Flawfinder: a static analysis tool für C/C++
Summary
This documentation shows how to install and use Flawfinder, a static analysis tool for C/C++ source code. This tool aims to report possible security weaknesses (“flaws”) sorted by risk level to remove at least some potential security problems before the release of a program. It works on Unix-like systems and on Windows by using Cygwin. But in this documentation, it is explained using Ubuntu as a reference.
Requirements
This tool requires:
- Python 2.7 or Python 3
The tool was tested on a self-implemented C program, which intentionally contains a Buffer Overflow, using the Ubuntu on WSL2 on Windows 11.
In order to complete these steps, you must have followed Some Other Documentation before.
Description
Installation and usage
To install pip for Python 3 run:
sudo apt update sudo apt install python3-pip
Then, to install Flawfinder run:
sudo pip install flawfinder
After installing it, run:
flawfinder <directory_with_source_code>
Demo
Code Example in C
This is the code example which was implemented to test the tools against a Buffer Overflow vulnerability.
#include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include "secret.h" #define MIN(X, Y) (((X) < (Y)) ? (X) : (Y)) int auth(char *usedusername, char *usedpw) { int result = 0; char pw_user[28]; strcpy(pw_user, usedpw); printf("\n\nUser: %s\n", usedusername); printf("Password: %s\n", usedpw); if(strlen(password) != strlen(usedpw)) { printf("Password Length is not correct\n"); } for(int i = 0; i<strlen(password);i++) { if(strchr(usedpw,usedpw[i]) != strrchr(usedpw,usedpw[i])) { printf("No Double Char '%c' allowed\n", usedpw[i]); break; } } if(strcmp(usedusername, username) != 0) { printf("No such Username. Pleasce contact Admin\n"); } else { if(strcmp(password, usedpw) == 0) { result = 1; } else { printf("Password %s is incorrect: ", usedpw); for(int k = 0; k < MIN(strlen(password), strlen(usedpw));k++) { if(usedpw[k] != password[k]) { printf("Invalid Character '%c' in Password\n", usedpw[k]); break; } } } } return result; } void printUsage() { printf("Usage: <username> <password>\n"); exit(-1); } int main(int argc, char *argv[]) { if(argc < 3) printUsage(); if(auth(argv[1], argv[2]) != 0) { printf("\n\n#####################################################\n"); printf("# #\n"); printf("# !ACCESS GRANTED! #\n"); printf("# #\n"); printf("#####################################################\n\n\n"); printf("Welcome %s!\n", argv[1]); } else { printf("\n\n#####################################################\n"); printf("# #\n"); printf("# !ACCESS DENIED! #\n"); printf("# #\n"); printf("#####################################################\n\n\n"); } return 0; }
Usage of Flawfinder
From the same directory of the code run:
flawfinder .
Report of Flawfinder
After running the tool against the example code from above, the generated report will be:
Step 1
Enter these commands in the shell
echo foo echo bar
Step 2
Make sure to read
- War and Peace
- Lord of the Rings
- The Baroque Cycle
Used Hardware
Device to be used with this documentation Maybe another device to be used with this documentation
Courses
- A course where this documentation was used (2017, 2018)
- Another one (2018)