Hello everyone. I want to let you all know that today I prepared a release of Flawfinder 2.0.19 for the AmigaOS 4. Flawfinder is a tool for developers, and as the author mentions:
Quote:
Flawfinder searches through C/C++ source code looking for potential security flaws. To run flawfinder, simply give flawfinder a list of directories or files. For each directory given, all files that have C/C++ filename extensions in that directory (and its subdirectories, recursively) will be examined. Thus, for most projects, simply give flawfinder the name of the source code’s topmost directory (use ‘‘.’’ for the current directory), and flawfinder will examine all of the project’s C/C++ source code. Flawfinder does not require that you be able to build your software, so it can be used even with incomplete source code.
Inside the archive, you will find the documentation in HTML and pdf. Flawfinder is a python script but it should be able to execute it as a plain command from anywhere, as long as it is in your path, or by providing its full location.
The very basic way to use it is: flawfinder src/
There is a way to generate the findings in HTML format as well. Have a look at the documentation.
Glad you like it. I am working on the https://cppcheck.sourceforge.io/ which I have already somewhat working, but I get a crash, which I am trying to fix before it is able to be released. This is much bigger than Flawfinder and a much more complete tool. Hope I will make it work soon.
So far it appears to me that Flawfinder mainly registers the use of C library functions that may potentially be dangerous, rather than scan for actual vulnerabilities caused by one's improper programming. So it reports about code safety in a rather general way, in effect working more like a C programming reference book than a true diagnostic tool.
Some of the warnings I find debatable. For example, Flawfinder will warn you about every use of strlen(), telling you that the function isn't safe when used on a string that has no terminating NUL character. But that's a bogus report IMHO because, first, if it has no NUL at the end it's not a C string - so why would I use strlen() to determine the length of it? -, and second, what other method does the Flawfinder author recommend if not strlen()? Am I supposed to keep string lengths in separate variables or what?
At any rate, it's great to have another tool in the programmer's arsenal. Better rule out a hundred false positives than overlook one real problem!
George, thank you for porting this. I've said it before and I'll say it again: you're a true asset to the Amiga community!
From reading the documentation, Flawfinder seems to be mainly oriented toward finding security flaws in applications that are going to be under attack by someone trying to compromise them for malicious purposes. An unterminated string is just the sort of thing such an attacker might use, so Flawfinder is correct to report strlen() as a potential security flaw. Perhaps "SecurityFlawfinder" would be a better name.
I ran Flawfinder on one of my programs, and it complained a lot about strlen(), memcpy(), strncpy(), and the like, all things where buffer overflows are possible if misused. I always guard against such errors when writing a program, so the value of Flawfinder for me is minimal. It might be more helpful when using someone else's code, where the author(s) might not be as careful about such things as I am.
One annoyance I noticed: I tend to keep older versions of my programs in subdirectories of the project directory. Pointing Flawfinder at the project directory caused it to recurse into all the historical versions of the code as well as the current version, repeating the same warnings over and over for every different version. There doesn't seem to be an option to turn directory recursion off.
I don't know if Flawfinder is going to become one of my regular tools or not. But I appreciate walkero's work on bringing it to the Amiga-- better to have a tool and decide not to use it, than to not have it at all.
What we need is a good Lint for the Amiga. I look forward to Cppcheck, which appears to do at least some of what Lint does.
This kind of application that checks the source code, without being able to watch it while it runs, is only for recommending places for possible issues. It is not to follow their recommendations blindly. A better solution would be something that compiles with your app and watches all the time for possible problems like memory leaks etc. As much as I understand such a program is Valgrind, but I am not sure if it is possible to be ported.
I agree with msteed, it is good to have such tools available, even if people choose to not use them. Flawfinder and cppcheck are both tools that are used at codacy.com which is a tool for code quality testing. That's why I am working to port them both.
cppcheck is much more complete than Flawfinder and will provide much more information.
cppcheck port is done and seems to work quite well, but unfortunately I can't release it yet, although I'd love to. The reason is that it requires a newer version of newlib 53.73 or higher. As soon as this is released, I will make cppcheck available.
