Exercise 143 Running Fortify SCA in Java

Encoding Code 39 in Java Exercise 143 Running Fortify SCA
Exercise 143 Running Fortify SCA
Creating Code 3 Of 9 In Java
Using Barcode maker for Java Control to generate, create Code39 image in Java applications.
This exercise introduces the Fortify Source Code Analyzer (SCA) You will verify that the tool is properly installed and analyze a small program Subsequent exercises help you understand the output produced by the tool and show you different ways to analyze a real project
Creating Bar Code In Java
Using Barcode generation for Java Control to generate, create bar code image in Java applications.
Exercise 144 Analyze a Single Source File
Barcode Scanner In Java
Using Barcode decoder for Java Control to read, scan read, scan image in Java applications.
1 Change to the following directory:
Encoding ANSI/AIM Code 39 In Visual C#
Using Barcode creator for VS .NET Control to generate, create Code 39 Extended image in Visual Studio .NET applications.
<install_dir>/Tutorial/c/source/winner
Encoding Code-39 In Visual Studio .NET
Using Barcode printer for ASP.NET Control to generate, create Code39 image in ASP.NET applications.
2 Enter the following command:
Code39 Printer In Visual Studio .NET
Using Barcode drawer for .NET Control to generate, create Code 39 Full ASCII image in Visual Studio .NET applications.
sourceanalyzer gcc winnerc
Print USS Code 39 In Visual Basic .NET
Using Barcode printer for VS .NET Control to generate, create Code 39 Full ASCII image in VS .NET applications.
Compare with Expected Results
Drawing Code 128B In Java
Using Barcode generator for Java Control to generate, create Code 128 Code Set B image in Java applications.
1 The output printed to your terminal should look like this:
Generating Barcode In Java
Using Barcode creator for Java Control to generate, create bar code image in Java applications.
[# : low : Unchecked Return Value : semantic ] winnerc(16) : read() [# : medium : String Termination Error : dataflow ] winnerc(21) : ->sprintf(2) winnerc(16) : <- read(1) [# : medium : Memory Leak : control flow ] winnerc(12) : start -> allocated : inBuf = malloc() winnerc(19) : allocated -> leak : #end_scope(inBuf)
Printing GTIN - 13 In Java
Using Barcode drawer for Java Control to generate, create EAN 13 image in Java applications.
Note that the 32-digit hexadecimal instance identifiers have been replaced with a hash mark (#) for readability 2 Compare the output produced from your analysis with the expected output shown here In Exercise 144, we step through each of the issues in detail
UPC-A Supplement 5 Maker In Java
Using Barcode creation for Java Control to generate, create UCC - 12 image in Java applications.
Exercise 144 Understanding Raw Analysis Results
Data Matrix ECC200 Printer In Java
Using Barcode creation for Java Control to generate, create Data Matrix 2d barcode image in Java applications.
This exercise walks you through the results Fortify SCA generates for the small program you analyzed in Exercise 143 You examine the issues generated by the different analyzers that comprise Fortify SCA and then compare the different output formats Fortify SCA can generate
Planet Drawer In Java
Using Barcode generation for Java Control to generate, create USPS Confirm Service Barcode image in Java applications.
14 Source Code Analysis Exercises for C
Printing UCC-128 In .NET Framework
Using Barcode creator for ASP.NET Control to generate, create UCC - 12 image in ASP.NET applications.
Consider the Source Code for winnerc
Making Code 128 Code Set A In .NET
Using Barcode generation for ASP.NET Control to generate, create Code 128 Code Set A image in ASP.NET applications.
