SlideShare a Scribd company logo

Detection of vulnerabilities in programs with the help of code analyzers

P
PVS-Studio

Static code analysis tools can help detect vulnerabilities by analyzing source code without executing the program. This document describes 16 such tools, including BOON for buffer overflows, CQual for format string vulnerabilities, MOPS for checking rule compliance, and ITS4, RATS, PScan, and Flawfinder for buffer overflows and format strings. While useful, static tools have limitations and cannot guarantee to find all vulnerabilities. Manual review is still needed to verify results.

Technology
1 of 6
Download to read offline
Detection of vulnerabilities in programs with the help of code analyzers Author: Elena Haritonova Date: 10.08.2008 Abstract At present there are a lot of tools intended for automating search of program vulnerabilities. This article describes some of them. Introduction Static code analysis is software analysis which deals with the source code of programs and is implemented without real execution of the program being examined. Software often contains various vulnerabilities because of errors in program code. Errors made while developing programs cause program failure and consequently the program cannot work normally: data alteration and contamination often occur as well as program halt or even system halt. Most of the vulnerabilities relate to incorrect processing of input data or not rather strict check of these data. To detect vulnerabilities different tools are used, for example, static analyzers of source program code, which are reviewed in this article. Classification of security vulnerabilities When a requirement of correct work of a program at all possible input data is violated, the so called security vulnerabilities may occur. Security vulnerabilities may result in that one program may be used to overcome security limitations of the whole system. Classification of security vulnerabilities depending on program errors: 1. Buffer overflow. This vulnerability occurs because of absence of control over excess of array size in memory during program execution. When too a large data burst overflows a buffer of a limited size, the content of outside memory cells is rewritten and program halt occurs. Depending on the place of the buffer's location in the process's memory, stack buffer overflow, heap buffer overflow and bss buffer overflow can be distinguished. 2. Tainted input vulnerability. Tainted input vulnerability can occur when data input by the user without sufficient control are passed to an interpreter of some outer language (usually it is Unix shell or SQL). In this case the user can define the input data in that way that the launched interpreter executes some other command than that meant by the authors of the vulnerable program. 3. Format string vulnerability. This type of security vulnerabilities is a subclass of tainted input vulnerability. It occurs because of insufficient control over parameters while using functions of format input-output printf, fprintf, scanf etc of the standard C library. These functions receive a symbol string as one of the parameters defining input or output format of following arguments
of the function. If the user can define the format type himself, this vulnerability may occur as the result of an unlucky use of string formatting functions. 4. Vulnerabilities resulting from race condition errors. Problems relating to multitasking cause situations called "race conditions": a program not intended to be executed in a multitask environment can suppose that, for example, files used by it while working cannot be changed by another program. As the result, an intruder who substitutes the content of these working files can make the program perform certain actions. Of course, there exist other types of security vulnerabilities. Review of existing analyzers To detect security vulnerabilities in programs the following tools are used: • Dynamic debuggers - tools which allow you to perform debugging of a program during its execution. • Static analyzers (static debuggers) - tools using information collected during static analysis of a program. Static analyzers point out those sections in a program where an error may occur. These suspicious sections of the code may both contain an error and be useless at all. Some of the existing static analyzers are reviewed in this article. Let's discuss each of them in detail. 1. BOON BOON tool, being based on deep semantic analysis, automates the process of scanning source C texts to detect vulnerable sections which can cause buffer overflow. It detects possible defects supposing that some values are part of an implicit type with a concrete buffer's size. 2. CQual CQual is a tool to detect errors in C programs. The program introduces additional type qualifiers defined by the user to C language. The programmer comments his program with corresponding qualifiers and cqual searches errors. Incorrect annotations indicate possible errors. Cqual can be used to detect possible format string vulnerability. 3. MOPS MOPS (MOdel checking Programs for Security) is a tool to search security vulnerabilities in C programs. It is intended for dynamic patch to make a C program correspond to a static model. MOPS uses a software auditing model which is meant to find out if the program observes a set of rules defined to create safe programs. 4. ITS4, RATS, PScan, Flawfinder To detect buffer overflow errors and format string errors the following static analyzers are used: 1. ITS4. A simple tool which scans source C/C++ code to detect potential security vulnerabilities. It records calls of potentially unsafe functions, for example, such as strcpy/memcpy and performs surface semantic analysis trying to estimate if this code is unsafe and also provides advice of improving it. 2. RATS. RATS utility (Rough Auditing Tool for Security) processes C/C++ code and Perl, PHP and Python scripts. RATS scans source code detecting potentially unsafe function calls. The aim of
this tool is not the final detection of errors but making valid conclusions for a specialist to perform manual check of the code. RATS combines different kinds of security check from semantic check in ITS4 to deep semantic analysis to find defects received from MOPS which can cause buffer overflow. 3. PScan. It scans source C texts to detect potentially incorrect functions similar to printf and format string vulnerabilities. 4. Flawfinder. Like RATS this is a static scanner of source C/C++ program texts. It searches functions which are very often used incorrectly, assigns risk coefficients to them (relying on such information as parameters passed) and composes a list of potential vulnerabilities arranging them according to the risk level. All these tools are similar and use only lexical analysis and simple syntax analysis. That's why the results provided by these programs may contain even 100% of false messages. 5. Bunch Bunch is a tool of analysis and visualization of C programs building a graph of dependencies which help the auditor to examine the modular structure of the program. 6. UNO UNO is a simple analyzer of source code. It was developed to detect such errors as unassigned variables, zero pointers and excess of array limits. UNO allows you to perform simple analysis of execution thread and data threads, both intra- and interprocedure analysis, specify the user properties. But this tool cannot be used for analysis of real applications, doesn't support many standard libraries and doesn't allow you to analyze however serious programs at the present stage of development. 