Now I am trying to compile it with clib2, but I have some issues with it. If this works in the end, I might release it.
An unterminated string is just the sort of thing such an attacker might use
No a none terminated string will most likely crash your computer, or make your code run extremely slowly, in the best case.. if program is not working, it just not likely it will be exploited.
buffer overruns come from pre-allocated buffers. Something like
char tmp[30];
int success = 0;
do
{
printf(“enter password:\n”);
scanf(“%s”,tmp);
if ((strcmp(tmp),”pass1234”)==0) success = 1;
} while ( ! success)
Now with this code someone can type password longer then 30 char, and scanf will change “success”. scanf does not know the size of tmp buffer, don't care if there is 0 in tmp, as it will be overwritten.
Edited by LiveForIt on 2022/7/29 19:07:07
(NutsAboutAmiga)
Basilisk II for AmigaOS4 AmigaInputAnywhere Excalibur and other tools and apps.
I compiled cppcheck with afxgroup clib2 but I am getting the following errors by the linker. Any ideas?
/gcc/lib/libstdc++.a(vterminate.o): In function `__gnu_cxx::__verbose_terminate_handler()':
/opt/adtools/gcc/repo/libstdc++-v3/libsupc++/vterminate.cc:67: undefined reference to `__getreent'
/opt/adtools/gcc/repo/libstdc++-v3/libsupc++/vterminate.cc:93: undefined reference to `__getreent'
/opt/adtools/gcc/repo/libstdc++-v3/libsupc++/vterminate.cc:49: undefined reference to `__getreent'
/opt/adtools/gcc/repo/libstdc++-v3/libsupc++/vterminate.cc:85: undefined reference to `__getreent'
/gcc/lib/libstdc++.a(ios_init.o): In function `std::ios_base::Init::Init()':
/opt/adtools/gcc/repo/libstdc++-v3/src/c++98/ios_init.cc:85: undefined reference to `__getreent'
/gcc/lib/libstdc++.a(ios_init.o):/opt/adtools/gcc/repo/libstdc++-v3/src/c++98/ios_init.cc:181: more undefined references to `__getreent' follow
/gcc/lib/libstdc++.a(basic_file.o): In function `xwrite':
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:121: undefined reference to `__errno'
/gcc/lib/libstdc++.a(basic_file.o): In function `std::__basic_file<char>::sys_open(__sFILE64*, std::_Ios_Openmode)':
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:198: undefined reference to `__errno'
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:200: undefined reference to `__errno'
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:203: undefined reference to `__errno'
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:204: undefined reference to `__errno'
/gcc/lib/libstdc++.a(basic_file.o):/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:204: more undefined references to `__errno' follow
/gcc/lib/libstdc++.a(basic_file.o): In function `std::__basic_file<char>::showmanyc()':
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:354: undefined reference to `fstat64'
make: *** [cppcheck] Error 1
@liveforit Thank you for your reply. This seems to be missed from clib2. I will let afxgroup know.
update: Actually I saw that kas1e reported the same thing at https://github.com/afxgroup/clib2/issues/53 So, we will see how it goes, but if I understand correctly, this is not possible yet.
No a none terminated string will most likely crash your computer, or make your code run extremely slowly, in the best case.. if program is not working, it just not likely it will be exploited.
That's true if the unterminated string comes from within the program, as the result of a programmer error. But Flawfinder is looking for problems that come from outside the program, such as data that's read over a network, or files that are downloaded from somewhere.
Web browsers, streaming audio and video players, and any kind of file viewer or editor that operates on files created by someone else are examples of vulnerable programs. In such cases the attacker can try to exploit buffer overflows by creating a data file that's deliberately corrupted in a way that might trigger an overflow.
For example, if a particular file format dictates that a certain string stored in the file will never be longer than 'x' characters, then perhaps a program that's parsing that file will try to read the string into a buffer that's only 'x' characters long. If strlen()/memcpy() or strcpy() are used to read the string into the buffer, then a string that's longer than is legal may result in the buffer overflowing, as in your example.
