Test flawfinder. This program wont compile or run; thats not

/* Test flawfinder. This program won't compile or run; that's
not necessary
for this to be a useful test. */
#include <stdio.h>
#define hello(x) goodbye(x)
#define WOKKA "stuff"
main() {
printf("hellon");
}
/* This is a strcpy(a, "n"); test. */
int demo(char *a, char *b) {
strcpy(a, "n"); // Did this work?
strcpy(a, gettext("Hello there")); // Did this work?
strcpy(b, a);

sprintf(s, "n");
sprintf(s, "hello");
sprintf(s, "hello %s", bug);
sprintf(s, gettext("hello %s"), bug);
sprintf(s, unknown, bug);
printf(bf, x);
scanf("%d", &x);
scanf("%s", s);
scanf("%10s", s);
scanf("%s", s);
gets(f); // Flawfinder: ignore
printf("");
/* Flawfinder: ignore */
gets(f);
gets(f);
/* These are okay, but flawfinder version < 0.20 incorrectly
used
the first parameter as the parameter for the format string */

syslog(LOG_ERR,"cannot open config file (%s):
%s",filename,strerror(errno))
syslog(LOG_CRIT,"malloc() failed");
/* But this one SHOULD trigger a warning. */
syslog(LOG_ERR, attacker_string);
}
demo2() {
char d[20];
char s[20];
int n;
_mbscpy(d,s); /* like strcpy, this doesn't check for buffer
overflow */
memcpy(d,s);
CopyMemory(d,s);

lstrcat(d,s);
strncpy(d,s);
_tcsncpy(d,s);
strncat(d,s,10);
strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as
riskier. */
_tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */
n = strlen(d);
/* This is wrong, and should be flagged as risky: */
MultiByteToWideChar(CP_ACP,0,szName,-
1,wszUserName,sizeof(wszUserName));
/* This is also wrong, and should be flagged as risky: */
1,wszUserName,sizeof wszUserName);
/* This is much better: */
1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0])
);
/* This is much better: */
1,wszUserName,sizeof wszUserName
/sizeof(wszUserName[0]));

/* This is an example of bad code - the third paramer is NULL,
so it creates
a NULL ACL. Note that Flawfinder can't detect when a
SECURITY_DESCRIPTOR structure is manually created
with a NULL value
as the ACL; doing so would require a tool that handles
C/C++
and knows about types more that flawfinder currently does.
Anyway, this needs to be detected: */
SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);
/* This one is a bad idea - first param shouldn't be NULL */
CreateProcess(NULL, "C:Program
FilesGoodGuyGoodGuy.exe -x", "");
/* Test interaction of quote characters */
printf("%cn", 'x');
printf("%cn", '"');
printf("%cn", '"');
printf("%cn", ''');
printf("%cn", '177');
printf("%cn", 'xfe');

printf("%cn", 'xd');
printf("%cn", 'n');
printf("%cn", '');
printf("%cn", "'");
}
int getopt_example(int argc,char *argv[]) {
while ((optc = getopt_long (argc, argv, "a",longopts, NULL
)) != EOF) {
}
}
int testfile() {
FILE *f;
f = fopen("/etc/passwd", "r");
fclose(f);
}

/* Regression test: handle n after end of string */
#define assert(x) {
if (!(x)) {
fprintf(stderr,"Assertion failed.n"
"File: %snLine: %dn"
"Assertion: %snn"
,__FILE__,__LINE__,#x);
exit(1);
};
}
int accesstest() {
int access = 0; /* Not a function call. Should be caught by the
false positive test, and NOT labelled as a
problem. */
}

Page | 1
This document is licensed with a Creative Commons
Attribution 4.0 International License ©2017
CSCE 5565: SECURE SOFTWARE SYSTEMS
LAB 2: SOURCE CODE ANALYSIS
Lab Description
Students are provided with a vulnerable C code. You will
analyze the C
code by using two static analysis tools, e.g., FlawFinder and
cppcheck,
understand their outputs, and correct the vulnerabilities
accordingly.
Lab Goal
The goal of the following laboratory exercises is for you to get
familiar with
source code analysis tools, understand their outputs, and
improve your
code accordingly.

Lab Environment
A personal computer with one of the Linux Operating Systems
installed
(strongly recommend Ubuntu 20.04). You can create an Ubuntu
VM within
VirtualBox.
What to Submit
Students will submit a document with:
1) The screenshot or printout of execution results of step C.
2) Your analysis and comparison description of step D.
3) For step E, write the corrected program, and
printouts/screenshots of
the results of the corrected program running with FlawFinder
and
cppcheck.
4) List the functions you corrected, and write briefly how you
corrected it.
Bonus: Submit the report to Canvas in class.
Reminder
Keep academic integrity in mind! It will be strictly enforced!
Page | 2

This document is licensed with a Creative Commons
Attribution 4.0 International License ©2017 Catalyzing
Computing and Cybersecurity in
Community Colleges (C5).
Lab Exercise
A. Download & install FlawFinder https://github.com/david-a-
wheeler/flawfinder
a. Various installation ways.
b. Hint: two of the easiest installation methods are Python’s
"pip"
or your system's package manage (e.g., apt install …)
B. Download & install cppcheck
a. cppcheck, https://cppcheck.sourceforge.io/
b. usage: https://linux.die.net/man/1/cppcheck
c. Hint: cppcheck –-enable=all <file_name>
C. Use the given “vulnerable_code.c” file as input, Run
FlawFinder and
cppcheck to scan security vulnerabilities.
D. Analyze and compare the results of FlawFinder and cppcheck
on
“vulnerable_code.c”
a. Compare the severity found for similar vulnerability found
b. Compare vulnerabilities that found in each tool that were
similar or different.
E. Modify the programs based on the results of FlawFinder and

cppcheck. Run FlawFinder and cppcheck again to check whether
some of the complaints no longer exist.
a. For the modified “vulnerable_code.c” based on cppcheck, run
it
in FlawFinder.
b. For the modified “vulnerable_code.c” based on FlawFinder,
run
it in cppcheck.

Test flawfinder. This program wont compile or run; thats not

Recomendados

Recomendados

Más contenido relacionado

Similar a Test flawfinder. This program wont compile or run; thats not

Similar a Test flawfinder. This program wont compile or run; thats not (20)

Más de MoseStaton39

Más de MoseStaton39 (20)

Último

Último (20)

Test flawfinder. This program wont compile or run; thats not