7. FlexeLint (PC-Lint) FlexeLint (PC-Lint) - this analyzer is intended for analyzing source code to detect different type errors. The program performs semantic analysis of source code, analysis of data and execution threads. When the work is done, messages of several types are shown: • A zero pointer is possible; • Problems of memory allocation (for example free() after malloc() is absent); • Problem of execution thread (for example, the code is inaccessible); • Buffer overflow or arithmetic overflow are possible; • Warning messages about bad and potentially unsafe code style. 8. Viva64 Viva64 tool which helps a specialist to detect in the source code of C/C++ programs potentially unsafe sections relating to porting from 32-bit systems on 64-bit ones. Viva64 integrates into Microsoft Visual Studio 2005/2008 what provides convenient work with this tool. The analyzer helps to write correct and optimized code for 64-bit systems. 9. Parasoft C++test Parasoft C++test is a specialized tool for Windows allowing you to automate analysis of C++ code quality. C++test package analyzes the project and generates the code intended for checking items of the project. C++test package performs very important work of analyzing C++ classes. When the project is loaded it is necessary to set testing methods. The software analyzes each argument of a method and returns types of corresponding values. Argument values are assigned by default in case of data of simple types; you
can define testing data for types and classes defined by the user. You can redefine C++test arguments used by default and assign values received as the result of the test. We should mention also that C++test can test incomplete code. The software generates stub-code for any method and function which doesn't exist yet. It supports imitation of external devices and input data defined by the user. The both functions allow you to perform retesting. When testing parameters are defined for all the methods, C++test package is ready to launch the executed code. The package generates test-code calling Visual C++ compiler to create it. You can implement tests on method, class, file and project levels. 10. Coverity Coverity tools are used to detect and correct security and quality defects in applications of critical purpose. Coverity company's technology removes barriers in writing and introducing complex software by automating the process of searching and correcting critical program errors and security vulnerabilities during development. Coverity company's tool can process tens of millions of code strings with a minimum positive error providing full trace coverage. 11. KlocWork K7 Klocwork company's products are intended for automatic static code analysis, detection and prevention of software defects and security problems. Tools of this company are used to detect basic reasons of software quality and security vulnerabilities, to control and prevent these defects during the whole development process. 12. Frama-C Frama-C is an open, integrated set of tools for analyzing C source code. The set includes ACSL (ANSI/ISO C Specification Language) - a special language allowing you to describe specifications of C functions in detail, for example, define the range of acceptable input values of a function and the range of normal output values. This toolkit helps to: • Perform formal code test; • Search potential execution errors; • Perform code auditing or reviewing; • Perform reverse-engineering of the code to understand the structure better; • Generate formal documentation. 13. CodeSurfer CodeSurfer is a tool for program analysis, the main aim of which is not to search security vulnerability errors. Its main advantages are: • Pointer analysis; • Different analyses of the data thread (use and definition of variables, data dependency, building of the call graph); • Scripting language. CodeSurfer can be used to detect errors in source code, to make source code clearer, and to reengineer programs. Within the framework of CodeSurfer a prototype of a tool to detect security vulnerabilities has been developed, but the developed tool is used only by the developers of the organization.
14. FxCop FXCop provides means of automatic testing of .NET-integrations to find out if they meet Microsoft .NET Framework Design Guidelines rules. The compiled code is tested with the help of reflection mechanism, MSIL parsing and analysis of the call graph. As the result FxCop can detect more than 200 defects (or errors) in the following spheres: • The library's architecture; • Localization; • Naming rules; • Performance; • Security. FxCop supports the possibility of creating your own rules with the help of special SDK. FxCop can work both in the graphical interface and in the command line. 15. JavaChecker JavaChecker is a static analyzer of Java programs based on TermWare technology. This tool allows you to detect such code defects as: • Careless handling of exceptions (empty catch-blocks, generating of exceptions of general type etc); • Hiding of names (for example, when the name of a class member coincides with the name of a formal method parameter); • Style violation (you can define a programming style using a set of regular expressions); • Violation of standard use contracts (for example, when equals method is redefined instead of hashCode); • Synchronization violation (for example, when access to a synchronized variable is situated outside the synchronized block). The set of tests can be controlled by using control comments. JavaChecker can be called from ANT script. 16. Simian Simian is an analyzer of similarity which searches repeating syntax in several files simultaneously. The program understands syntax of different programming languages including C#, T-SQL, JavaScript and Visual Basic®, and can also search repeating sections in text files. A lot of setting possibilities allow you to set precise rules of searching doubling code. For example, threshold parameter estimates how many repeating code strings should be considered to be a doublet. Simian is a small tool developed for effective search of code repetitions. It lacks graphical interface but it can be launched in the command line or called programmatically. The results are printed in text mode and can be represented in one of the embedded formats (for example, XML). Although its poor interface and limited possibilities of result print demand some learning, it helps to keep integrity and efficiency of the product. Simian can be used to search repeating code both in small and large projects. Repeating code makes a project less supportable and updatable. You may use Simian for quick search of doubling code sections in many files simultaneously. As Simian can be launched in the command line it
can be included into the building process to receive warning messages and stop the process if some code sections are repeated. Conclusion So, in this article we've discussed source code static analyzers which serve as auxiliary tools for a programmer. All the tools are different and help to detect various types of security vulnerabilities in programs. We could conclude that static analyzers must be precise and sensitive. But unfortunately, static debugging means cannot guarantee 100% safety. References 1. Alexey Kolosov. Using Static Analysis in Program Development. 2. http://www.viva64.com/art-2-2-681473622.html 3. Brian Goetz. Kill bugs dead. http://www.viva64.com/go.php?url=159 4. Crispin Cowan. Security of open code systems. http://www.viva64.com/go.php?url=160 5. Pavel Zuev. About computer security. http://www.viva64.com/go.php?url=161 6. S.S. Gaysaryan, A.V. Chernov, A.A. Belevantsev, O.R. Malikov, D.M. Melnik, A.V. Menshikova. About some tasks of program analysis and transofrmation. http://www.viva64.com/go.php?url=162

