Jump to content

Code audit

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Tjohns300 (talk | contribs) at 00:59, 12 February 2008. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

A software code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions. It is an integral part of the defensive programming paradigm, which attempts to reduce errors before the software is released. C and C++ source code is the most common code to be audited since many higher-level languages, such as Python, have less potentially vulnerable functions (e.g., functions that do not check bounds).

Guidelines

When auditing software, every critical component should be audited by itself and together with the entire program. It is a good idea to search for high-risk vulnerabilities first and work down to low-risk vulnerabilities. Application penetration testing tries to identify vulnerabilities in software by launching as many known attack techniques as possible on likely access points in an attempt to bring down the application.[1] This is a common auditing method and can be used to find out if any specific vulnerabilities exist, but not where they are in the source code.

High-risk vulnerabilities

Some common high-risk vulnerabilities include the use of:

  • Non-bounds-checking functions: strcpy, sprintf, vsprintf, sscanf [2]
  • Pointer manipulation of buffers that may interfere with later bounds checking, e.g.: if ((bytesread = net_read(buf,len)) > 0) buf += bytesread; [2]
  • Calls like execve(), execution pipes, system() and similar things, especially when called with non-static arguments [2]
  • Input validation, e.g. (in SQL): statement := "SELECT * FROM users WHERE name = '" + userName + "';" is an example of a SQL injection vulnerability
  • File inclusion functions, e.g. (in PHP): include($page . '.php'); is an example of a remote file inclusion vulnerability

Tools

Source code auditing tools generally look for common vulnerabilities and only work for specific programming languages. Such automated tools could be used to save time, but should not be relied on for an in-depth audit. An example of an auditing tool is Skavenger.

See also

References

  1. ^ "Source Code Audit - FAQ".
  2. ^ a b c "Guidelines for C source code auditing".
Stub icon

This computer science article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Code_audit&oldid=190760278"