Skip to content

static_analyses(pseudofiles): ignore /proc/1#677

Open
be32826 wants to merge 1 commit intomainfrom
static-pf-ignore-proc-1
Open

static_analyses(pseudofiles): ignore /proc/1#677
be32826 wants to merge 1 commit intomainfrom
static-pf-ignore-proc-1

Conversation

@be32826
Copy link
Collaborator

@be32826 be32826 commented Oct 10, 2025

Since /proc/1 is guaranteed to exist when /proc is mounted, firmware can hard-code that path, causing the pseudofile finder static analysis to find it. But it is a directory, so shouldn't be considered a pseudofile.

@be32826
Copy link
Collaborator Author

be32826 commented Oct 10, 2025

Is the "PID" entry in that list supposed to do this? I can't find any evidence of literal /proc/PID existing so maybe that was supposed to filter numbers but it didn't get fully implemented?

@lacraig2
Copy link
Collaborator

lacraig2 commented Oct 10, 2025

I really think that /proc/# should be ignored generally too. They're always supposed to be directories so we know that must be wrong.

Some other wrong entries I've seen lately:

 /proc/sys/crypto/fips_enabled:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/dev/parport/parport0/devices/lp/deviceid:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/kernel/crashlog_filename:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/kernel/crashlog_mtd:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/kernel/print:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/kernel/rtsig:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/kernel/sched_compat_yield:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/net/.placeholder:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/net/bridge/bridge:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/net/ipv4/conf/.placeholder:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/net/ipv4/netfilter:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/net/ipv4/tcp_:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/net/ipv6/conf/.placeholder:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/net/netfilter/.placeholder:
    read:
      model: zero
    write:
      model: discard
  /proc/sys/vm/pagecache_ratio:
    read:
      model: zero
    write:
      model: discard

oh and /dev/NULL (not null NULL)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@be32826 @lacraig2