Source Checking Tools

To identify security vulnerabilities as well as common programming mistakes, source-checking tools should be part of the development process. In addition to being simple to use, they can easily be automated as part of the build process. One important note when using source checking tools is that while they can identify flaws, they can also miss them. Therefore, use your best judgment when using the tools, and always know your source.

The splint tool (short for secure programming lint ) is a static source checking tool built by the Inexpensive Program Analysis group at the University of Virginia. It provides strong and weak checking of source and, with annotation, can perform a very complete analysis of source.

With unannotated source, the -weak option can be used (with header files found in the ./inc subdirectory):

 splint -weak *.c -I./inc 

Splint also supports modes for standard checking ( -standard , the default mode), moderate checking ( -checks ), and extremely strict checking ( -strict ).

The flawfinder tool (developed by David Wheeler) is another useful tool that statically checks source in search of errors. flawfinder provides useful error messages that can be tutorial in nature. Consider the following example:

 $ flawfinder test.c     test.c:11:  [2] (buffer) char:       Statically-sized arrays can be overflowed. Perform bounds        checking, use functions that limit length, or ensure that        the size is larger than the maximum possible length.     $ 

In this case, an array was found that does not necessarily present a security issue, but a gentle reminder is provided of the potential for exploitation.

Many other source checking tools exist, such as RATS (Rough Auditing Tool for Security) and ITS4 (static vulnerability scanner). URLs for these tools can be found in the Resources section of this chapter.