tags:

views:

112

answers:

4
Q: 

C++ Professional Code Analysis Tools

Hello there, I would like to ask about the available (free or not) Static and Dynamic code analysis tools that can be used to C++ applications ESPECIALLY COM and ActiveX.

I am currently using Visual Studio's /analyze compiler option, which is good and all but I still feel there is lots of analysis to be done.

I'm talking about a C++ application where memory management and code security is of utmost importance.

I'm trying to check for problems relating to security such as memory management, input validation, buffer overflows, exception handling... etc

I'm not interested in, say, inheritance depth or lines of executable code.

A: 

Start here are work your way you http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

I don't mean to be rude when I say "google it". Personally (ymmv) I learn much more along the way from googling than just having someone give me "the" answer.

Also, when I look for tools, I will go to to SourceForge and look for - in this case - "static code analysis"

Btw, check out Valgrind

Mawg  2010-03-28 10:55:00
Thanks, no worries there I already googled and checked Valgrind before asking. Nevertheless, one can't be too sure and peer experience is priceless!
Voulnet  2010-03-28 11:04:05
+! for being tolerant ;-) Btw, can you automate the cehcking? E.g when checking in to SVN, or nightly build (e.g Huson). You might need a script to parse the result and send email if it flags anything?And will you require the output of some static code analysis tools as input to code reviews?
Mawg  2010-03-29 09:52:21
+1  A: 

There is a security tool category called the fuzzers which were used in the recent Pwn2Own 2010 contest in Vancouver. The winning guy said that he's not going to tell software makers which bug he found but instead how to create a good fuzzer that will allow them to find the bugs. This was covered by computerworld.

Basically, it finds every place that the software can take input and tries to inject random data until the application crashes. Starting from there, the user attempts to understand what went wrong and develops an effective attack.

I don't know any particular fuzzers but there are many kinds of them for various uses (buffer overflows vs sql injections, 2 very different problems, 2 different fuzzers)

Eric  2010-03-28 11:31:21
+1  A: 

Without a doubt you want to use Axman. This is by far the best ActiveX/Com security testing tool available, and its open source. This was one of the leading tools used in the Month Of Browser Bugs by H.D. Moore, who is also the creator of Metasploit. I I have personally used Axman to find vulnerabilities and write exploit code.

Axman uses TypeLib to identify all of the components that makeup a COM . This is a type relfection, and it means that Source code is not required. Axman uses reflection to automatically generate fuzz test cases against a COM.

Rook  2010-03-28 18:00:32
Thanks. I read about Axman in Hacking Exposed Web 2.0, but it's good to know it's the best tool to fuzz an ActiveX/COM object.
Voulnet  2010-04-02 01:28:10
+1  A: 

We use Coverity Prevent which is a very sophisticated static analysis tool that stores defects in a database that has a web interface. It works for C, C++, and Java.

We also use open source tools like Valgrind.

Dave  2010-03-30 11:47:01
Thanks a lot, I will look into it inshallah.
Voulnet  2010-04-02 01:30:02
Coverity isn't that great and its really expensive.
Rook  2010-04-03 02:28:17

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS