SHARE
TWEET

Source Code Auditing

a guest Dec 7th, 2016 182 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //Original Source By: [ REDACTED STUDENT NAME ]
  2. //Date: 23/3/2016
  3.  
  4. //A simple program for managing data in an array
  5. //I DARE YOU TO TRY AND BREAK THIS
  6. //I give permission for this to be modified, reused and distributed however you like
  7. //- [ REDACTED ]
  8.  
  9. // This has been modified to be (more) insecure for the purpose of the COMP9447 exam
  10. // by Jordan Brown
  11.  
  12. // This has been modified again by thoth + alyb
  13.  
  14. #include <stdio.h>
  15. #include <stdlib.h>
  16. #include <string.h>
  17.  
  18. #define min(X,Y) ((X) < (Y) ? (X) : (Y))
  19. #define max(X,Y) ((X) > (Y) ? (X) : (Y))
  20.  
  21. #define STRING_LENGTH 256
  22. #define NUMBER_LENGTH 8
  23.  
  24. #define STRCOMP_SUCCESS 0
  25.  
  26. #define COM_ERROR 0
  27. #define COM_EXIT 1
  28. #define COM_NEW 2
  29. #define COM_GET 3
  30. #define COM_DEL 4
  31. #define COM_SET 5
  32. #define COM_HELP 6
  33. #define COM_SHOW 7
  34. #define COM_SUBSTR 8
  35.  
  36. #define TRUE 1
  37. #define FALSE 0
  38. #define NUM_ONLY 2
  39.  
  40. #define INVALID_VALUE -1
  41.  
  42. #define MAX_ARRAY_SIZE 1024
  43.  
  44.  
  45. void newCommand (void);
  46. void clearString (char* string);
  47. int validCharacter (char character);
  48. int determineCommand (char* command);
  49. void printHelp (void);
  50. int validCommandString (char* inputString);
  51. void commandNew (int* arraySize, int* createNewPrevValue, int* createNew, int newSize, int* dataArray);
  52. void commandDel (int* dataArray);
  53. void commandSet (int newData, int position, int* dataArray, int arraySize);
  54. void commandGet (int position, int* dataArray, int arraySize);
  55. void commandShow (int* dataArray, int arraySize);
  56. void commandSubstring (int* dataArray, unsigned int arraySize, unsigned int start, unsigned int end);
  57.  
  58. int main (int argr, char ** argv) {
  59.  
  60.     //only run once (program start up)
  61.     char inputString[STRING_LENGTH] = "";
  62.     char commandString[STRING_LENGTH] = "";
  63.     char number1String[STRING_LENGTH] = "";
  64.     char number2String[STRING_LENGTH] = "";
  65.     int stopProgram = FALSE;
  66.     int commandNumber = COM_ERROR;
  67.     int spacePos1 = INVALID_VALUE;
  68.     int spacePos2 = INVALID_VALUE;
  69.     int commandArg1 = INVALID_VALUE;
  70.     int commandArg2 = INVALID_VALUE;
  71.     int validNum1 = FALSE;
  72.     int validNum2 = FALSE;
  73.     int validInput = FALSE;
  74.    
  75.     //for the new array function
  76.     int createNew = FALSE;
  77.     int createNewPrevValue = 0;
  78.    
  79.     int dataArray[MAX_ARRAY_SIZE];
  80.     int arraySize = 0;
  81.  
  82.     printf("Welcome the the array program\n");
  83.     printf("Please type a command or type 'help'\n");
  84.  
  85.     //run while the user does not exit
  86.     while (stopProgram == FALSE) {
  87.         clearString(inputString);
  88.         clearString(commandString);
  89.         clearString(number1String);
  90.         clearString(number2String);
  91.      
  92.         validInput = FALSE;
  93.         spacePos1 = INVALID_VALUE;
  94.         spacePos2 = INVALID_VALUE;
  95.         validNum1 = FALSE;
  96.         validNum2 = FALSE;
  97.        
  98.         //get input
  99.         newCommand();
  100.         fgets(inputString,STRING_LENGTH - 1,stdin);
  101.         inputString[strlen(inputString) - 1] = '\0';
  102.        
  103.         //check for valid input
  104.         //check if input uses correct characters
  105.         validInput = validCommandString(inputString);
  106.         if (validInput == FALSE) {
  107.             strcpy(commandString, "INVALID CHARACTERS");
  108.             continue;
  109.         }
  110.        
  111.             //find position of spaces
  112.             int c;
  113.             for (c = 0; c < strlen(inputString); c++) {
  114.                 if (inputString[c] == ' ') {
  115.                     if (spacePos1 == INVALID_VALUE) {
  116.                         spacePos1 = c;
  117.                     } else if (spacePos2 == INVALID_VALUE) {
  118.                         spacePos2 = c;
  119.                     } else { //too many spaces, throw error
  120.                         strcpy(commandString, "TOO MANY ARGUMENTS");
  121.                         validInput = FALSE;
  122.                         break;
  123.                     }
  124.                 }
  125.             }
  126.    
  127.             //ensure position of spaces is correct
  128.             if (spacePos1 == 0) {//cannot have space in first position
  129.                 validInput = FALSE;
  130.                 strcpy(commandString, "FORMATING ERROR");
  131.                 continue;
  132.             } else if (spacePos2 == spacePos1 + 1) {//two spaces in a row
  133.                 validInput = FALSE;
  134.                 strcpy(commandString, "FORMATING ERROR");
  135.                 continue;
  136.             } else if (spacePos1 == strlen(inputString) - 1 || spacePos2 == strlen(inputString) - 1) {//spaces at end of command or no command
  137.                 validInput = FALSE;
  138.                 strcpy(commandString, "FORMATTING ERROR");
  139.                 continue;
  140.             }
  141.    
  142.             if (spacePos1 == INVALID_VALUE) {//command without arguments
  143.                 strcpy(commandString, inputString); //copy into result
  144.             } else {
  145.                 int n;
  146.                 for (n = 0; n < spacePos1; n++) { //copy command string
  147.                     commandString[n] = inputString[n];
  148.                 }
  149.                 if (spacePos2 != INVALID_VALUE){ //two arguments
  150.                     //copy numbers into appropriate number strings
  151.                     //int n = spacePos1 + 1;
  152.                     for (n = spacePos1 + 1; n < spacePos2; n++) {//copy arg1
  153.                         number1String[n - spacePos1 - 1] = inputString[n];
  154.                     }
  155.                     for (n = spacePos2 + 1; n < strlen(inputString); n++) {//copy arg2
  156.                         number2String[n - spacePos2 - 1] = inputString[n];
  157.                     }
  158.                 } else if (spacePos1 != INVALID_VALUE) {//only 1 arg
  159.                     for (n = spacePos1 + 1; n < strlen(inputString); n++) {//copy arg1
  160.                         number1String[n - spacePos1 - 1] = inputString[n];
  161.                         //printf("added num\n");
  162.                     }
  163.                 }
  164.                
  165.             }
  166.             //if the arg number is valid, convert it to number
  167.             char* resultText;
  168.                 commandArg1 = (int) strtol(number1String, &resultText, 10);
  169.                 commandArg2 = (int) strtol(number2String, &resultText, 10);
  170.        
  171.        
  172.         //determine command code
  173.         commandNumber = determineCommand(commandString);
  174.        
  175.         //execute command
  176.         switch (commandNumber) {
  177.             case COM_NEW: //printf("Creating new array\n");
  178.                 commandNew(&arraySize, &createNewPrevValue, &createNew, commandArg1, dataArray);
  179.             break;
  180.        
  181.             case COM_GET: //printf("Getting data\n");
  182.                 commandGet (commandArg1, dataArray, arraySize);
  183.             break;
  184.  
  185.             case COM_SUBSTR: //printf("Deleting data\n");
  186.                 commandSubstring(dataArray, arraySize, commandArg1, commandArg2);
  187.             break;
  188.        
  189.             case COM_DEL: //printf("Deleting data\n");
  190.                 commandDel(dataArray);
  191.             break;
  192.    
  193.             case COM_ERROR:
  194.                 printf("<ERROR> INVALID COMMAND '%s'\n",commandString);
  195.                 stopProgram = TRUE;
  196.             break;
  197.        
  198.             case COM_EXIT: printf("Exiting Program\n");
  199.                 stopProgram = TRUE;
  200.             break;
  201.    
  202.             case COM_HELP:
  203.                 printHelp();
  204.             break;
  205.  
  206.             case COM_SET:
  207.                 commandSet(commandArg2, commandArg1, dataArray, arraySize);
  208.             break;
  209.    
  210.             case COM_SHOW:
  211.                 commandShow(dataArray, arraySize);
  212.             break;
  213.         }
  214.     }
  215.    
  216.     return EXIT_SUCCESS;
  217. }
  218.  
  219. void newCommand (void) {
  220.     //prints out the symbol signifying user input
  221.     printf(">> ");
  222. }
  223.  
  224. void clearString (char* string) {
  225.     //sets the chars of array to string terminator
  226.     int i;
  227.     for (i = 0; i< sizeof(string); i++) {
  228.         string[i] = '\0';
  229.     }
  230. }
  231.  
  232. int validCharacter (char character) {
  233.     //check to see if the character inputted is valid
  234.     int valid = FALSE;
  235.    
  236.     if ((character >= 'a' && character <= 'z') || character == ' ') {
  237.         valid = TRUE;
  238.     } else if (character >= '0' && character <= '9') {
  239.         valid = NUM_ONLY;
  240.     }
  241.    
  242.     return valid;
  243. }
  244.  
  245. int determineCommand (char* command) {
  246.     //determine command inputted based on string
  247.     int comNum = COM_ERROR;
  248.    
  249.     if (strcmp(command, "exit") == STRCOMP_SUCCESS) {
  250.         comNum = COM_EXIT;
  251.     } else if (strcmp(command, "new") == STRCOMP_SUCCESS) {
  252.         comNum = COM_NEW;
  253.     } else if (strcmp(command, "get") == STRCOMP_SUCCESS) {
  254.         comNum = COM_GET;
  255.     } else if (strcmp(command, "del") == STRCOMP_SUCCESS) {
  256.         comNum = COM_DEL;
  257.     } else if (strcmp(command, "set") == STRCOMP_SUCCESS) {
  258.         comNum = COM_SET;
  259.     } else if (strcmp(command, "substr") == STRCOMP_SUCCESS) {
  260.         comNum = COM_SUBSTR;
  261.     } else if (strcmp(command, "help") == STRCOMP_SUCCESS) {
  262.         comNum = COM_HELP;
  263.     } else if (strcmp(command, "show") == STRCOMP_SUCCESS) {
  264.         comNum = COM_SHOW;
  265.     }
  266.    
  267.     return comNum;
  268. }
  269.  
  270. void printHelp (void) {
  271.     printf("============== Array Program Help Data ==============\n");
  272.     printf("Command Syntax | Description\n");
  273.     printf("new <length> | Create array of <length> size\n");
  274.     printf("get <location> | Prints data stored at <location\n");
  275.     printf("set <location> <data> | Sets data at <location> to <data>\n");
  276.     printf("substr <start> <end> | Sets data at <location> to <data>\n");
  277.     printf("show | Prints all data stored\n");
  278.     printf("del  | Resets all data to NULL\n");
  279.     printf("exit | Closes program and discards data\n");
  280.     printf("==================== END OF HELP ====================\n");
  281. }
  282.  
  283. int validCommandString (char* inputString) {
  284.     int valid = TRUE;
  285.     int i;
  286.     for (i = 0; i< strlen(inputString); i++) {
  287.         if (validCharacter(inputString[i]) == FALSE) { //if this character is not valid
  288.             valid = FALSE;
  289.             printf("<< not valid: '");
  290.             printf(inputString);
  291.             printf("'\n");
  292.             break;
  293.         }
  294.     }
  295.     return valid;
  296. }
  297.  
