Free Static Source analysis: Difference between revisions
Jump to navigation
Jump to search
(Created page with 'Knowledge of the masses static software analysis. While the idea isn't new, http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code-search/ , but taking …') |
No edit summary |
||
Line 41: | Line 41: | ||
Phase 4: | Phase 4: | ||
Profit | Profit | ||
== Queries == | |||
PHP | |||
http://google.com/codesearch?hl=en&lr=&q=echo.*\$_(GET|POST).* | |||
http://www.google.com/codesearch?hl=en&lr=&q=SELECT+\*+FROM+'\.\$_GET | |||
Python | |||
http://www.google.com/codesearch?hl=en&lr=&q=eval+lang:python&sbtn=Search | |||
Java | |||
http://www.google.com/codesearch?hl=en&lr=&q=.*executeQuery.*getParameter.* | |||
http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter* | |||
http://www.google.com/codesearch?hl=en&lr=&q=%22%3C%3D+65553%22&btnG=Search | |||
Perl | |||
http://www.google.com/codesearch?hl=en&lr=&q=0xfffffff[^0-9a-f]&btnG=Search | |||
C | |||
http://google.com/codesearch?hl=en&num=0&sa=N&filter=0&q=%22strcpy(%22&ct=rr&cs_r=broken_re | |||
http://google.com/codesearch?hl=en&num=1953392943&sa=N&filter=0&q=%22strcpy(buf%22&ct=rr&cs_r=broken_re | |||
http://www.google.com/codesearch?hl=en&lr=&q=\[sizeof\(.*\)\]\+*%3D\+*'%3F\\%3F0'%3F;$&btnG=Search | |||
http://www.google.com/codesearch?hl=en&lr=&q=^[\+\t]*printf\(getenv&btnG=Search | |||
http://www.google.com/codesearch?hl=en&lr=&q=%22if+(errno+%3D+E%22&btnG=Search | |||
http://www.google.com/codesearch?hl=en&lr=&q=getopt%20+%20%20%20argc%20%20+%20argv%20%20+%20%20%22%20%20%20%22%20%20;&btnG=Search#8402756288336228965 |
Revision as of 12:09, 27 June 2010
Knowledge of the masses static software analysis.
While the idea isn't new, http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code-search/ , but taking it to the next level.
Phase 0:
Find best secure programmatic practices for major languages and discover public code repository search engines.
Phase 1:
Use queries to file bugs against found culprits. Create queries for google code search Store the results of the query in the following form Project url Url to offending file Language Offending lines of code Date proposed vulnerability was discovered Database entities required for review Manual review required Which OWASP Top 10 offender Which OWASP secure programming practice not followed Reviewer Project URL Project contact information Create queries for github Create queries for koders
Phase 2:
Write up simple automation code to product daily/weekly/annum metrics. Create site to input vulnerabilities Create input forms and db backend Create pages which show vulnerability Create cute little pie charts summarizing overall data trends from manual entry vs. search engine automation
Phase 2.5:
Steal underwear
Phase 3:
?
Phase 4: Profit
Queries
PHP
http://google.com/codesearch?hl=en&lr=&q=echo.*\$_(GET%7CPOST).* http://www.google.com/codesearch?hl=en&lr=&q=SELECT+\*+FROM+'\.\$_GET
Python
http://www.google.com/codesearch?hl=en&lr=&q=eval+lang:python&sbtn=Search
Java
http://www.google.com/codesearch?hl=en&lr=&q=.*executeQuery.*getParameter.* http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter* http://www.google.com/codesearch?hl=en&lr=&q=%22%3C%3D+65553%22&btnG=Search
Perl
http://www.google.com/codesearch?hl=en&lr=&q=0xfffffff[^0-9a-f]&btnG=Search
C
http://google.com/codesearch?hl=en&num=0&sa=N&filter=0&q=%22strcpy(%22&ct=rr&cs_r=broken_re http://google.com/codesearch?hl=en&num=1953392943&sa=N&filter=0&q=%22strcpy(buf%22&ct=rr&cs_r=broken_re http://www.google.com/codesearch?hl=en&lr=&q=\[sizeof\(.*\)\]\+*%3D\+*'%3F\\%3F0'%3F;$&btnG=Search http://www.google.com/codesearch?hl=en&lr=&q=^[\+\t]*printf\(getenv&btnG=Search http://www.google.com/codesearch?hl=en&lr=&q=%22if+(errno+%3D+E%22&btnG=Search http://www.google.com/codesearch?hl=en&lr=&q=getopt%20+%20%20%20argc%20%20+%20argv%20%20+%20%20%22%20%20%20%22%20%20;&btnG=Search#8402756288336228965