############################################################################### # # # Eksempler på bruk av programmet Rats til kodeanalyse # # # # Addendum til presentasjon holdt 21. september 2005 # # inf329, utvalgte emner i programutviklingsteori # # Institutt for informatikk, Universitetet i Bergen # # Kristian Harms, harms@ii.uib.no # # # # Først presenteres en liten fil med C-kode gjengitt fra læreboken. # # # # Punkt nr 2 er en kjøring av "rats -i eksempel.c". Dette er den vanlige # # måte å kjøre rats på. -i står for input, og angir at rats skal lete # # etter farlige input-funksjoner, da dette er en hyppig feilkilde. # # # # Punkt nr 3 demonstrerer bruken av opsjonen -w, som står for warning. # # Denne angir hvor fintfølende rats skal være med tanke på alvorlighetsgrad: # # * "-w 1" er lite fintfølende -- vil kun vise alvorlige problemer # # * "-w 2" er midddels fintfølende -- vil også vise moderate problemer # # * "-w 3" er fintfølende -- vil i tillegg vise små problemer # # # # Punkt nr 4 demonstrerer bruken av opsjonen -a, som lar brukeren angi # # funksjoner som er ukjent for rats, men som rats likevel skal raportere om. # # # ############################################################################### $ cat eksempel.c void main(int argc, char **argv) { char buf[1024]; char fmt = "%d:%s\n"; int i; FILE *f; buf[0] = 0; for(i=2;i 2) { f = fopen(argv[1], "a+"); start_using_file(f); } else { start_without_file(); } } $ rats -i eksempel.c Entries in perl database: 33 Entries in python database: 62 Entries in c database: 334 Entries in php database: 55 Analyzing eksempel.c eksempel.c:2: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. eksempel.c:8: High: strcat Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. eksempel.c:9: High: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. eksempel.c:10: High: fprintf Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. Total lines analyzed: 20 Total time 0.017325 seconds 1154 lines per second $ rats -w 3 eksempel.c Entries in perl database: 33 Entries in python database: 62 Entries in c database: 334 Entries in php database: 55 Analyzing eksempel.c eksempel.c:2: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. eksempel.c:8: High: strcat Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. eksempel.c:9: High: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. eksempel.c:10: High: fprintf Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. eksempel.c:14: Low: fopen A potential race condition vulnerability exists here. Normally a call to this function is vulnerable only when a match check precedes it. No check was detected, however one could still exist that could not be detected. Total lines analyzed: 20 Total time 0.000295 seconds 67796 lines per second $ rats -a start_using_file -a start_without_file eksempel.c Entries in perl database: 33 Entries in default database: 2 Entries in python database: 62 Entries in c database: 334 Entries in php database: 55 Analyzing eksempel.c eksempel.c:2: High: fixed size local buffer Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks. eksempel.c:8: High: strcat Check to be sure that argument 2 passed to this function call will not copy more data than can be handled, resulting in a buffer overflow. eksempel.c:9: High: getenv Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length. eksempel.c:10: High: fprintf Check to be sure that the non-constant format string passed as argument 2 to this function call does not come from an untrusted source that could have added formatting characters that the code is not prepared to handle. eksempel.c:15: Medium: start_using_file Reporting user specified function eksempel.c:17: Medium: start_without_file Reporting user specified function Total lines analyzed: 20 Total time 0.000314 seconds 63694 lines per second