flawfinder.ps

%!PS-Adobe-3.0
%%Creator: groff version 1.22.3
%%CreationDate: Mon Jan 21 18:35:31 2019
%%DocumentNeededResources: font Times-Roman
%%+ font Times-Bold
%%+ font Times-Italic
%%+ font Symbol
%%DocumentSuppliedResources: procset grops 1.22 3
%%Pages: 14
%%PageOrder: Ascend
%%DocumentMedia: Default 595 842 0 () ()
%%Orientation: Portrait
%%EndComments
%%BeginDefaults
%%PageMedia: Default
%%EndDefaults
%%BeginProlog
%%BeginResource: procset grops 1.22 3
%!PS-Adobe-3.0 Resource-ProcSet
/setpacking where{
pop
currentpacking
true setpacking
}if
/grops 120 dict dup begin
/SC 32 def
/A/show load def
/B{0 SC 3 -1 roll widthshow}bind def
/C{0 exch ashow}bind def
/D{0 exch 0 SC 5 2 roll awidthshow}bind def
/E{0 rmoveto show}bind def
/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def
/G{0 rmoveto 0 exch ashow}bind def
/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/I{0 exch rmoveto show}bind def
/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def
/K{0 exch rmoveto 0 exch ashow}bind def
/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/M{rmoveto show}bind def
/N{rmoveto 0 SC 3 -1 roll widthshow}bind def
/O{rmoveto 0 exch ashow}bind def
/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/Q{moveto show}bind def
/R{moveto 0 SC 3 -1 roll widthshow}bind def
/S{moveto 0 exch ashow}bind def
/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/SF{
findfont exch
[exch dup 0 exch 0 exch neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/MF{
findfont
[5 2 roll
0 3 1 roll
neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/level0 0 def
/RES 0 def
/PL 0 def
/LS 0 def
/MANUAL{
statusdict begin/manualfeed true store end
}bind def
/PLG{
gsave newpath clippath pathbbox grestore
exch pop add exch pop
}bind def
/BP{
/level0 save def
1 setlinecap
1 setlinejoin
DEFS/BPhook known{DEFS begin BPhook end}if
72 RES div dup scale
LS{
90 rotate
}{
0 PL translate
}ifelse
1 -1 scale
}bind def
/EP{
level0 restore
showpage
}def
/DA{
newpath arcn stroke
}bind def
/SN{
transform
.25 sub exch .25 sub exch
round .25 add exch round .25 add exch
itransform
}bind def
/DL{
SN
moveto
SN
lineto stroke
}bind def
/DC{
newpath 0 360 arc closepath
}bind def
/TM matrix def
/DE{
TM currentmatrix pop
translate scale newpath 0 0 .5 0 360 arc closepath
TM setmatrix
}bind def
/RC/rcurveto load def
/RL/rlineto load def
/ST/stroke load def
/MT/moveto load def
/CL/closepath load def
/Fr{
setrgbcolor fill
}bind def
/setcmykcolor where{
pop
/Fk{
setcmykcolor fill
}bind def
}if
/Fg{
setgray fill
}bind def
/FL/fill load def
/LW/setlinewidth load def
/Cr/setrgbcolor load def
/setcmykcolor where{
pop
/Ck/setcmykcolor load def
}if
/Cg/setgray load def
/RE{
findfont
dup maxlength 1 index/FontName known not{1 add}if dict begin
{
1 index/FID ne
2 index/UniqueID ne
and
{def}{pop pop}ifelse
}forall
/Encoding exch def
dup/FontName exch def
currentdict end definefont pop
}bind def
/DEFS 0 def
/EBEGIN{
moveto
DEFS begin
}bind def
/EEND/end load def
/CNT 0 def
/level1 0 def
/PBEGIN{
/level1 save def
translate
div 3 1 roll div exch scale
neg exch neg exch translate
0 setgray
0 setlinecap
1 setlinewidth
0 setlinejoin
10 setmiterlimit
[]0 setdash
/setstrokeadjust where{
pop
false setstrokeadjust
}if
/setoverprint where{
pop
false setoverprint
}if
newpath
/CNT countdictstack def
userdict begin
/showpage{}def
/setpagedevice{}def
mark
}bind def
/PEND{
cleartomark
countdictstack CNT sub{end}repeat
level1 restore
}bind def
end def
/setpacking where{
pop
setpacking
}if
%%EndResource
%%EndProlog
%%BeginSetup
%%BeginFeature: *PageSize Default
<< /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice
%%EndFeature
%%IncludeResource: font Times-Roman
%%IncludeResource: font Times-Bold
%%IncludeResource: font Times-Italic
%%IncludeResource: font Symbol
grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
/Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent
/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen
/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon
/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O
/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex
/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y
/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft
/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl
/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut
/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash
/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen
/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft
/logicalnot/minus/registered/macron/degree/plusminus/twosuperior
/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior
/ordmasculine/guilsinglright/onequarter/onehalf/threequarters
/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE
/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn
/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla
/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis
/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash
/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def
/Times-Italic@0 ENC0/Times-Italic RE/Times-Bold@0 ENC0/Times-Bold RE
/Times-Roman@0 ENC0/Times-Roman RE
%%EndSetup
%%Page: 1 1
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E/F1 10.95/Times-Bold@0 SF -.219
(NA)72 84 S(ME).219 E F0<8d61>108 96 Q(w\214nder \255 le)-.15 E
(xically \214nd potential security \215a)-.15 E
(ws \("hits"\) in source code)-.15 E F1(SYNOPSIS)72 112.8 Q/F2 10
/Times-Bold@0 SF(\215aw\214nder)108 124.8 Q F0([)2.5 E F2(\255\255help)A
F0(|)A F2<ad68>A F0 2.5(][)C F2<adad76>-2.5 E(ersion)-.1 E F0 2.5(][)C
F2(\255\255listrules)-2.5 E F0(])A([)108 136.8 Q F2(\255\255allo)A
(wlink)-.1 E F0 2.5(][)C F2<adad66>-2.5 E(ollo)-.25 E(wdotdir)-.1 E F0
2.5(][)C F2(\255\255nolink)-2.5 E F0(])A([)108 148.8 Q F2
(\255\255patch=)A/F3 10/Times-Italic@0 SF(\214lename)A F0(|)A F2<ad50>A
F3(\214lename)2.5 E F0(])A([)108 160.8 Q F2(\255\255inputs)A F0(|)A F2
<ad49>A F0 2.5(][)C F2(\255\255minle)A -.1(ve)-.15 G(l=).1 E F3(X)A F0
(|)2.5 E F2<ad6d>2.5 E F3(X)2.5 E F0 2.5(][)2.5 G F2
(\255\255falsepositi)-2.5 E -.1(ve)-.1 G F0(|).1 E F2<ad46>A F0(])A([)
108 172.8 Q F2<adad6e65>A -.1(ve)-.15 G(rignor).1 E(e)-.18 E F0(|)A F2
<ad6e>A F0(])A([)108 184.8 Q F2<adad72>A(egex=)-.18 E F3 -1.07 -.9(PA T)
D(TERN).9 E F0(|)2.5 E F2<ad65>2.5 E F3 -1.07 -.9(PA T)2.5 H(TERN).9 E
F0(])A([)108 196.8 Q F2(\255\255context)A F0(|)A F2<ad63>A F0 5.559(][)C
F2(\255\255columns)-5.559 E F0(|)A F2<ad43>A F0 5.559(][)C F2
<adad637376>-5.559 E F0 5.558(][)C F2(\255\255dataonly)-5.558 E F0(|)A
F2<ad44>A F0 5.558(][)C F2(\255\255html)-5.558 E F0(|)A F2<ad48>A F0
5.558(][)C F2(\255\255immediate)-5.558 E F0(|)A F2(-i)A F0 5.558(][)C F2
(\255\255single-)-5.558 E(line)108 208.8 Q F0(|)A F2<ad53>A F0 2.5(][)C
F2(\255\255omittime)-2.5 E F0 2.5(][)C F2(\255\255quiet)-2.5 E F0(|)A F2
<ad51>A F0 2.5(][)C F2<adad657272>-2.5 E(or)-.18 E(-le)-.37 E -.1(ve)
-.15 G(l=).1 E F0(LEVEL])A([)108 220.8 Q F2(\255\255loadhitlist=)A F3(F)
