Section 4. Running the Source Code Analysis Engine

4. Running the Source Code Analysis Engine

This exercise introduces the Source Code Analysis Engine. You will verify that the SCA Engine is properly installed and analyze a few small programs.

1. Run an analysis on a single source file:

   • For C and C++ source code:

     • Change to the following directory:

       Install_Directory/Samples/basic/stackbuffer

     • Enter the following command:

       sourceanalyzer gcc stackbuffer.c

     • Compare the output with the expected results given at the end of this exercise.

   • For Java source code:

     • Change to the following directory:

       Install_Directory/Samples/basic/eightball

     • Enter the following command:

       sourceanalyzer EightBall.java

     • Compare the output with the expected results given at the end of this exercise.

   • For .NET code:

     • Change to the following directory:

       Install_Directory\Samples\advanced\csharp\Sample1

     • Enter the following command:

       sourceanalyzer Sample1.exe

     • Compare the output with the expected results given at the end of this exercise.

Analysis Results of stackbuffer.c

The following output shows the results of an analysis of stackbuffer.c:

[Install_Directory\Samples\basic\stackbuffer] [BB73F23E46159FBE5ED3C1968C046828 : low : Unchecked Return Value : semantic ] stackbuffer.c(13) : read() [EDACF5BD763B329C8EE8AA50F8C53D08 : high : Buffer Overflow : data flow ] stackbuffer.c(4) : -> memcpy(2)     stackbuffer.c(17) : -> doMemCpy(2)     stackbuffer.c(15) : <- scanf(1)

Analysis Results of Eightball.java

The following output shows the results of an analysis of EightBall.java:

[Install_Directory\Samples\basic\eightball] [F7A138CDE5235351F6A4405BA4AD7C53 : low : Unchecked Return Value : semantic ] EightBall.java(12) : Reader.read() [EFE997D3683DC384056FA40F6C7BD0E8 : medium : Resource Injection : data flow ] EightBall.java(12) : -> new FileReader(0)     EightBall.java(8) : <=> (filename)     EightBall.java(8) : <-> Integer.parseInt(0->return)     EightBall.java(6) : <=> (filename)     EightBall.java(4) : -> EightBall.main(0) [397D4B4A4FF20A0C13369B1D47844C53 : medium : Unreleased Resource : control flow ]     EightBall.java(12) : start -> loaded : <inline expression>.new FileReader(...)     EightBall.java(14) : loaded -> end_of_scope : #end_scope(<inline expression>)

Analysis Results of Sample1.exe

The following output shows the results of an analysis of Sample1.exe. Note: Sample1.exe was generated in the "Ensuring a Working Build Environment" section.

[Install_Directory\Samples\advanced\csharp\Sample1] [C0EB5C44F4E926C3748984B3C4B869A5 : high : SQL Injection : data flow ] Sample1/Class1.cs(29) : -> new SqlDataAdapter(0)     Sample1/Class1.cs(19) : -> Sample1.Main(0) [3CC21A4EF4179833409BEC57C9420379 : high : SQL Injection : data flow ] Sample1/Class1.cs(31) : -> new SqlDataAdapter(0)     Sample1/Class1.cs(20) : <=> (tainted_query)     Sample1/Class1.cs(20) : <-> String.Concat(1->return)     Sample1/Class1.cs(20) : <-> String.Clone(this->return)     Sample1/Class1.cs(19) : ->  Sample1.Main(0) [8A25799D696115E0FD031CB294454B84 : medium : Unreleased Resource : control flow ]     Sample1/Class1.cs(24) : start -> loaded : conn.Open(. . .)     Sample1/Class1.cs(39) : loaded -> end_of_scope : #end_scope(conn)

Exercises for the Reader

Beginner

1. What are the benefits of integrating the SCA Engine into your environment as a compiler?

2. Why must you specify a compiler for C/C++ code but not for Java or .NET code?

3. Where is the log file used by the SCA Engine?

Advanced

1. If the SCA Engine cannot find some of the files for the software being built, what information is missing? Consider header files and source files. How will the missing information affect the results?

2. How do you know whether or not the SCA Engine was able to find and read all of the required files?