Editing
Free Static Source analysis
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
Knowledge of the masses static software analysis. While the idea isn't new, http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code-search/ , but taking it to the next level. ==Goals== The Phases below seem directed toward finding exploits by analysis of 3rd party open source code. To me what is more interesting is finding errors in dynamically typed languages such as Python before runtime. For instance it's very painful live-coding a Python program with many code paths, when a typo in a variable name will not be uncovered until that block of code is reached (at which point there is a fatal error). The first thing a static analysis tool should do is trace all paths of a Python program looking for possible unbound variables. ==Phases== Phase 0: Find best secure programmatic practices for major languages and discover public code repository search engines. Phase 1: Use queries to file bugs against found culprits. Create queries for google code search Store the results of the query in the following form Project url Url to offending file Language Offending lines of code Date proposed vulnerability was discovered Database entities required for review Manual review required Which OWASP Top 10 offender Which OWASP secure programming practice not followed Reviewer Project URL Project contact information Create queries for github Create queries for koders Phase 2: Write up simple automation code to product daily/weekly/annum metrics. Create site to input vulnerabilities Create input forms and db backend Create pages which show vulnerability Create cute little pie charts summarizing overall data trends from manual entry vs. search engine automation Phase 2.5: Steal underwear Phase 3: ? Phase 4: Profit == Queries which need to be refined == PHP http://google.com/codesearch?hl=en&lr=&q=echo.*\$_(GET|POST).* http://www.google.com/codesearch?hl=en&lr=&q=SELECT+\*+FROM+'\.\$_GET Python http://www.google.com/codesearch?hl=en&lr=&q=eval+lang:python&sbtn=Search Java http://www.google.com/codesearch?hl=en&lr=&q=.*executeQuery.*getParameter.* http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter* http://www.google.com/codesearch?hl=en&lr=&q=%22%3C%3D+65553%22&btnG=Search Perl http://www.google.com/codesearch?hl=en&lr=&q=0xfffffff[^0-9a-f]&btnG=Search C http://google.com/codesearch?hl=en&num=0&sa=N&filter=0&q=%22strcpy(%22&ct=rr&cs_r=broken_re http://google.com/codesearch?hl=en&num=1953392943&sa=N&filter=0&q=%22strcpy(buf%22&ct=rr&cs_r=broken_re http://www.google.com/codesearch?hl=en&lr=&q=\[sizeof\(.*\)\]\+*%3D\+*'%3F\\%3F0'%3F;$&btnG=Search http://www.google.com/codesearch?hl=en&lr=&q=^[\+\t]*printf\(getenv&btnG=Search http://www.google.com/codesearch?hl=en&lr=&q=%22if+(errno+%3D+E%22&btnG=Search http://www.google.com/codesearch?hl=en&lr=&q=getopt%20+%20%20%20argc%20%20+%20argv%20%20+%20%20%22%20%20%20%22%20%20;&btnG=Search#8402756288336228965 Javascript http://www.google.com/codesearch?q=lang:javascript++%22alert(%22 Generic http://www.google.com/codesearch?q=%22Response.Write(%22 http://www.google.com/codesearch?q=%22getRequest().getParameter(%22 http://www.google.com/codesearch?q=%22getRequest().getRequestURI();%22 http://www.google.com/codesearch?q=this.getID() http://www.google.com/codesearch?q=%22.GetHtml(%22 http://www.google.com/codesearch?q=%22.getParameterMap()%22 == Sources of information: == http://en.wikipedia.org/wiki/Rice's_theorem http://en.wikipedia.org/wiki/Static_code_analysis http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis http://www.fortify.com/vulncat/en/vulncat/ http://www.irccrew.org/~cras/security/c-guide.html http://www.gratisoft.us/todd/papers/strlcpy.html http://pintday.org/whitepapers/bugme1.shtml http://www.google.com/search?hl=en&safe=off&q=secure+programming+strcpy&aq=f&aqi=&aql=&oq=&gs_rfai= http://stackoverflow.com/questions/1149447/perl-code-security-scanner-other-than-rats-must-be-static http://docs.google.com/viewer?a=v&q=cache:WCXJlohndwEJ:www.gnucitizen.org/static/blog/2008/04/php-code-analysis-real-world-examples.pdf+static+analysis+sql+xss+fopen&hl=en&gl=us&pid=bl&srcid=ADGEESh9Sk1GchoTY5ck6SWzVswn5ATUPk33aHh7H7cGIXclbqjle-95xWqU36Zt8jXhQucTFeDc-EXi7y3X3RFaFmV8aRIikbTsCxANDUg8D-kt90f0rt73PBqmxvxtcGdMn4gEVw9t&sig=AHIEtbQ8DPTd8JLr7LY2_mmiCqgYA1Yijg http://www.arcert.gov.ar/webs/textos/secure_webdev-3.0.pdf
Summary:
Please note that all contributions to Noisebridge are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see
Noisebridge:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Log in
Request account
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Dig in!
Noisebridge
- Status: MOVED
- Donate
- ABOUT
- Accessibility
- Vision
- Blog
Manual
MANUAL
Visitors
Participation
Community Standards
Channels
Operations
Events
EVENTS
Guilds
GUILDS
- Meta
- Electronics
- Fabrication
- Games
- Music
- Library
- Neuro
- Philosophy
- Funding
- Art
- Crypto
- Documentation/Wiki
Wiki
Recent Changes
Random Page
Help
Categories
(Edit)
Tools
What links here
Related changes
Special pages
Page information