Common Linux utilities are helpful to search through C/C++ code files. Although, there are commercially available source code analysis tools available that do a much better job than common utilities to prevent from memory corruption vulnerabilities with IDE plugins developers can use. For demonstration purposes, we will show how to search through code files for a list of predefined function vulnerable calls and rules with grep as well as flawfinder in the following steps.
- To discover unsafe C functions, there are several methods that can be used. The simplest form is using a grepexpression similar to the example shown as follows:
$ grep -E '(strcpy|strcat|sprintf|strlen|memcpy|fopen|gets)' code.c
This expression can be ...