#!/usr/bin/perl
#########################################################
# fain182.badroot.org
# by FAiN182 - fain182@gmail.com
#########################################################
# Format string bug finder
# description:
# this code find the format string bug in code wrote in C
#
use strict;

print   "\t::::::::::::::::::::::::::::::::::::::\n".
	"\t:[ BADROOT FORMAT STRING BUG FINDER ]:\n".
	"\t::[by] [FAiN182] [ fain182 gmail com]:\n".
	"\t:::[ http://fain182.badroot.org ]:::::\n".
	"\t::::::::::::::::::::::::::::::::::::::\n\n";


print "\t\t[!] [ usage: $0 file.c]\n\n" unless @ARGV;
my $afile;
foreach $afile (@ARGV) {
open(SOURCE, $afile) || die "[!] Error file not found";

my @lines = <SOURCE>;
my $bug_num;
my $line;
my $linea = 0;
my $fun_num = 0;

foreach $line (@lines) {

my @fun_vuln = ( 'printf',
	         'fprintf',
		 'sprintf',
		 'snprintf',
		 'vprintf',
		 'vfprintf',
		 'vsprintf',
		 'vsnprintf',
		 'syslog',
		 'setproctitle',
		 'warn',
		 'warnx',
		 'vwarn',
		 'vwarnx');

my $function;
#take off the " "
$line =~ s/ //g;

foreach $function (@fun_vuln){
	if ( $line =~ /^$function\((.*?)\)/i ){
		if ( $1 =~ m/%/ || $1 =~ m/"/) {
			$linea++;
			}
		else {
		       print "[+] found in [file] $afile [line] $linea [func] $function [this] $line";
		       $linea++;
		       
	        }
	}
	$fun_num++;
}	
}
}
#print "\n\t- Found $bug_num format string bug this code !!\n";