You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

These checkers enforce the CERT C Secure Coding rules, and are freely available.

Running the ROSE CERT C Checkers

The ROSE CERT C Checkers are built into a program called 'diagnose'.
To run the diagnose program on a C or C++ file, simply pass the file as an argument:

diagnose hello.c

If the C file violates some secure coding rules, the diagnose program will print them out. If the diagnose program can not find any violations, it prints nothing.

Diagnose actually takes the same arguments as gcc. So if your code has special flags that must be passed to the compiler, such as locations of include files, you can pass them to diagnose in the same manner as gcc. Likewise, if you have a makefile that indicates how your program is to be built, you can run ROSE on your source code merely by instructing to your make command to use diagnose as a drop-in replacement for gcc. One way to do this is:

make CC=diagnose

There are three ways to run the ROSE CERT C checkers. They are available on CMU's Andrew system. In addition you can run them using a downloadable VM. Finally, you can build the CERT checkers, as well as ROSE itself, from source.

ROSE CERT C Checkers on Andrew

To run these checkers, you must have an Andrew account at CMU. The diagnose program is available in:

/afs/andrew/usr/svoboda/public/c_rules

To run diagnose, you simply add this directory to your PATH environment variable.

ROSE CERT C Checkers on a Virtual Machine

To run these checkers, you must use a virtualization system such as VMWare. Contact David Svoboda in order to download the virtual machine containing the ROSE CERT C Checkers, as well as the VM's login userid and password.

You will need 7zip to uncompress the VM file, which is freely available from sourceforge.com. The command will look like this:

mkdir rosebud
cd rosebud
7zr x ../rosebud.7z

Once extracted, the rosebud directory is a VM image that can be powered on by VMWare. After logging in, you'll need to enter your login password again when the system asks for a sudo password. This is so the VM image can generate a unique SSH key.

After that, you should be able to access the VM from your host machine remotely using SSH. You'll need the VM's IP address for this, which you can learn with this command from the VM:

ip addr | grep /24

If it provides multiple IP addresses, select the one that begins
/192.168.../.

In the VM's home directory, there is a README file explaining what
software is available there. It includes both ROSE and the CERT Secure
Coding rule checkers.

Building ROSE and the CERT C Checkers

The source code was developed by the CERT Secure Coding Group, and is freely available.

This code has been developed and tested on an i386 workstation running Linux (2.6.16.60) and g++ (3.4.4). It depends on ROSE 0.9.3a, which is available for free download from http://rosecompiler.org

ROSE 0.9.3a also depends on the BOOST C++ library, version 1.3.5, which is available for free download from http://www.boost.org/

Both Boost and ROSE contain build instructions.

Building Diagnose

To build the diagnose program from the CERT C Checkers, first make sure that the ROSE environment variable points to the build directory of ROSE:

export ROSE=/usr/local/rose/compileTree

Then type:

make pgms

To test diagnose on the code samples from the CERT C Secure Coding Rules:

make tests

To build API documentation pages, you must have doxygen installed:

make doc

To clean documentation pages and build files:

make clean

Secure Coding Rules Enforced by Diagnose

The C Secure Coding Rules are freely available.

Here is a breakdown of how thoroughly diagnose enforces the C Secure Coding Rules:

Complete

57

ROSE catches all violations of these rules

Partial

45

ROSE catches some, but not all violations of these rules

false-positive

9

These rules could be checked by diagnose, but they will also catch some false positives.

Potential

29

These rules are not checked by diagnose, but could be

Undoable

32

These rules could not be checked by ROSE due to various limitations in ROSE.

Unenforceable

48

These rules could not be checked by any tool that relies purely on unaided static analysis.

TOTAL

220

  • No labels