Recommended

PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio
 
Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...
IJECEIAES
 
Testing parallel programs
Testing parallel programsTesting parallel programs
Testing parallel programs
PVS-Studio
 
Using PHPStan with Laravel App
Using PHPStan with Laravel AppUsing PHPStan with Laravel App
Using PHPStan with Laravel App
Muhammad Shehata
 
Information sheet PVS-Studio
Information sheet PVS-StudioInformation sheet PVS-Studio
Information sheet PVS-Studio
PVS-Studio
 
Interactive debugging system
Interactive debugging systemInteractive debugging system
Interactive debugging system
Florence priyadarshini
 
Fuzz
FuzzFuzz
Fuzz
Sunny Summer
 
20100309 03 - Vulnerability analysis (McCabe)
20100309 03 - Vulnerability analysis (McCabe)20100309 03 - Vulnerability analysis (McCabe)
20100309 03 - Vulnerability analysis (McCabe)
LeClubQualiteLogicielle
 

Recommended

PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio
 
Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...
IJECEIAES
 
Testing parallel programs
Testing parallel programsTesting parallel programs
Testing parallel programs
PVS-Studio
 
Using PHPStan with Laravel App
Using PHPStan with Laravel AppUsing PHPStan with Laravel App
Using PHPStan with Laravel App
Muhammad Shehata
 
Information sheet PVS-Studio
Information sheet PVS-StudioInformation sheet PVS-Studio
Information sheet PVS-Studio
PVS-Studio
 
Interactive debugging system
Interactive debugging systemInteractive debugging system
Interactive debugging system
Florence priyadarshini
 
Fuzz
FuzzFuzz
Fuzz
Sunny Summer
 
20100309 03 - Vulnerability analysis (McCabe)
20100309 03 - Vulnerability analysis (McCabe)20100309 03 - Vulnerability analysis (McCabe)
20100309 03 - Vulnerability analysis (McCabe)
LeClubQualiteLogicielle
 
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsAVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
Dongsun Kim
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++
PVS-Studio
 
Mobile application security
Mobile application securityMobile application security
Mobile application security
Shubhneet Goel
 
Parallel Lint
Parallel LintParallel Lint
Parallel Lint
PVS-Studio
 
Improving Bug Tracking Systems
Improving Bug Tracking SystemsImproving Bug Tracking Systems
Improving Bug Tracking Systems
Rahul Premraj
 
