Professional Documents
Culture Documents
Поиск уязвимостей в программах с помощью анализаторов кода
Поиск уязвимостей в программах с помощью анализаторов кода
2008
, . .
, . -
. ,
, , , , .
, : . ,
, ,
, .
, vulnerability).
(security , . :
1.
(buffer overflow).
. , ,
. (stack buffer overflow), (bss buffer overflow). " (tainted input vulnerability). , (heap buffer overflow) " (
2. "
"
Unix shell , 3.
. ,
. . .
:
y y
. . ( ,
, ). , . ,
. .
. .
1. BOON
BOON, , . , . ,
2. CQual
CQual . . , cqual . qual . , .
3. MOPS
MOPS (MOdel checking Programs for Security) . : . MOPS , , , . ,
2. RATS. / ++,
MOPS. printf, , , , ,
. .
100%
5. Bunch
Bunch , . ,
6. UNO
UNO , , , , . . . UNO ,
7. FlexeLint (PC-Lint)
FlexeLint (PC-Lint) . . :
y y y y y
; ( ( , , , free() malloc()); ); ; .
8. Viva64
Viva64, . Viva64 . 64. , Microsoft Visual Studio 2005/2008, 32/ ++64-
9. Parasoft C++test
Parasoft C++test ++. C++. . . ; . , C++test , , . C++test Visual C++. , , . . , . . . C++test, . , C++test . , C++test Windows, ,
10. Coverity
Coverity . Coverity . Coverity , 100.
11. KlocWork K7
Klocwork , . , .
12. Frama-C
Frama-C . , ACSL (ANSI/ISO C Specification Language) , , . :
y y y y y
; ; ; . ;
13. CodeSurfer
CodeSurfer .
y y y
, :
; ( , . , , . CodeSurfer , . ); ,
CodeSurfer
14. FxCop
FXCop Microsoft .NET Framework Design Guidelines. , MSIL 200 (
y y y y y
.NET. ) : FxCop
; ; ; ; .
FxCop FxCop
SDK. , .
15. JavaChecker
JavaChecker Java ,
y y y y
, : catch,
TermWare.
( . . .); ( ); ( ); ,
16. Simian
Simian , . C#, T-SQL, JavaScript Visual Basic, . . , . Simian . ( Simian , , XML). , . Simian . . Simian Simian , , . . , , . ,
(threshold)
, .
, .
, , ,
. .
1. Alexey Kolosov. Using Static Analysis in Program Development. http://www.viva64.com/art-2-2681473622.html 2. . . http://www.viva64.com/go.php?url=163 3. . .http://www.viva64.com/go.php?url=160 4. . . http://www.viva64.com/go.php?url=161 5. . . , . . , . . , . . , . . , . . . . http://www.viva64.com/go.php?url=487