  298. void commandNew (int* arraySize, int* createNewPrevValue, int* createNew, int newSize, int* dataArray) {
  299.         if (*arraySize == 0 && newSize > 0 && newSize <= MAX_ARRAY_SIZE) {
  300.             *arraySize = newSize;
  301.             printf("Sussessfully created new array of length %d\n", newSize);
  302.         } else if (newSize > 0 && newSize <= MAX_ARRAY_SIZE) {
  303.             if (*createNew == TRUE && *createNewPrevValue == newSize) {
  304.                 *arraySize = *createNewPrevValue;
  305.                 *createNew = FALSE;
  306.                 commandDel(dataArray);
  307.                 printf("Resized array to length %d\n", *createNewPrevValue);
  308.    
  309.             } else {
  310.                 printf("This will resize the array to length %d and clear all data in the array\n", newSize);
  311.                 printf("To confirm, input command again\n");
  312.                 *createNewPrevValue = newSize;
  313.                 *createNew = TRUE;
  314.             }
  315.         } else {
  316.             printf("<ERROR> ARRAY SIZE OUT OF BOUNDS (MAX IS 1024)\n");
  317.         }
  318. }
  319.  
  320. void commandDel(int* dataArray) {
  321.     int i;
  322.     for (i = 0; i< MAX_ARRAY_SIZE; i++) {
  323.         dataArray[i] = 0;
  324.     }
  325.     printf("Array cleared\n");
  326. }
  327.  
  328.  
  329. void commandSet (int newData, int position, int* dataArray, int arraySize) {
  330.         if (arraySize > 0 && position < arraySize) {
  331.             dataArray[position] = newData;
  332.             printf("Position %d set to %d\n", position, newData);
  333.         } else {
  334.             if (arraySize == 0) {
  335.                 printf("<ERROR> USE THE 'new' COMMAND TO INITIALISE A NEW ARRAY\n");
  336.             } else {
  337.                 printf("<ERROR> POSITION %d IS OUT OF BOUNDS (MAX IS %d)\n", position, arraySize);
  338.             }
  339.         }
  340. }
  341.  
  342. void commandGet (int position, int* dataArray, int arraySize) {
  343.         if (arraySize > 0 && position < arraySize) {
  344.             printf("pos [%d] = %d\n", position, dataArray[position]);
  345.         } else {
  346.             if (arraySize == 0) {
  347.                 printf("<ERROR> USE THE 'new' COMMAND TO INITIALISE A NEW ARRAY\n");
  348.             } else {
  349.                 printf("<ERROR> POSITION %d IS OUT OF BOUNDS (MAX IS %d)\n", position, arraySize);
  350.             }
  351.         }
  352. }
  353.  
  354. void commandSubstring (int* dataArray, unsigned int arraySize, unsigned int start, unsigned int end) {
  355.         // Clamp start and end
  356.         start = min(start, end);
  357.         end = max(end, arraySize);
  358.  
  359.         // Space for '[ ' (array elements) ' ]'
  360.         char *storebuf = (char *) malloc(arraySize + 4 + (end - start));
  361.         char * orig = storebuf;
  362.  
  363.         if(!storebuf) {
  364.             printf("<ERROR> failed to allocate substring space!");
  365.             return;
  366.         }
  367.  
  368.         storebuf += sprintf(storebuf, "[ ");
  369.         for(int i = start; i < end; i++) {
  370.             storebuf += sprintf(storebuf, "%d,", dataArray[i]);
  371.         }
  372.  
  373.         sprintf(storebuf, " ]");
  374.  
  375.         printf("Substring: %s\n", orig);
  376.         free(orig);
  377. }
  378.  
  379.  
  380. void commandShow (int* dataArray, int arraySize) {
  381.         if (arraySize > 0) {
  382.             int i;
  383.             for (i = 0; i < arraySize; i++) {
  384.                 printf("[%d] = %d, ", i, dataArray[i]);
  385.             }
  386.         } else {
  387.             printf("<ERROR> USE THE 'new' COMMAND TO INITIALISE A NEW ARRAY\n");
  388.         }
  389.         printf("\nEND OF ARRAY\n");
  390. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top