Using Grammar Extracted from Sample Inputs to Generate Effective Fuzzing Files
Using Grammar Extracted from Sample Inputs to Generate Effective Fuzzing FilesUsing Grammar Extracted from Sample Inputs to Generate Effective Fuzzing Files
Using Grammar Extracted from Sample Inputs to Generate Effective Fuzzing Files
CSCJournals
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
PVS-Studio
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence Flaws
IJTET Journal
 
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSPROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
ijcsit
 
iFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program RepairiFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program Repair
Dongsun Kim
 
How to do code review and use analysis tool in software development
How to do code review and use analysis tool in software developmentHow to do code review and use analysis tool in software development
How to do code review and use analysis tool in software development
Mitosis Technology
 
A Survey of Symbolic Execution Tools
A Survey of Symbolic Execution ToolsA Survey of Symbolic Execution Tools
A Survey of Symbolic Execution Tools
CSCJournals
 
SE2_Lec 21_ TDD and Junit
SE2_Lec 21_ TDD and JunitSE2_Lec 21_ TDD and Junit
SE2_Lec 21_ TDD and Junit
Amr E. Mohamed
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
Andrey Karpov
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
PVS-Studio
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Tyler Shields
 
Ids 008 buffer overflow
Ids 008 buffer overflowIds 008 buffer overflow
Ids 008 buffer overflow
jyoti_lakhani
 
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug LocalizationBench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Dongsun Kim
 
Use of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In PythonUse of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In Python
Waqas Tariq
 
Evaluating software vulnerabilities using fuzzing methods
Evaluating software vulnerabilities using fuzzing methods Evaluating software vulnerabilities using fuzzing methods
Evaluating software vulnerabilities using fuzzing methods
Victor Ionel
 
Of complicacy of programming, or won't C# save us?
Of complicacy of programming, or won't C# save us?Of complicacy of programming, or won't C# save us?
Of complicacy of programming, or won't C# save us?
PVS-Studio
 
Static analysis of C++ source code
Static analysis of C++ source codeStatic analysis of C++ source code
Static analysis of C++ source code
PVS-Studio
 

More Related Content

What's hot

AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsAVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
Dongsun Kim
 
Mobile application security
Mobile application securityMobile application security
Mobile application security
Shubhneet Goel
 
Using Grammar Extracted from Sample Inputs to Generate Effective Fuzzing Files
Using Grammar Extracted from Sample Inputs to Generate Effective Fuzzing FilesUsing Grammar Extracted from Sample Inputs to Generate Effective Fuzzing Files
Using Grammar Extracted from Sample Inputs to Generate Effective Fuzzing Files
CSCJournals
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence Flaws
IJTET Journal
 
iFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program RepairiFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program Repair
Dongsun Kim
 
A Survey of Symbolic Execution Tools
A Survey of Symbolic Execution ToolsA Survey of Symbolic Execution Tools
A Survey of Symbolic Execution Tools
CSCJournals
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
Andrey Karpov
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Tyler Shields
 
Use of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In PythonUse of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In Python
Waqas Tariq
 
Evaluating software vulnerabilities using fuzzing methods
Evaluating software vulnerabilities using fuzzing methods Evaluating software vulnerabilities using fuzzing methods
Evaluating software vulnerabilities using fuzzing methods
Victor Ionel
 

What's hot (20)

AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis ViolationsAVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
 
PVS-Studio for Visual C++
PVS-Studio for Visual C++PVS-Studio for Visual C++
PVS-Studio for Visual C++
 
Mobile application security
Mobile application securityMobile application security
Mobile application security
 
Parallel Lint
Parallel LintParallel Lint
Parallel Lint
 
Improving Bug Tracking Systems
Improving Bug Tracking SystemsImproving Bug Tracking Systems
Improving Bug Tracking Systems
 
Using Grammar Extracted from Sample Inputs to Generate Effective Fuzzing Files
Using Grammar Extracted from Sample Inputs to Generate Effective Fuzzing FilesUsing Grammar Extracted from Sample Inputs to Generate Effective Fuzzing Files
Using Grammar Extracted from Sample Inputs to Generate Effective Fuzzing Files
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence Flaws
 
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONSPROP - P ATRONAGE OF PHP W EB A PPLICATIONS
PROP - P ATRONAGE OF PHP W EB A PPLICATIONS
 
iFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program RepairiFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program Repair
 
How to do code review and use analysis tool in software development
How to do code review and use analysis tool in software developmentHow to do code review and use analysis tool in software development
How to do code review and use analysis tool in software development
 
