Source code security detection tools PC_Lint and ITS4 instances

1. Current code security situation

1.1 Buffer Overflow

Buffer overflow is a type of memory access error that crosses the array boundary for read/write. As you know, many functions related to string operations are provided in the Standard C language library, such as gets (), strcpy (), strcat (), strcmp (), and sprintf (). They are inherently insecure and pose security risks, such as the gets (str) command. When compiling this command, str allocates memory space as a character array, in addition, str is the first address of the allocated memory in a continuous storage area. Gets reads standard input text, stores the first character in the memory unit of str's first address, and stores the subsequent characters in sequence, until the standard input encounters the Terminator "0" and is placed in the storage unit of the last byte. When executing this command, the programmer cannot determine the buffer size in advance. If the length of the read text exceeds the length of the storage area specified for compilation, the read characters will overwrite the subsequent space of the storage area represented by str. Therefore, the so-called buffer overflow occurs. Below is a piece of code with a buffer overflow problem:

# Include
Using namespace std;
Int main ()
{
Char pwd [10];
Cout <"Please input your inite password (limited 10 chars ):";
Cin> pwd;
Char userpwd [10];
Cout <"Please input your password :";
Cin> userpwd;
Cout <"pwd:" <
Cout <"userpwd:" <
Return 0;
}

Experiments show that there are two risks of buffer overflow: ① the memory space adjacent to the buffer zone is easily overwritten. If the covered content is critical, it may cause serious security risks. ② Overwrite the return location of the function running the stack

To induce the program to execute any other code, and the "stack overflow" Overwrite error occurs. The above Code brings about the first problem. Assume that the password of the program is "1111111111" (10 '1 '), if the user enters the password "2222222222222222222222" (22 '2'), the original password of the program will be maliciously altered to "2222222222" (10 '2 '), and then pass the verification.

1.2 Memory Access Error

Memory Access error is another important factor that causes C program security risks. It may be caused by arrays, pointers, or memory management, the lack of boundary check is the root cause of memory access errors caused by the use of pointers and arrays in C Programs.

According to the memory allocation, usage, and release process, the following error may occur during access to the memory: ① the memory that is not successfully allocated is used; ② the memory that is successfully allocated but not initialized is referenced; ③ The memory allocation was successful and initialized again, but its operations crossed the boundary, resulting in a "space access" fault; ④ the memory was not released until the memory was exhausted, resulting in a "memory leak" error; ⑤ access to the released memory with uncertain values leads to a "time access" fault.

1.3 pointer reference error

Pointers are one of the important data types of C Programs. In C Programs, the use of pointers is the most flexible, core, and important. It is called the most essential part of C Programs. There is a saying that "you can master the C language when you master the C Pointer. However, the usage of pointers in C is the most complex and error-prone. Therefore, when referencing a pointer, pay special attention to the following two basic points: 1. Define the pointer itself; 2. Make sure that the defined Pointer Points to the legal bucket to which it should point.

1.4 random number usage and exception Control

The system random number generation function rand () provides a pseudo random number, and its internal implementation can generate repeated output values.

C-language programming does not provide an exception handling mechanism. All exception detection and handling tasks are preset by programmers. Once an exception occurs and no prevention measures are taken, unpredictable errors and security problems will occur.
2. Use of the source code static detection tool PC_Lint

　　2.1 What Can PC_Lint do?

INTRODUCTION PClint/FlexeLint finds quirks, idiosyncrasies, glitches and bugs in C and C ++ programs. the purpose ofsuch analysis is to determine potential problems in such programs before integration or porting, or toreveal unusual constructs that may be a source of subtle and, yet, undetected errors. because it looksacross several modules rather than just one, it can determine things that a compiler cannot. it is normallymuch fussier about details than a compiler wants to be.

The above section is extracted and copied from the PC_Lint self-report. Its advantages are highlighted in bright colors. PC-lint software is cost-effective, easy to learn, easy to promote and solidify into the software development and testing process, so it has been widely used in the world. PC-lint is easy to use. You can use the command line method. For example, lint-nt-u std. lnt test1.c test2.c test3.c can also use MAKEFILE. In addition, it can also be integrated into many development environments or commonly used code editing software, such as integration into Source Insight/SLICKEDIT/MS VC6.0/keil c... and so on. PC-Lint also supports various methods described in Scott Meyes's popular C ++/More Effective C ++ to improve efficiency and prevent errors.

　　2.2 install and configure PC_Lint

For beginners, the installation and configuration of PC_Lint is not simple, especially to understand the meaning of the files generated during the configuration process and set environment variables.

In the last step of clicking the executable installation file during the installation process, a dialog box is displayed asking if you want to configure PC_Lint. If yes, the next step is to configure your PC_Lint based on your computer environment and your needs, and generate the configuration file **. lnt. Generally, beginners can use this Configuration Wizard to configure a PC_Lint suitable for your computer environment. However, experienced users of PC_Lint can directly compile

The configuration file **. lnt. below is the configuration process of the Configuration Wizard.

First, the first step is the welcome page:

The second step is some self-reported content of PC_Lint, which describes a usage of PC_Lint and the role of this Configuration Wizard.

Step 3: ask whether to generate a new configuration file or use an existing configuration file to generate a new configuration file. Before that, you must select a working directory. Generally, select your installation directory to facilitate subsequent configuration of the working directory.

Step 4: select your compiler environment. PC_Lint supports many compiler environments. Select a computer option based on your computer environment.

Step 5: select the hardware platform of your computer (32-Bit Memory Model by default ).

Step 6: select the library files you are using. STL, MFC, and ATL are commonly used libraries, which are also recommended.

Step 7, let you choose whether to use the configuration file written by someone who has made important suggestions for C/C ++ programming. If the author's suggestions are selected, the options for his programming suggestions will be turned on, the author suggested that the configuration file named AU-xxx.LNT will be copied from an lnr directory to your installation directory, and it is recommended to select all.

Step 8: Select how to set the include file directory. If you select-I to help set the include file option, the next step will require you to enter one or more include paths. You can also skip this step and manually modify the configuration file later. The-I option is embodied in STD. in the LNT file or the newly created STD_x.LNT file, each directory is prefixed with-I. The directories are separated by spaces. If the directory name contains a long file name or contains spaces, double quotation marks are used, for example,-I "E: Program FilesMicrosoft Visual C ++ VC98include ".

Next, you can manually Enter the file inclusion path in the text box below, use the Semicolon ";" or use ctrl + Enter to break multiple inclusion paths, or select them directly in the directory tree. After entering the information, click "Next:

Step 9, because step 3 selects "Create a new STD. the following dialog box is displayed, indicating that std_x.lnt has been created in the configuration path. std _*. lnt actually contains std. lnt information, in addition to the configuration information such as the path and library we selected.

Step 10: Check whether the generated std_x.lnt file is used to replace the std. lnt file.

Step 2: Prepare an option to control the global compilation information display: OPTIONS. LNT: The file is generated in two ways. One is that the installer explains several core OPTIONS one by one and asks if you want to cancel the option. If you choose to cancel the option, it will be reflected in OPTIONS. in the LNT file, the specific embodiment is to add-e before the class information encoding, and then