HP UX Web Development Tools manual Detecting potential security vulnerabilities

Page 52

Example 61 Detecting endian dependent code fragments

Consider the following code fragment.

union Endian { char c[4]; int v;

};

In such cases, cadvise generates the following warning:

"endian1.c", line 2: warning #4289-D: endian porting: the definition of the union may be endian dependent

union Endian {

^

The +wendian option can catch various potential endian dependent data structures and usage. It helps you to locate potential problem spots while porting from little-endian to big endian architecture and vice versa.

8.5 Detecting potential security vulnerabilities

The +wsecurity[=1234] option enables compile time diagnostic messages for potential security vulnerabilities. This option is useful in an environment where you are not trained to detect security vulnerabilities.

With the +wsecurity option, warnings are generated for cases where untrusted (tainted) data may reach a critical reference point in the program. This is based on cross-module analysis performed by the compiler, which is much more powerful compared to simple scanning and parsing tools. The +wsecurity option implicitly enables a limited form of cross-module analysis even if -ipoor +O4 options are not specified. This may lead to a significant increase in the compile time compared to a build without the +wsecurity option. Using this option may result in the compiler invoking optimizations other than those which are part of the specified optimization level. If +wsecurity is used in addition to -ipoor +O4, the generated code is not affected and the compile time does not increase much. The +wsecurity option requires cross module analysis. Hence, you need to specify the location of the PDB using the -pdboption.

The problems detected include use of unsafe APIs, use of unsafe data length argument, unsafe loop exit condition, unsafe file path use, and so on.

For example, see the reference to untrusted file path in the following code:

52 Categories of diagnostics with examples

Image 52

Contents HP Code Advisor C.02.20 User Guide Page Contents Contents Document conventions and symbols About this documentIntended audience Related informationHP encourages your comments Cadvise-help@lists.hp.comFeatures Cadvise user interface FeaturesIntroduction Cadvise user interfaceAdvanced static code analysis $ cadvise cc -c hello.cSupported compilers $ cadvise -pdb ./mypdb +wlint aCC hello.cppUsing Cadvise Steps in using cadviseSupported platforms Installing Cadvise Getting startedInvoking Cadvise Using Cadvise as a wrapper around Compiler or Linker For information on PDB, see Using the Program Database PDBSee the following makefile content Integrating Cadvise with the makefiles and build processGenerating code complexity metrics Enabling different categories of diagnostic messagesExample 2 Sample wrapper script Example 3 Generating code complexity metrics Objfile.metricsGenerating code complexity metrics Example 4 Code complexity metrics $ cat /tmp/example.c+wcodeguide=rules-library Source structure in the rules library Example 5 Writing a rule to enforce naming conventionUsing the Program Database PDB PDB options table Specifying the PDB locationDeleting PDB Disabling locks in PDB operationsCreating a PDB snapshot at a specified location Displaying PDB versionExample 8 Removing object file information from the PDB Example 9 Creating a PDB snapshotUsage Using cross-file analysisCross-file analysis options Crossfile=auto Example 15 Specifying the location of object files Configuring diagnostic messages Diagnostic configuration options tableSuppressing warnings selectively Enabling warnings selectivelyDisabling warnings in a macro Interpreting selective warnings as errorsManaging warnings in a source file Generating reports Report generation options tableCadvise report report-options -pdb pdbdir Cadvise report report-options logfileGenerating summary reports Generating file summary reportGenerating detailed report $cadvise report -summary -pdb testpdb -noheaderTo save reports, run the following command Generating Html reportExample 23 Generating detailed report $ cadvise report -pdb testpdb -allPrinting diagnostics with specific diagnostic numbers Following example shows the command to generate XML reportGenerating XML report Example 24 Generating an XML reportSuppressing diagnostics for specific files Generating reports based on severity$ cadvise report -pdb testpdb -diag Example 26 Generating reports based on severityReporting diagnostics from specific files Reporting program complexity metrics$ cadvise report -pdb test.pdb -summary -exclude inflate.c $ cadvise report -pdb test.pdb -summary -include inflate.cExample 29 Reporting program complexity metrics Generating report for a module$ cadvise report -pdb gzip.pdb +metrics -include inflate.c Modifying the default severity level of a diagnostic Suppressing report headerGenerating PDB comparison report $ cadvise report -pdb test.pdb -summary -module test1Example 34 Generating detailed diff report with the header $ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -allExample 35 Generating diff report for any particular warning $ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -diag$ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -severity $ cadvise -pdb pdb1 cc one.c two.cReport options file $ cadvise report -pdb new.pdb -basepdb old.pdb -allExample 42 Generating a report using -migration option Generate report for migration related warningsGenerating consolidated report from multiple PDBs Example 41 Report options fileRecommended process for analyzing the diagnostic messages Generating PDB diffs with multiple PDBsReport options interoperability $ cadvise report -pdb 1.pdb2.pdb3.pdb4.pdb -allExample 44 Reporting options interoperability $ cadvise report -pdb test.pdb -diag 2549 -exclude b.cExample 45 Ignoring the -includeoption $ cadvise report -pdb test.pdb -summary -include a.cb.cExample 48 Using -noabort Miscellaneous driver optionsHelp-h-H Example 47 Displaying the list of cadvise optionsExample 49 Using -nobuild option Following command creates the file cadvdir/foo.cadExample 51 Using -tee option Following example shows the usage of -nobuildoptionExample 52 Using +opts filename option Line generates the following messagesCategories of diagnostics table Categories of diagnostics with examplesDetecting generic programming errors Categories of diagnostics with examples Example 53 Null pointer dereference check Such cases, cadvise generates the following warningExample 54 Potential memory leak check Such cases, cadvise generates the following warningsExample 55 Out of bound access Example 56 Out of scope accessExample 57 Use of pointer after free Such cases, cadvise generates the following errorExample 58 Allocator/deallocator mismatch Detecting 32-bit to 64-bit migraton issues Detecting endianness migration issuesExample 60 Detecting 32-bit to 64-bit migraton issues Example 59 Signed bit field of lengthExample 61 Detecting endian dependent code fragments Detecting potential security vulnerabilitiesConsider the following code fragment Detecting multi-threaded programming issues This case, cadvise generates the following errorRunning cadvise generates the following error Example 63 Detecting multi-threaded programming issuesDetecting potential performance improvement opportunities Detecting potential performance improvement opportunities Fixing the warnings by source change Incompatibilities on PA-RISC based systems AC++ standard conformance and compatibility changesSymbols Index