Articles & News Stories


of 3
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
  ASSDF  EXPERIMENT NO:01TITLE: Static code analysis using flawfinderDescription:RoyBen Yosef reports that the simplest way to run Flawfinderunder windows is using Python directly. Install Python 2 (version 2.7). and run the flawfinderscript (on the command line). C:\Python27\Python.exe flawfinder   –  H --savehitlist=ReportFolder\hitReport.hit C:\MySourcesF  In the above example you can inspect the results (hit file and html report) in the ReportFolder.Flawfinderis not  a sophisticated tool. It is an intentionally simple tool, but people have found it useful. Flawfinderworks by using a built-in database of C/C++ functions with well-known problems, such as buffer overflow risks (e.g., strcpy(), strcat(), gets(), sprintf(), and the scanf() family), format string problems ([v][f]printf(), [v]snprintf(), and syslog()), race conditions (such as access(), chown(), chgrp(), chmod(), tmpfile(), tmpnam(), tempnam(), and mktemp()), potential shell metacharacter dangers (most of the exec() family, system(), popen()), and poor random number acquisition (such as random()). The good thing is that you don‘t have to create this database -it comes with the tool. Flawfinderthen takes the source code text, and matches the source code text against those names, while ignoring text inside comments and strings (except for flawfinderdirectives). Flawfinderalso knows about gettext(a common library for internationalized programs), and will treat constant strings passed through gettextas though they were constant strings; this reduces the number of false hits in internationalized programs.  Flawfinder produces a list of ―hits‖ (potential security flaws), sorted by risk; by default the riskiest hits are shown first. This risk level depends not only on the function, but on the values of the parameters of the function. For example, constant strings are often less risky than fully variable strings in many contexts. In some


Oct 7, 2019
Similar documents
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!