The contents of winnerc are listed here:
Create EAN / UCC - 13 In Visual Studio .NET
Using Barcode printer for ASP.NET Control to generate, create EAN / UCC - 13 image in ASP.NET applications.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 #include <stdioh> #include <stdlibh> #include <stringh> #define BUF_SIZE (1024) int main(int argc, char* argv[]) { char* inBuf; char* outBuf; char* fmt = "the winner is: %s"; inBuf = (char*) malloc(BUF_SIZE); if (inBuf == NULL) { return -1; } read(0, inBuf, BUF_SIZE); outBuf = (char*) malloc(BUF_SIZE); if (outBuf == NULL) { return -1; } sprintf(outBuf, fmt, inBuf); fprintf(stdout, "%s\n", outBuf); fprintf(stderr, "%s\n", outBuf); free(inBuf); free(outBuf); }
Data Matrix ECC200 Drawer In Visual C#
Using Barcode generation for .NET framework Control to generate, create Data Matrix 2d barcode image in .NET applications.
Review a Semantic Issue
Barcode Drawer In C#
Using Barcode creator for .NET framework Control to generate, create bar code image in Visual Studio .NET applications.
Figure 1412 highlights the various elements of the Unchecked Return Value issue detected in winnerc
Generate Barcode In .NET
Using Barcode generator for ASP.NET Control to generate, create bar code image in ASP.NET applications.
Unique Identifier
Barcode Printer In VS .NET
Using Barcode encoder for Visual Studio .NET Control to generate, create barcode image in Visual Studio .NET applications.
Severity
Vulnerability Category
Analyzer
[# : low : Unchecked Return Value : semantic ] winnerc(16) : read ()
File Name
Line Number
Vulnerable Function
Figure 1412 Command-line output for a semantic Unchecked Return Value issue
Exercise 144
Unique Identifier The leading hexadecimal number (replaced by a hash mark, #, in this text) is a globally unique identifier, known as an instance identifier These identifiers are computed based on the path the analyzer followed to reach the issue, the type of vulnerability, and other factors that are not affected by small code changes For example, unique identifiers do not depend on line numbers Aside from uniqueness, instance identifiers offer a valuable property: They consistently identify the same issue across multiple analyses and code versions, and can therefore be used to track audited issues over time Severity Because this issue does not, by itself, enable an attack on the program, Fortify SCA ranks its severity as low Vulnerability Category The Unchecked Return Value category reports issues for which a function that returns error information or other important data are used in such a way that its return value is ignored Analyzer The semantic analyzer reported the issue The semantic analyzer views the code in much the same way a compiler would after its semantic analysis phase See the Fortify SCA User s Guide for more information about all the analyzers Filename/Line Number The engine reports the location of the function call with the ignored return value Vulnerable Function The call to read() is the source of the problem
Review a Dataflow Issue
Use Figure 1413 to understand the String Termination Error issue
Unique Identifier Vulnerability Category
Severity
Analyzer
[# : medium : String Termination Error : dataflow ] winnerc(21) : -> sprintf(2) winnerc(16) : <- read(1)
Filename
Line Number
Source
Sink
Figure 1413 Command-line output for a dataflow String Termination Error issue
14 Source Code Analysis Exercises for C
Notice that many of the fields are the same as for the previous semantic issue The meanings of these fields remain the same for dataflow (and for the other types of issues discussed shortly) We take a closer look at fields that did not appear in the semantic issue Dataflow issues are more complex than semantic issues because they involve more than one location in the source code This is a String Termination Error issue, which occurs when an attacker-controlled buffer that might not contain a null terminator is used as though it were guaranteed to be a null-terminated string The dataflow analyzer traces potentially malicious input from the point at which it enters the program to the point at which it can be used as part of an attack Sink The filename, line number, and method name for the sink indicate the place where the attacker-controlled buffer will be used as a string The right arrow (->) following the line number and preceding the function name indicates that tainted data flow into sprintf The number in parentheses after the method name is the parameter number The number 2 means that the attacker can control the third argument to sprintf (numbering starts at 0) In this case, the third argument is the variable inBuf Source The filename, line number, and method name for the source give the place where the attacker-controlled data first enters the program The left arrow (<-) following the line number indicates that read() introduces tainted data The number 1 in parentheses after the function name means that it is the second function argument that holds the tainted data after the function call (numbering starts at 0) In this case, the second argument is the variable inBuf