A Survey of Symbolic Execution Tools
A Survey of Symbolic Execution ToolsA Survey of Symbolic Execution Tools
A Survey of Symbolic Execution Tools
 
SE2_Lec 21_ TDD and Junit
SE2_Lec 21_ TDD and JunitSE2_Lec 21_ TDD and Junit
SE2_Lec 21_ TDD and Junit
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
Regular use of static code analysis in team development
Regular use of static code analysis in team developmentRegular use of static code analysis in team development
Regular use of static code analysis in team development
 
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned SoftwareBlackhat Europe 2009 - Detecting Certified Pre Owned Software
Blackhat Europe 2009 - Detecting Certified Pre Owned Software
 
Ids 008 buffer overflow
Ids 008 buffer overflowIds 008 buffer overflow
Ids 008 buffer overflow
 
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug LocalizationBench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
 
Use of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In PythonUse of Cell Block As An Indent Space In Python
Use of Cell Block As An Indent Space In Python
 
Evaluating software vulnerabilities using fuzzing methods
Evaluating software vulnerabilities using fuzzing methods Evaluating software vulnerabilities using fuzzing methods
Evaluating software vulnerabilities using fuzzing methods
 

Viewers also liked

Viewers also liked (20)

Of complicacy of programming, or won't C# save us?
Of complicacy of programming, or won't C# save us?Of complicacy of programming, or won't C# save us?
Of complicacy of programming, or won't C# save us?
 
Static analysis of C++ source code
Static analysis of C++ source codeStatic analysis of C++ source code
Static analysis of C++ source code
 
The reasons why 64-bit programs require more stack memory
The reasons why 64-bit programs require more stack memoryThe reasons why 64-bit programs require more stack memory
The reasons why 64-bit programs require more stack memory
 
Development of resource-intensive applications in Visual C++
Development of resource-intensive applications in Visual C++Development of resource-intensive applications in Visual C++
Development of resource-intensive applications in Visual C++
 
Lesson 10. Pattern 2. Functions with variable number of arguments
Lesson 10. Pattern 2. Functions with variable number of argumentsLesson 10. Pattern 2. Functions with variable number of arguments
Lesson 10. Pattern 2. Functions with variable number of arguments
 
Safety of 64-bit code
Safety of 64-bit codeSafety of 64-bit code
Safety of 64-bit code
 
Static code analysis and the new language standard C++0x
Static code analysis and the new language standard C++0xStatic code analysis and the new language standard C++0x
Static code analysis and the new language standard C++0x
 
Explanations to the article on Copy-Paste
Explanations to the article on Copy-PasteExplanations to the article on Copy-Paste
Explanations to the article on Copy-Paste
 
Lesson 1. What 64-bit systems are
Lesson 1. What 64-bit systems areLesson 1. What 64-bit systems are
Lesson 1. What 64-bit systems are
 
Lesson 14. Pattern 6. Changing an array's type
Lesson 14. Pattern 6. Changing an array's typeLesson 14. Pattern 6. Changing an array's type
Lesson 14. Pattern 6. Changing an array's type
 
Lesson 9. Pattern 1. Magic numbers
Lesson 9. Pattern 1. Magic numbersLesson 9. Pattern 1. Magic numbers
Lesson 9. Pattern 1. Magic numbers
 
Lesson 26. Optimization of 64-bit programs
Lesson 26. Optimization of 64-bit programsLesson 26. Optimization of 64-bit programs
Lesson 26. Optimization of 64-bit programs
 
An eternal question of timing
An eternal question of timingAn eternal question of timing
An eternal question of timing
 
Analysis of the Ultimate Toolbox project
Analysis of the Ultimate Toolbox projectAnalysis of the Ultimate Toolbox project
Analysis of the Ultimate Toolbox project
 
Introduction into 64 bits for the beginners or where's again the 64-bit world?
Introduction into 64 bits for the beginners or where's again the 64-bit world?Introduction into 64 bits for the beginners or where's again the 64-bit world?
Introduction into 64 bits for the beginners or where's again the 64-bit world?
 
The forgotten problems of 64-bit programs development
The forgotten problems of 64-bit programs developmentThe forgotten problems of 64-bit programs development
The forgotten problems of 64-bit programs development
 
How we test the code analyzer
How we test the code analyzerHow we test the code analyzer
How we test the code analyzer
 
Comparing capabilities of PVS-Studio and Visual Studio 2010 in detecting defe...
Comparing capabilities of PVS-Studio and Visual Studio 2010 in detecting defe...Comparing capabilities of PVS-Studio and Visual Studio 2010 in detecting defe...
Comparing capabilities of PVS-Studio and Visual Studio 2010 in detecting defe...
 
