JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
In many cases the default configuration file parameter settings will work well for your analyses. This section lists the parameters to concentrate on if you want to run security-oriented analyses.
Security warnings describe out of bounds memory accesses, integer overflows, hardcoded server addresses, and suspicious taint flows. CodeSonar detects some of each of these things (except server addresses) by default, but by enabling security warnings, it will detect even more.
Security warnings are likely to have a higher false positive rate than the warnings that are enabled by default.
Security analysis is likely to cause only a minor increase in analysis time. However, CodeSecure recommends also using the thorough analysis settings to maximize the number of security issues detected.
The security preset collects together all the settings described below.
To use the preset:
| Command Line |
Specify -preset security as part of your
build/analysis command. For example:
codesonar analyze MyProj -preset security localhost:7340 make
|
|---|---|
| Define as a default preset | Copy security.conf from $CSONAR/codesonar/presets/ to $CSONAR/codesonar/default_presets/. OR Use the CodeSonar Configuration Tool Modify Analysis Settings option. |
| Windows Build Wizard | Select security from the Preset list on screen 2. |
| Eclipse Plug-In | Select security from the Presets list in the Properties dialog. |
| Visual Studio Plug-In | Select security from the Presets list in the Project Properties dialog. |
The following table lists the configuration settings in the security preset which enables the C/C++ warning classes that are considered most useful for security audits. This is a strict subset of those classes whose significance is 'security'.
| Enabled by preset | Notes | |
|---|---|---|
| Disabled if preset not used, unless explicitly enabled elsewhere [*] | Remain enabled if preset not used, unless explicitly disabled elsewhere [*] | |
| 2$Buffer Overrun | Buffer Overrun Buffer Underrun Tainted Buffer Access Type Overrun Type Underrun |
These warning classes warn of conditions in which out of bounds access might occur. Note that by using both Buffer Overrun and 2$Buffer Overrun, CodeSonar can find more buffer overruns than it does by default. |
| Addition Overflow of Allocation
Size Multiplication Overflow of Allocation Size Subtraction Underflow of Allocation Size Truncation of Allocation Size |
Integer Overflow of Allocation
Size |
These warning classes indicate conditions in which values used to determine the size of an allocation could lead to exploitable underrun or overrun conditions. |
| Addition Overflow of Size Multiplication Overflow of Size Subtraction Underflow of Size Truncation of Size |
These warning classes indicate conditions in which values used to determine the size of something other than an allocation could lead to exploitable underrun or overrun conditions. | |
| Unreasonable Size Argument | This warning class indicates a size parameter may be negative or execessively large. | |
| Coercion Alters Value | This warning class indicates a condition in which coercion errors could lead to exploitable buffer overflow conditions. | |
| Negative Shift Amount Shift Amount Exceeds Bit Width |
These warning classes indicate conditions in which shifts might compute unexpected results, which could result in security-related issues. | |
| Overlapping Memory Regions | This warning class indicates a condition in which copied data overlaps the location to which the data is being copied, which can result in corrupted data. | |
| SQL Injection Format String LDAP Injection Library Injection Command Injection Format String Injection |
These warning classes indicate a condition in which an attacker can control or affect some code being interpreted. | |
| Tainted Network Address Tainted Write |
Double Free Return Pointer to Freed Return Pointer to Local Use After Free Pool Mismatch Type Mismatch Negative Character Value Unterminated C String Misaligned Object Uninitialized Variable |
These warning classes indicate conditions in which an attacker might be able to execute arbitrary code, corrupt memory, or access sensitive/secret information. |
| File System Race Condition | This warning class indicates a condition in which an attacker could gain access to otherwise unauthorized resources. Race conditions could be employed to gain read or write access to resources which are not normally readable or writable. | |
| Function Call Has No Effect | All warnings of this class refer to memory-copying function calls whose length argument is a constant-valued expression that evaluates to zero and may lead to disclosure of sensitive/secret information. | |
| Hardcoded DNS Name | Hardcoded Authentication Hardcoded Crypto Key Hardcoded Crypto Salt Plaintext Storage of Password |
These warning classes indicate the presence of various types of sensitive information being stored directly in a program. These conditions could allow an attacker to bypass intended authentication methods. |
| Tainted Allocation Size Tainted Configuration Setting Tainted Filename |
These warning classes indicate conditions in which tainted values might affect program behavior in security-relevant ways. | |
| Encryption without Padding | This warning class indicates that a program is trying to encode something with weaker than expected encryption. | |
| Use After Close | This warning class indicates a condition in which a released
resource could be subsequently reused or reallocated, allowing
access to sensitive data that is associated with a different user
or entity. |
|
[*] That is, by a WARNING_FILTER rule in another preset or configuration file used by the analysis.
To report problems with this documentation, please visit https://support.codesecure.com/.