Editing Free Static Source analysis

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 3: Line 3:


While the idea isn't new, http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code-search/ , but taking it to the next level.
While the idea isn't new, http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code-search/ , but taking it to the next level.
==Goals==
The Phases below seem directed toward finding exploits by analysis of 3rd party open source code. To me what is more interesting is finding errors in dynamically typed languages such as Python before runtime. For instance it's very painful live-coding a Python program with many code paths, when a typo in a variable name will not be uncovered until that block of code is reached (at which point there is a fatal error). The first thing a static analysis tool should do is trace all paths of a Python program looking for possible unbound variables. 
==Phases==


Phase 0:  
Phase 0:  
Line 46: Line 41:
Phase 4:  
Phase 4:  
Profit
Profit
== Queries which need to be refined ==
PHP
http://google.com/codesearch?hl=en&lr=&q=echo.*\$_(GET|POST).*
http://www.google.com/codesearch?hl=en&lr=&q=SELECT+\*+FROM+'\.\$_GET
Python
http://www.google.com/codesearch?hl=en&lr=&q=eval+lang:python&sbtn=Search
Java
http://www.google.com/codesearch?hl=en&lr=&q=.*executeQuery.*getParameter.*
http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter*
http://www.google.com/codesearch?hl=en&lr=&q=%22%3C%3D+65553%22&btnG=Search
Perl
http://www.google.com/codesearch?hl=en&lr=&q=0xfffffff[^0-9a-f]&btnG=Search
C
http://google.com/codesearch?hl=en&num=0&sa=N&filter=0&q=%22strcpy(%22&ct=rr&cs_r=broken_re
http://google.com/codesearch?hl=en&num=1953392943&sa=N&filter=0&q=%22strcpy(buf%22&ct=rr&cs_r=broken_re
http://www.google.com/codesearch?hl=en&lr=&q=\[sizeof\(.*\)\]\+*%3D\+*'%3F\\%3F0'%3F;$&btnG=Search
http://www.google.com/codesearch?hl=en&lr=&q=^[\+\t]*printf\(getenv&btnG=Search
http://www.google.com/codesearch?hl=en&lr=&q=%22if+(errno+%3D+E%22&btnG=Search
http://www.google.com/codesearch?hl=en&lr=&q=getopt%20+%20%20%20argc%20%20+%20argv%20%20+%20%20%22%20%20%20%22%20%20;&btnG=Search#8402756288336228965
Javascript
http://www.google.com/codesearch?q=lang:javascript++%22alert(%22
Generic
http://www.google.com/codesearch?q=%22Response.Write(%22
http://www.google.com/codesearch?q=%22getRequest().getParameter(%22
http://www.google.com/codesearch?q=%22getRequest().getRequestURI();%22
http://www.google.com/codesearch?q=this.getID()
http://www.google.com/codesearch?q=%22.GetHtml(%22
http://www.google.com/codesearch?q=%22.getParameterMap()%22
== Sources of information: ==
http://en.wikipedia.org/wiki/Rice's_theorem
http://en.wikipedia.org/wiki/Static_code_analysis
http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
http://www.fortify.com/vulncat/en/vulncat/
http://www.irccrew.org/~cras/security/c-guide.html
http://www.gratisoft.us/todd/papers/strlcpy.html
http://pintday.org/whitepapers/bugme1.shtml
http://www.google.com/search?hl=en&safe=off&q=secure+programming+strcpy&aq=f&aqi=&aql=&oq=&gs_rfai=
http://stackoverflow.com/questions/1149447/perl-code-security-scanner-other-than-rats-must-be-static
http://docs.google.com/viewer?a=v&q=cache:WCXJlohndwEJ:www.gnucitizen.org/static/blog/2008/04/php-code-analysis-real-world-examples.pdf+static+analysis+sql+xss+fopen&hl=en&gl=us&pid=bl&srcid=ADGEESh9Sk1GchoTY5ck6SWzVswn5ATUPk33aHh7H7cGIXclbqjle-95xWqU36Zt8jXhQucTFeDc-EXi7y3X3RFaFmV8aRIikbTsCxANDUg8D-kt90f0rt73PBqmxvxtcGdMn4gEVw9t&sig=AHIEtbQ8DPTd8JLr7LY2_mmiCqgYA1Yijg
http://www.arcert.gov.ar/webs/textos/secure_webdev-3.0.pdf
Please note that all contributions to Noisebridge are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see Noisebridge:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel Editing help (opens in new window)
Retrieved from "https://www.noisebridge.net/wiki/Free_Static_Source_analysis"