preRuleAnalyze][3/9] intercall [preRuleAnalyze][4/9] CheckOther [preRuleAnalyze][5/9] Style [preRuleAnalyze][6/9] scope [preRuleAnalyze][7/9] CheckOther2 [preRuleAnalyze][8/9] logic [preRuleAnalyze][9/9] CheckGlobalVar [check][1/1] /home/firmy/TscLua/test.lua [1] 340431 segmentation fault (core dumped) ./tsclua test.lua
0x41d75c <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> mov rbx, rdi 0x41d75f <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> mov rax, QWORD PTR [rdx+0x20] → 0x41d763 <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> mov rcx, QWORD PTR [rax+0x8] 0x41d767 <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> cmp QWORD PTR [rax], rcx 0x41d76a <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> je 0x41d778 <_ZN15CCheckUninitVar25HandleSpecialIfNotRequireEPK5Token+40> 0x41d76c <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> pop rbx 0x41d76d <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> ret 0x41d76e <CCheckUninitVar::HandleSpecialIfNotRequire(Token+0> xchg ax, ax [#0] Id 1, Name: "tsclua", stopped 0x41d763 in CCheckUninitVar::HandleSpecialIfNotRequire(Token const*) (), reason: SIGSEGV [#1] 0x4220b2 → CCheckUninitVar::HandleIf(Token const*)() [#2] 0x42748b → CCheckUninitVar::CheckUninitVar()() [#3] 0x49af81 → LuaCheck::check()() [#4] 0x4e0bd7 → LuaCheckExecutor::check(int, char const* const*)() [#5] 0x41afb4 → main()
如果可以,帮忙申请一个CVE,谢谢!
已更新一个新版本。可以再试试,如果发现新的问题,欢迎反馈
from tscancode.
https://nvd.nist.gov/vuln/detail/CVE-2022-35158
Discoverer: Chao Yang@Li Auto
from tscancode.
Related Issues (20)
- settings.tsc 中的文件路径可以支持 相对路径吗?
- 扫描c#代码会出现卡死、崩溃 HOT 2
- TscanCode使用、开发讨论Q群 838740084
- Tscancode可以通过命令行参数或配置文件过滤多个目录和文件吗? HOT 1
- LUA版本什么时候开放呀? HOT 1
- 2022年4月26日更新的lua版本的配置,lua_cfg.xml 第89行格式错误 HOT 2
- lua tsclua 误报内容 HOT 1
- 关于--no-analyze选项的疑问
- 检测lua,对于操作空对象不提示错误
- tscancode误报
- 执行release\windows\lua下的exe文件闪退 HOT 2
- Windows下怎么找不到安装文件了,现在这个lua这个不是的呀 HOT 2
- /release/mac/tsclua.mac 无法使用
- 有没办法bypass部分代码逻辑
- window下win32与x86工程配置错误,导致编译报错 HOT 1
- 格式化相关检测 HOT 1
- Failed to compile the code, cause SIGSTKSZ is now a run-time variable since glibc 2.34! HOT 1
- 没有windows下的.exe文件 HOT 1
- 请问,windows版本的最新安装包在哪里下载呢 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tscancode.