Optimization of 64-bit programs
Optimization of 64-bit programsOptimization of 64-bit programs
Optimization of 64-bit programs
 
The essence of the VivaCore code analysis library
The essence of the VivaCore code analysis libraryThe essence of the VivaCore code analysis library
The essence of the VivaCore code analysis library
 

Similar to Detection of vulnerabilities in programs with the help of code analyzers

SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
IJNSA Journal
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
IJNSA Journal
 
S D D Program Development Tools
S D D Program Development ToolsS D D Program Development Tools
S D D Program Development Tools
gavhays
 
Automatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulatorsAutomatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulators
UltraUploader
 

Similar to Detection of vulnerabilities in programs with the help of code analyzers (20)

SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
 
A Survey Of Systems For Detecting Serial Run-Time Errors
A Survey Of Systems For Detecting Serial Run-Time ErrorsA Survey Of Systems For Detecting Serial Run-Time Errors
A Survey Of Systems For Detecting Serial Run-Time Errors
 
What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?What's the Difference Between Static Analysis and Compiler Warnings?
What's the Difference Between Static Analysis and Compiler Warnings?
 
Top 10 static code analysis tool
Top 10 static code analysis toolTop 10 static code analysis tool
Top 10 static code analysis tool
 
Reverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentalsReverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentals
 
Introduction to system programming
Introduction to system programmingIntroduction to system programming
Introduction to system programming
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable codenullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
 
Software Reverse Engineering in a Security Context
Software Reverse Engineering in a Security ContextSoftware Reverse Engineering in a Security Context
Software Reverse Engineering in a Security Context
 
The App Sec How-To: Choosing a SAST Tool
The App Sec How-To: Choosing a SAST ToolThe App Sec How-To: Choosing a SAST Tool
The App Sec How-To: Choosing a SAST Tool
 
Assignment1
Assignment1Assignment1
Assignment1
 
S D D Program Development Tools
S D D Program Development ToolsS D D Program Development Tools
S D D Program Development Tools
 
Secure coding-guidelines
Secure coding-guidelinesSecure coding-guidelines
Secure coding-guidelines
 
Automatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulatorsAutomatic reverse engineering of malware emulators
Automatic reverse engineering of malware emulators
 
Project in malware analysis:C2C
Project in malware analysis:C2CProject in malware analysis:C2C
Project in malware analysis:C2C
 
UNIT 3.1 INTRODUCTON TO IDA.ppt
UNIT 3.1 INTRODUCTON TO IDA.pptUNIT 3.1 INTRODUCTON TO IDA.ppt
UNIT 3.1 INTRODUCTON TO IDA.ppt
 
test
testtest
test
 
test
testtest
test
 

Recently uploaded

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 

Recently uploaded (20)

Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 

Detection of vulnerabilities in programs with the help of code analyzers

  • 1. Detection of vulnerabilities in programs with the help of code analyzers Author: Elena Haritonova Date: 10.08.2008 Abstract At present there are a lot of tools intended for automating search of program vulnerabilities. This article describes some of them. Introduction Static code analysis is software analysis which deals with the source code of programs and is implemented without real execution of the program being examined. Software often contains various vulnerabilities because of errors in program code. Errors made while developing programs cause program failure and consequently the program cannot work normally: data alteration and contamination often occur as well as program halt or even system halt. Most of the vulnerabilities relate to incorrect processing of input data or not rather strict check of these data. To detect vulnerabilities different tools are used, for example, static analyzers of source program code, which are reviewed in this article. Classification of security vulnerabilities When a requirement of correct work of a program at all possible input data is violated, the so called security vulnerabilities may occur. Security vulnerabilities may result in that one program may be used to overcome security limitations of the whole system. Classification of security vulnerabilities depending on program errors: 1. Buffer overflow. This vulnerability occurs because of absence of control over excess of array size in memory during program execution. When too a large data burst overflows a buffer of a limited size, the content of outside memory cells is rewritten and program halt occurs. Depending on the place of the buffer's location in the process's memory, stack buffer overflow, heap buffer overflow and bss buffer overflow can be distinguished. 2. Tainted input vulnerability. Tainted input vulnerability can occur when data input by the user without sufficient control are passed to an interpreter of some outer language (usually it is Unix shell or SQL). In this case the user can define the input data in that way that the launched interpreter executes some other command than that meant by the authors of the vulnerable program. 3. Format string vulnerability. This type of security vulnerabilities is a subclass of tainted input vulnerability. It occurs because of insufficient control over parameters while using functions of format input-output printf, fprintf, scanf etc of the standard C library. These functions receive a symbol string as one of the parameters defining input or output format of following arguments
  • 2. of the function. If the user can define the format type himself, this vulnerability may occur as the result of an unlucky use of string formatting functions. 4. Vulnerabilities resulting from race condition errors. Problems relating to multitasking cause situations called "race conditions": a program not intended to be executed in a multitask environment can suppose that, for example, files used by it while working cannot be changed by another program. As the result, an intruder who substitutes the content of these working files can make the program perform certain actions. Of course, there exist other types of security vulnerabilities. Review of existing analyzers To detect security vulnerabilities in programs the following tools are used: • Dynamic debuggers - tools which allow you to perform debugging of a program during its execution. • Static analyzers (static debuggers) - tools using information collected during static analysis of a program. Static analyzers point out those sections in a program where an error may occur. These suspicious sections of the code may both contain an error and be useless at all. Some of the existing static analyzers are reviewed in this article. Let's discuss each of them in detail. 1. BOON BOON tool, being based on deep semantic analysis, automates the process of scanning source C texts to detect vulnerable sections which can cause buffer overflow. It detects possible defects supposing that some values are part of an implicit type with a concrete buffer's size. 2. CQual CQual is a tool to detect errors in C programs. The program introduces additional type qualifiers defined by the user to C language. The programmer comments his program with corresponding qualifiers and cqual searches errors. Incorrect annotations indicate possible errors. Cqual can be used to detect possible format string vulnerability. 3. MOPS MOPS (MOdel checking Programs for Security) is a tool to search security vulnerabilities in C programs. It is intended for dynamic patch to make a C program correspond to a static model. MOPS uses a software auditing model which is meant to find out if the program observes a set of rules defined to create safe programs. 4. ITS4, RATS, PScan, Flawfinder To detect buffer overflow errors and format string errors the following static analyzers are used: 1. ITS4. A simple tool which scans source C/C++ code to detect potential security vulnerabilities. It records calls of potentially unsafe functions, for example, such as strcpy/memcpy and performs surface semantic analysis trying to estimate if this code is unsafe and also provides advice of improving it. 2. RATS. RATS utility (Rough Auditing Tool for Security) processes C/C++ code and Perl, PHP and Python scripts. RATS scans source code detecting potentially unsafe function calls. The aim of
  • 3. this tool is not the final detection of errors but making valid conclusions for a specialist to perform manual check of the code. RATS combines different kinds of security check from semantic check in ITS4 to deep semantic analysis to find defects received from MOPS which can cause buffer overflow. 3. PScan. It scans source C texts to detect potentially incorrect functions similar to printf and format string vulnerabilities. 4. Flawfinder. Like RATS this is a static scanner of source C/C++ program texts. It searches functions which are very often used incorrectly, assigns risk coefficients to them (relying on such information as parameters passed) and composes a list of potential vulnerabilities arranging them according to the risk level. All these tools are similar and use only lexical analysis and simple syntax analysis. That's why the results provided by these programs may contain even 100% of false messages. 5. Bunch Bunch is a tool of analysis and visualization of C programs building a graph of dependencies which help the auditor to examine the modular structure of the program. 6. UNO UNO is a simple analyzer of source code. It was developed to detect such errors as unassigned variables, zero pointers and excess of array limits. UNO allows you to perform simple analysis of execution thread and data threads, both intra- and interprocedure analysis, specify the user properties. But this tool cannot be used for analysis of real applications, doesn't support many standard libraries and doesn't allow you to analyze however serious programs at the present stage of development. 7. FlexeLint (PC-Lint) FlexeLint (PC-Lint) - this analyzer is intended for analyzing source code to detect different type errors. The program performs semantic analysis of source code, analysis of data and execution threads. When the work is done, messages of several types are shown: • A zero pointer is possible; • Problems of memory allocation (for example free() after malloc() is absent); • Problem of execution thread (for example, the code is inaccessible); • Buffer overflow or arithmetic overflow are possible; • Warning messages about bad and potentially unsafe code style. 