Skip to content

v0.0.2

Latest
Compare
Choose a tag to compare
@Ran350 Ran350 released this 06 Aug 23:13
· 17 commits to main since this release

y2k38-checker

Paper

y2k38-checker is a tool that identifies and reports code with potential Year 2038 problem issues in C language source code.

Check List

Check list ID Description
read-fs-timestamp Since the file timestamp attributes of ext2/3, XFS (versions prior to Linux 5.10), ReiserFS are 32-bit signed integers, programs that read file timestamps in these environments may be affected by the Y2K38.
write-fs-timestamp Since the file timestamp attributes of ext2/3, XFS (versions prior to Linux 5.10), ReiserFS are 32-bit signed integers, programs that write file timestamps in these environments may be affected by the Y2K38.
timet-to-int-downcast Since in many environments the int type is a 32-bit signed integer, there is a possibility that downcasting from time_t type to int may be affected by the Y2K38.
timet-to-long-downcast Since in many environments the int type is a 32-bit signed integer, there is a possibility that downcasting from time_t to long may be affected by the Y2K38.

How to use

Requirements:

  • Docker / Docker Compose
  • OS: Ubuntu

Setup

  1. Download the releases.
  2. Unzip the downloaded file.
unzip y2k38-checker-<version>.zip

Then, the following directory structure is created.

y2k38-checker/
├─┬ checker/
│  ├── build/lib/liby2k38-plugin.so  # detection tool as a Clang plugin
│  ├── scripts/           # scripts for running the detection tool
│  └── clang+llvm-11.0.0-x86_64-linux-gnu-ubuntu-20.04
├── dataset/             # example for C source code
├── volumes/             # target source code
└┬─ .devcontainer/
  ├── Dockerfile
  ├── docker-compose.yml
  └── devcontainer.json
  1. Add the path of the created the directory in .devcontainer/docker-compose.yml
services:
   y2k38-checker-app:
      build:
         context: ..
         dockerfile: .devcontainer/Dockerfile
      tty: true
      volumes:
         - ..:/root/y2k38-checker/volumes/
         - type: bind
-          source: /home/cysec/develop/.y2k38-checker/analysis-objects/
+          source: <path/to/dir>
         target: /root/analysis-objects
  1. Build & Run the docker container with CLI or DevContainer
cd y2k38-checker
docker-compose build # only first time
docker-compose run y2k38-checker

Alternatively, start it in the devcontainer of VSCode.

  1. Run the detection tool with the following command.

Run as script

Check the source code in the volumes/ directory with the detection tool.

python3 ./checker/script/analyze/main.py file.c
# python3 ./checker/scripts/analyze/main.py ./dataset/blacklist/read-fs-timestamp.c

Run as a Clang plugin

clang -w -fplugin=/root/y2k38-checker/checker/build/lib/liby2k38-plugin.so -c file.c
# clang -w -fplugin=/root/y2k38-checker/checker/build/lib/liby2k38-plugin.so -c /root/y2k38-checker/dataset/blacklist/read-fs-timestamp.c