使用Python编写的Flawfinder工具在Linux C++项目中进行了安全扫描,发现多个潜在的安全问题,包括竞态条件、缓冲区溢出和不安全的函数使用等。该工具在不同级别上识别了多个危险函数,并建议使用更安全的替代方法来避免这些风险。报告指出,虽然不是每个找到的问题都构成实际的安全漏洞,但仍然需要审查代码以确保安全性。
下载:
是一个用python编写的检查c/c++源代码的潜在安全编程风险,基于安全编程模式匹配。
环境python2.5上对linux c++工程上试验。
1设置环境变量
export PATH=$PATH:~/flawfinder-1.27/
2
[liangjz@b2b_plat_1367 hummock_trunk]$ flawfinder--minlevel=4--html--followdotdir .> flawfinder.html
3报告(摘录部份)
Flawfinder Results
Here are the security scan results from Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160
Examining ./src/common/Application.hpp
./src/common/Utility.c:255: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach.
./src/common/Utility.c:413: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach.
./src/client/Client.cpp:117: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused).
./src/client/mod_hummock.c:11: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf.
./src/common/Output.cpp:44: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
./src/common/Output.hpp:33: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification.
./src/common/ProcessHandler.cpp:209: [4] (shell) execv: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
./src/server/AreaConf.hpp:393: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate. Use a constant for the format specification.
/src/server/Calc.cpp:265: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused).
./src/server/Hummock.cpp:113: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused).
Hits = 31
Lines analyzed =17787 in1.27 seconds (23198 lines/second)
Physical Source Lines of Code (SLOC) = 16115
Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 29 [5] 2
Hits@level+ = [0+] 31 [1+] 31 [2+] 31 [3+] 31 [4+] 31 [5+] 2
Hits/KSLOC@level+ = [0+] 1.92367 [1+] 1.92367 [2+] 1.92367 [3+] 1.92367 [4+] 1.92367 [5+] 0.124108
Minimum risk level = 4
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
含意是
Hits表示找到31个潜在的攻击
Hits@level是各个级别找到的攻击个数
Hits@level+是各个级别或者以上找到的攻击个数
Minimum risk level风险起点
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
