HP UX Web Development Tools specs

Example 62 Enabling compile time diagnostic messages for potential security vulnerabilities

#include <stdio.h> #include <stdlib.h> char* get_path()

{

return getenv("BLAHBLAH");

}

int main()

{

char* path = get_path(); // line 11

FILE* my_pipe = popen(path, "r"); // line 13 printf ("%p\n", my_pipe);

}

In this case, cadvise generates the following error:

"popen.c", line 13, procedure main: warning #20116-D: (SECURITY) Tainted value may be used as path or file name

++tainted value is returned from 'get_path' called by 'main' at line 11 in file popen.c

For example, see the unsafe loop exit condition in the following code and the warning generated.

int a[100]; int loop(int i)

{

for (int j = 0 ; j < i; j++) // line 5 a[j] = 0;

return a[0];

}

int main()

{

int i;

fread(&i, 1,4,stdin); loop(i);

}

In this case, cadvise generates the following error:

"loop1.c", line 5, procedure loop: warning #20114-D: (SECURITY) Tainted value may be used in loop exit condition computation

++'loop' is called by 'main' at line 14 in file loop1.c

++++ Tainted value is obtained from 'main'

8.6Detecting multi-threaded programming issues

The +wlock option detects multi-threaded programming issues and enables diagnostics for potential errors in using lock/unlock calls in multi-threaded programs that use the pthread library.

The problems detected include acquiring an already acquired lock, releasing an already released lock and unconditionally releasing a lock which has been conditionally acquired. For example, cadvise detects a potential locking error in the following code:

8.6 Detecting multi-threaded programming issues 53

Image 53

HP UX Web Development Tools Detecting multi-threaded programming issues, This case, cadvise generates the following error

Contents

HP Code Advisor C.02.20 User Guide Page Contents Contents About this document Document conventions and symbolsIntended audience Related information Cadvise-help@lists.hp.com HP encourages your comments Cadvise user interface Features FeaturesIntroduction Cadvise user interface $ cadvise cc -c hello.c Advanced static code analysis $ cadvise -pdb ./mypdb +wlint aCC hello.cpp Supported compilers Steps in using cadvise Using CadviseSupported platforms Installing Cadvise Getting started Invoking Cadvise For information on PDB, see Using the Program Database PDB Using Cadvise as a wrapper around Compiler or LinkerSee the following makefile content Integrating Cadvise with the makefiles and build process Example 2 Sample wrapper script Enabling different categories of diagnostic messagesGenerating code complexity metrics Objfile.metrics Example 3 Generating code complexity metrics Generating code complexity metrics $ cat /tmp/example.c Example 4 Code complexity metrics +wcodeguide=rules-library Example 5 Writing a rule to enforce naming convention Source structure in the rules library Using the Program Database PDB Specifying the PDB location PDB options tableDeleting PDB Disabling locks in PDB operations Displaying PDB version Creating a PDB snapshot at a specified locationExample 8 Removing object file information from the PDB Example 9 Creating a PDB snapshot Cross-file analysis options Using cross-file analysisUsage Crossfile=auto Example 15 Specifying the location of object files Diagnostic configuration options table Configuring diagnostic messagesSuppressing warnings selectively Enabling warnings selectively Managing warnings in a source file Interpreting selective warnings as errorsDisabling warnings in a macro Report generation options table Generating reportsCadvise report report-options -pdb pdbdir Cadvise report report-options logfile Generating file summary report Generating summary reportsGenerating detailed report $cadvise report -summary -pdb testpdb -noheader Generating Html report To save reports, run the following commandExample 23 Generating detailed report $ cadvise report -pdb testpdb -all Following example shows the command to generate XML report Printing diagnostics with specific diagnostic numbersGenerating XML report Example 24 Generating an XML report Generating reports based on severity Suppressing diagnostics for specific files$ cadvise report -pdb testpdb -diag Example 26 Generating reports based on severity Reporting program complexity metrics Reporting diagnostics from specific files$ cadvise report -pdb test.pdb -summary -exclude inflate.c $ cadvise report -pdb test.pdb -summary -include inflate.c $ cadvise report -pdb gzip.pdb +metrics -include inflate.c Generating report for a moduleExample 29 Reporting program complexity metrics Suppressing report header Modifying the default severity level of a diagnosticGenerating PDB comparison report $ cadvise report -pdb test.pdb -summary -module test1 $ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -all Example 34 Generating detailed diff report with the header $ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -diag Example 35 Generating diff report for any particular warning $ cadvise -pdb pdb1 cc one.c two.c $ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -severity $ cadvise report -pdb new.pdb -basepdb old.pdb -all Report options file Generate report for migration related warnings Example 42 Generating a report using -migration optionGenerating consolidated report from multiple PDBs Example 41 Report options file Generating PDB diffs with multiple PDBs Recommended process for analyzing the diagnostic messagesReport options interoperability $ cadvise report -pdb 1.pdb2.pdb3.pdb4.pdb -all $ cadvise report -pdb test.pdb -diag 2549 -exclude b.c Example 44 Reporting options interoperabilityExample 45 Ignoring the -includeoption $ cadvise report -pdb test.pdb -summary -include a.cb.c Miscellaneous driver options Example 48 Using -noabortHelp-h-H Example 47 Displaying the list of cadvise options Following command creates the file cadvdir/foo.cad Example 49 Using -nobuild optionExample 51 Using -tee option Following example shows the usage of -nobuildoption Line generates the following messages Example 52 Using +opts filename option Detecting generic programming errors Categories of diagnostics with examplesCategories of diagnostics table Categories of diagnostics with examples Such cases, cadvise generates the following warning Example 53 Null pointer dereference check Such cases, cadvise generates the following warnings Example 54 Potential memory leak check Example 56 Out of scope access Example 55 Out of bound access Example 58 Allocator/deallocator mismatch Such cases, cadvise generates the following errorExample 57 Use of pointer after free Detecting endianness migration issues Detecting 32-bit to 64-bit migraton issuesExample 60 Detecting 32-bit to 64-bit migraton issues Example 59 Signed bit field of length Consider the following code fragment Detecting potential security vulnerabilitiesExample 61 Detecting endian dependent code fragments This case, cadvise generates the following error Detecting multi-threaded programming issues Detecting potential performance improvement opportunities Example 63 Detecting multi-threaded programming issuesRunning cadvise generates the following error Detecting potential performance improvement opportunities Fixing the warnings by source change AC++ standard conformance and compatibility changes Incompatibilities on PA-RISC based systems Index Symbols