8. Viva64 Viva64 tool which helps a specialist to detect in the source code of C/C++ programs potentially unsafe sections relating to porting from 32-bit systems on 64-bit ones. Viva64 integrates into Microsoft Visual Studio 2005/2008 what provides convenient work with this tool. The analyzer helps to write correct and optimized code for 64-bit systems. 9. Parasoft C++test Parasoft C++test is a specialized tool for Windows allowing you to automate analysis of C++ code quality. C++test package analyzes the project and generates the code intended for checking items of the project. C++test package performs very important work of analyzing C++ classes. When the project is loaded it is necessary to set testing methods. The software analyzes each argument of a method and returns types of corresponding values. Argument values are assigned by default in case of data of simple types; you
  • 4. can define testing data for types and classes defined by the user. You can redefine C++test arguments used by default and assign values received as the result of the test. We should mention also that C++test can test incomplete code. The software generates stub-code for any method and function which doesn't exist yet. It supports imitation of external devices and input data defined by the user. The both functions allow you to perform retesting. When testing parameters are defined for all the methods, C++test package is ready to launch the executed code. The package generates test-code calling Visual C++ compiler to create it. You can implement tests on method, class, file and project levels. 10. Coverity Coverity tools are used to detect and correct security and quality defects in applications of critical purpose. Coverity company's technology removes barriers in writing and introducing complex software by automating the process of searching and correcting critical program errors and security vulnerabilities during development. Coverity company's tool can process tens of millions of code strings with a minimum positive error providing full trace coverage. 11. KlocWork K7 Klocwork company's products are intended for automatic static code analysis, detection and prevention of software defects and security problems. Tools of this company are used to detect basic reasons of software quality and security vulnerabilities, to control and prevent these defects during the whole development process. 12. Frama-C Frama-C is an open, integrated set of tools for analyzing C source code. The set includes ACSL (ANSI/ISO C Specification Language) - a special language allowing you to describe specifications of C functions in detail, for example, define the range of acceptable input values of a function and the range of normal output values. This toolkit helps to: • Perform formal code test; • Search potential execution errors; • Perform code auditing or reviewing; • Perform reverse-engineering of the code to understand the structure better; • Generate formal documentation. 13. CodeSurfer CodeSurfer is a tool for program analysis, the main aim of which is not to search security vulnerability errors. Its main advantages are: • Pointer analysis; • Different analyses of the data thread (use and definition of variables, data dependency, building of the call graph); • Scripting language. CodeSurfer can be used to detect errors in source code, to make source code clearer, and to reengineer programs. Within the framework of CodeSurfer a prototype of a tool to detect security vulnerabilities has been developed, but the developed tool is used only by the developers of the organization.
  • 5. 14. FxCop FXCop provides means of automatic testing of .NET-integrations to find out if they meet Microsoft .NET Framework Design Guidelines rules. The compiled code is tested with the help of reflection mechanism, MSIL parsing and analysis of the call graph. As the result FxCop can detect more than 200 defects (or errors) in the following spheres: • The library's architecture; • Localization; • Naming rules; • Performance; • Security. FxCop supports the possibility of creating your own rules with the help of special SDK. FxCop can work both in the graphical interface and in the command line. 15. JavaChecker JavaChecker is a static analyzer of Java programs based on TermWare technology. This tool allows you to detect such code defects as: • Careless handling of exceptions (empty catch-blocks, generating of exceptions of general type etc); • Hiding of names (for example, when the name of a class member coincides with the name of a formal method parameter); • Style violation (you can define a programming style using a set of regular expressions); • Violation of standard use contracts (for example, when equals method is redefined instead of hashCode); • Synchronization violation (for example, when access to a synchronized variable is situated outside the synchronized block). The set of tests can be controlled by using control comments. JavaChecker can be called from ANT script. 16. Simian Simian is an analyzer of similarity which searches repeating syntax in several files simultaneously. The program understands syntax of different programming languages including C#, T-SQL, JavaScript and Visual Basic®, and can also search repeating sections in text files. A lot of setting possibilities allow you to set precise rules of searching doubling code. For example, threshold parameter estimates how many repeating code strings should be considered to be a doublet. Simian is a small tool developed for effective search of code repetitions. It lacks graphical interface but it can be launched in the command line or called programmatically. The results are printed in text mode and can be represented in one of the embedded formats (for example, XML). Although its poor interface and limited possibilities of result print demand some learning, it helps to keep integrity and efficiency of the product. Simian can be used to search repeating code both in small and large projects. Repeating code makes a project less supportable and updatable. You may use Simian for quick search of doubling code sections in many files simultaneously. As Simian can be launched in the command line it
  • 6. can be included into the building process to receive warning messages and stop the process if some code sections are repeated. Conclusion So, in this article we've discussed source code static analyzers which serve as auxiliary tools for a programmer. All the tools are different and help to detect various types of security vulnerabilities in programs. We could conclude that static analyzers must be precise and sensitive. But unfortunately, static debugging means cannot guarantee 100% safety. References 1. Alexey Kolosov. Using Static Analysis in Program Development. 2. http://www.viva64.com/art-2-2-681473622.html 3. Brian Goetz. Kill bugs dead. http://www.viva64.com/go.php?url=159 4. Crispin Cowan. Security of open code systems. http://www.viva64.com/go.php?url=160 5. Pavel Zuev. About computer security. http://www.viva64.com/go.php?url=161 6. S.S. Gaysaryan, A.V. Chernov, A.A. Belevantsev, O.R. Malikov, D.M. Melnik, A.V. Menshikova. About some tasks of program analysis and transofrmation. http://www.viva64.com/go.php?url=162