To be safe, you need to make sure the length that is copied is clipped to the size of the buffer, something that strlen() and strcpy() don't do. That's what Flawfinder is pointing out-- it's reminding you to keep in mind how your program will respond to corrupted data.
If your program isn't operating on data from the outside world, then Flawfinder will likely not be of much use. Though I think it's worthwhile to keep buffer overflows in mind even when just reading files your program has written-- it's always possible for a file to accidentally get corrupted, and it's better for your program to safely reject such a file than to blow up when it tries to read it.
If strlen()/memcpy() or strcpy() are used to read the string into the buffer
well strlen() is not used to write strings into buffer, and how the buffer is declared that’s the problem, memcpy is not meant for string operating in general, as the name suggest meant for copy memory.
Yes strcpy is dangers, as does have destination max length as argument. Strncpy should be used instead, like sprintf is unsafe, while snprintf is safe.
Strcat() is also a unsafe function, as strcat again does not know the length of designation buffer, not how many bytes its filled before.
(NutsAboutAmiga)
Basilisk II for AmigaOS4 AmigaInputAnywhere Excalibur and other tools and apps.
You are linking against newlib listdc++.a that's why you get those undefined functions (/gcc/lib/libstdc++.a). Most porbably you have missed -mcrt=clib2 in LDFLAGS or something
/gcc/lib/libstdc++.a(vterminate.o): In function `__gnu_cxx::__verbose_terminate_handler()':
/opt/adtools/gcc/repo/libstdc++-v3/libsupc++/vterminate.cc:67: undefined reference to `__getreent'
/opt/adtools/gcc/repo/libstdc++-v3/libsupc++/vterminate.cc:93: undefined reference to `__getreent'
/opt/adtools/gcc/repo/libstdc++-v3/libsupc++/vterminate.cc:49: undefined reference to `__getreent'
/opt/adtools/gcc/repo/libstdc++-v3/libsupc++/vterminate.cc:85: undefined reference to `__getreent'
/gcc/lib/libstdc++.a(ios_init.o): In function `std::ios_base::Init::Init()':
/opt/adtools/gcc/repo/libstdc++-v3/src/c++98/ios_init.cc:85: undefined reference to `__getreent'
/gcc/lib/libstdc++.a(ios_init.o):/opt/adtools/gcc/repo/libstdc++-v3/src/c++98/ios_init.cc:181: more undefined references to `__getreent' follow
/gcc/lib/libstdc++.a(basic_file.o): In function `xwrite':
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:121: undefined reference to `__errno'
/gcc/lib/libstdc++.a(basic_file.o): In function `std::__basic_file::sys_open(__sFILE64*, std::_Ios_Openmode)':
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:198: undefined reference to `__errno'
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:200: undefined reference to `__errno'
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:203: undefined reference to `__errno'
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:204: undefined reference to `__errno'
/gcc/lib/libstdc++.a(basic_file.o):/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:204: more undefined references to `__errno' follow
/gcc/lib/libstdc++.a(basic_file.o): In function `std::__basic_file::showmanyc()':
/opt/adtools/native-build/gcc-native-build-8.4.0/ppc-amigaos/libstdc++-v3/src/c++98/basic_file.cc:354: undefined reference to `fstat64'
make: *** [cppcheck] Error 1
so /gcc/lib/libstdc++.a is the clib2 version? It is strange.. even because __errno is a newlib function and not a clib2 one. That's why I suspect you are mixing the two libs
News feed
OS4 Feedback forum
OS4Depot Feedback forum
Amigabounty forum
OpenAmiga forum
AmiCygnix forum
ABC shell forum
AmiKit forum
Cinnamon Writer forum
CodeBench forum
Digital Universe forum
Dopus 5 forum
E-UAE forum
Gnash forum
Ibrowse forum
JAmiga forum
Odyssey forum
OWB forum
Qt forum
SmartFileSystem forum
Timberwolf forum
TouchDevice forum
TuneNet forum
Unsatisfactory Software forum
Donate
