Recently, I was reading some stuff on static code analysis. I thought about doing a post on some good static analysis tool/script and started finding some. After some struggle, I found a tool that works great. Since most of the large programs are written in C++, I thought I should go for C++ too. Below is a little experiment and usage of the tool to show how it can be used to find flaws in C++ programs.
This can be of great help for C++ programmers who don’t pay much heed to the security of their programs. I found this tool to be amazing because of how comprehensively it found security bugs in my programs.
Also, many organizations write a lot of C++ code but don’t test it well. This can be the first step in the testing process where you just give the script your codes and get back as many vulnerabilities as the tool can find.
Finding Security Bugs in C++ Programs
Static Code Analysis for C++ programs using FlawFinder
First of all, download FlawFinder from its homepage.
Its a python tool and I really wanted to work with something related to python.
The steps for installation are given on the page. Just install it and run it. Lets see how it performs.
Usage and Results:
So, I wrote a little vulnerable C++ script to see what comes out of flaw finder. Here’s the script.
using namespace std;
cin >> inputs;
Since we are taking input into a string and then doing strcpy, the tool should mark it as a sensitive vulnerability. Lets look at the results after typing “flawfinder test.cpp”.
cppfiles/test.cpp:9: [4(sensitivity out of 5)] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
cppfiles/test.cpp:10:  (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
cppfiles/test.cpp:6:  (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
That’s great, right? Not only does it tell us about the flaws in our program, it also gives us a little description and info on how to mitigate the vulnerability. I tested it with some lengthy scripts and the results were pretty amazing.
That’s it folks.
PS: This tool is not mine and I had no part in developing it. I just found it to be quite good.
Let me know what do you think.