Research And Implemention Of Source Code Defect Scan Rules Based On Taint Analysis

Software safety becomes critical to the whole system with the great changes of information system security.Meantime,the source code has become increasingly complex,which make the R&D team difficult to completely eliminate all vulnerabilities and defects that exist in the code.Due to it,more and more enterprises are doing research on how to detect vulnerabilities by static analysis,also a series of static code scanning tools are applied.But the algorithms in these tools are only suitable for vulnerabilities that already exist and are applied to the functions in the standard library.However,some companies has defined their own stdlib,which makes the analysis more difficult and not so effective.Therefore,safety analysis for firm-specific software source codes plays an important role in vulnerabilities automatic detection.Based on the principle of taint analysis,this paper focuses on the source code scanning of vulnerability,does a deep research on how to make customized rules.The main work is as follows:(1)Do a sophisticated research on "heartbleed" vulnerability and"Bash Shellshock" vulnerability and analyze their buggy code.Both of them are due to the ignorance the broder inspection of external data."heartbleed" vulnerability is caused by the length mismatch of requeset and reality."Bash Shellshock" vulnerability is caused by the ignorance of terminator when define environment variables that contain functions.(2)Come up with the characteristics that easily lead to software vulnerabilities,based on the analyze of "HeartBleed" and "Bash ShellShock";find the unsafe function in the source code of SQLite,1wIP.The parameters are influenced by application scenarios,there is a great risk when parameters are external data or depended on external data.Meanwhile,data exchange will also bring taint data.(3)Write defect scanning rules,and then prove the effectivenes by experiments.This paper write rules using primitives provided by Coverity.We find some defects by the experiments,and specificly,analysis a defect that found in the code scan.The experiment results show that the features we present and models we make are effective.