A Comparison of Open-Source Static Analysis Tools for Vulnerability Detection in C/C++ Code

Arusoaie, Andrei; Ciobâcă, Ștefan; Craciun, Vlad; Gavriluţ, Dragoş Teodor; Lucanu, Dorel

doi:10.1109/synasc.2017.00035

Cited by 32 publications

(11 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Shockingly, there was only a single report found by both CppCheck and out prototype in Xerces. This supports the conclusion of other findings on static analyses that to find more bugs, it is better to use multiple tools [2,33].…”

Section: Discussionsupporting

confidence: 89%

Detecting Uninitialized Variables in C++ with the Clang Static Analyzer

Umann

Porkoláb

2020

Acta Cybern

View full text Add to dashboard Cite

Uninitialized variables have been a source of errors since the beginning of software engineering. Some programming languages (e.g. Java and Python) will automatically zero-initialize such variables, but others, like C and C++, leave their state undefined. While laying aside initialization in C and C++ might be a performance advantage if an initial value can't be supplied, working with such variables is an undefined behavior, and is a common source of instabilities and crashes. To avoid such errors, whenever meaningful initialization is possible, it should be used. Tools for detecting these errors run time have existed for decades, but those require the problematic code to be executed. Since in many cases the number of possible execution paths are combinatoric, static analysis techniques emerged as an alternative. In this paper, we overview the technique for detecting uninitialized C++ variables using the Clang Static Analyzer, and describe various heuristics to guess whether a specific variable was left in an undefined state intentionally. We implemented a prototype tool based on our idea and successfully tested it on large open source projects.

show abstract

Section: Discussionsupporting

confidence: 89%

Detecting Uninitialized Variables in C++ with the Clang Static Analyzer

Umann

Porkoláb

2020

Acta Cybern

View full text Add to dashboard Cite

show abstract

“…Recently, Arusoaie et al (2017) compared several open-source, security-oriented, Static Analysers for C and C++ code. Among the tools compared are: Fig.…”

Section: Static Analysis For Vulnerability Detectionmentioning

confidence: 99%

“…git-vuln-finder 16 , that is based on C/C++ pattern matching. Arusoaie et al (2017) were able to compare those approaches both quantitatively and qualitatively, and characterised Frama-C as the most precise approach, Oclint as the tool uncovering most dangerous behaviours, and Cppcheck as presenting a very low false-positive rate.…”

Section: Static Analysis For Vulnerability Detectionmentioning

confidence: 99%

Revisiting the VCCFinder approach for the identification of vulnerability-contributing commits

et al. 2021

View full text Add to dashboard Cite

Detecting vulnerabilities in software is a constant race between development teams and potential attackers. While many static and dynamic approaches have focused on regularly analyzing the software in its entirety, a recent research direction has focused on the analysis of changes that are applied to the code. VCCFinder is a seminal approach in the literature that builds on machine learning to automatically detect whether an incoming commit will introduce some vulnerabilities. Given the influence of VCCFinder in the literature, we undertake an investigation into its performance as a state-of-the-art system. To that end, we propose to attempt a replication study on the VCCFinder supervised learning approach. The insights of our failure to replicate the results reported in the original publication informed the design of a new approach to identify vulnerability-contributing commits based on a semi-supervised learning technique with an alternate feature set. We provide all artefacts and a clear description of this approach as a new reproducible baseline for advancing research on machine learning-based identification of vulnerability-introducing commits.

show abstract

“…To automatically infer usage pattern, Yun et al [12] present APISan to infer correct API usages from source code without manual effort and detect various properties with security implications. Moreover, generic bug detection approaches also can be applied to SSL/TLS API usage, such as static analysis approaches [19], [20] and testing [21]. SSLDoc specifically targets SSL API usages in C programs and complements these works.…”

Section: Related Workmentioning

confidence: 99%

SSLDoc: Automatically Diagnosing Incorrect SSL API Usages in C Programs

Gu¹,

Wu²,

Li³

et al. 2019

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols provide a reliable communication channel between applications over the Internet. Implementations of these protocols (e.g., OpenSSL and GnuTLS) publish wellformat documentation and examples online to guide the usage of SSL/TLS APIs. However, incorrect usages have caused many severe vulnerabilities (e.g., privilege escalation, denial of service, man-in-the-middle attack, etc.) in recent years. In this paper, we introduce SSLDoc to diagnose incorrect SSL API usages in real-world C programs automatically. The key insight behind SSLDoc is a constraint-directed static analysis technique powered by domain-specific usage patterns that we learn from real-world vulnerabilities and bug-fix-related patches. We have instantiated SSLDoc for OpenSSL APIs and applied it to large-scale opensource programs. SSLDoc found 45 previously unknown securitysensitive bugs in OpenSSL implementation and applications in Ubuntu. We created and submitted issues for all of them. Up to now, 35 have been confirmed by the corresponding development communities and 27 have been fixed in master branch.

show abstract

A Comparison of Open-Source Static Analysis Tools for Vulnerability Detection in C/C++ Code

Cited by 32 publications

References 15 publications

Detecting Uninitialized Variables in C++ with the Clang Static Analyzer

Detecting Uninitialized Variables in C++ with the Clang Static Analyzer

Revisiting the VCCFinder approach for the identification of vulnerability-contributing commits

SSLDoc: Automatically Diagnosing Incorrect SSL API Usages in C Programs

Contact Info

Product

Resources

About