A F0 2.5(][)C F2<adad7361>-2.5 E -.1(ve)-.25 G(hitlist=).1 E F3(F)A F0
2.5(][)C F2(\255\255diffhitlist=)-2.5 E F3(F)A F0(])A([)108 232.8 Q F2
<adad>A F0(])A F3 2.5([s)2.79 G(our)-2.5 E(ce code \214le or sour)-.37 E
(ce r)-.37 E(oot dir)-.45 E(ectory ]+)-.37 E F1(DESCRIPTION)72 249.6 Q
F0(Fla)108 261.6 Q 1.383(w\214nder searches through C/C++ source code l\
ooking for potential security \215a)-.15 F 3.883(ws. T)-.15 F 3.883(or)
-.8 G 1.384(un \215a)-3.883 F(w\214nder)-.15 E(,)-.4 E .509(simply gi)
108 273.6 R .809 -.15(ve \215)-.25 H -.15(aw).15 G .509
(\214nder a list of directories or \214les.).15 F -.15(Fo)5.508 G 3.008
(re).15 G .508(ach directory gi)-3.008 F -.15(ve)-.25 G .508
(n, all \214les that ha).15 F .808 -.15(ve C)-.2 H .508(/C++ \214le-).15
F 1.347(name e)108 285.6 R 1.348
(xtensions in that directory \(and its subdirectories, recursi)-.15 F
-.15(ve)-.25 G 1.348(ly\) will be e).15 F 3.848(xamined. Thus,)-.15 F
1.348(for most)3.848 F 1.03(projects, simply gi)108 297.6 R 1.33 -.15
(ve \215)-.25 H -.15(aw).15 G 1.03
(\214nder the name of the source code').15 F 3.53(st)-.55 G 1.03
(opmost directory \(use `)-3.53 F(`.)-.74 E 2.51 -.74('' f)-.7 H 1.03
(or the current).74 F .23(directory\), and \215a)108 309.6 R .23
(w\214nder will e)-.15 F .231(xamine all of the project')-.15 F 2.731
(sC)-.55 G .231(/C++ source code.)-2.731 F(Fla)5.231 E .231
(w\214nder does)-.15 F F3(not)2.731 E F0(require)2.731 E .819
(that you be able to b)108 321.6 R .819(uild your softw)-.2 F .819
(are, so it can be used e)-.1 F -.15(ve)-.25 G 3.319(nw).15 G .819
(ith incomplete source code.)-3.319 F .819(If you only)5.819 F -.1(wa)
108 333.6 S .162(nt to ha).1 F -.15(ve)-.2 G F3 -.15(ch)2.812 G(ang).15
E(es)-.1 E F0(re)2.662 E(vie)-.25 E .162(wed, sa)-.25 F .462 -.15
(ve a u)-.2 H .163(ni\214ed dif).15 F 2.663(fo)-.25 G 2.663(ft)-2.663 G
.163(hose changes \(created by GNU "dif)-2.663 F 2.663(f-)-.25 G .163
(u" or "svn dif)-2.663 F(f")-.25 E(or "git dif)108 345.6 Q
(f"\) in a patch \214le and use the \255\255patch \(\255P\) option.)-.25
E(Fla)108 362.4 Q .864(w\214nder will produce a list of `)-.15 F(`hits')
-.74 E 3.364('\()-.74 G .864(potential security \215a)-3.364 F .863
(ws, also called \214ndings\), sorted by risk; the)-.15 F 1.04
(riskiest hits are sho)108 374.4 R 1.04(wn \214rst.)-.25 F 1.04
(The risk le)6.04 F -.15(ve)-.25 G 3.54(li).15 G 3.541(ss)-3.54 G(ho)
-3.541 E 1.041(wn inside square brack)-.25 F 1.041(ets and v)-.1 F 1.041
(aries from 0, v)-.25 F 1.041(ery little)-.15 F .033
(risk, to 5, great risk.)108 386.4 R .033(This risk le)5.033 F -.15(ve)
-.25 G 2.533(ld).15 G .032(epends not only on the function, b)-2.533 F
.032(ut on the v)-.2 F .032(alues of the parameters of)-.25 F .225
(the function.)108 398.4 R -.15(Fo)5.225 G 2.725(re).15 G .225
(xample, constant strings are often less risk)-2.875 F 2.725(yt)-.15 G
.225(han fully v)-2.725 F .225(ariable strings in man)-.25 F 2.725(yc)
-.15 G(onte)-2.725 E(xts,)-.15 E 1.707(and in those conte)108 410.4 R
1.707(xts the hit will ha)-.15 F 2.007 -.15(ve a l)-.2 H -.25(ow).15 G
1.707(er risk le).25 F -.15(ve)-.25 G 4.207(l. Fla).15 F 1.707
(w\214nder kno)-.15 F 1.707(ws about gette)-.25 F 1.707(xt \(a common)
-.15 F .327(library for internationalized programs\) and will treat con\
stant strings passed through gette)108 422.4 R .328(xt as though the)
-.15 F(y)-.15 E .641
(were constant strings; this reduces the number of f)108 434.4 R .641
(alse hits in internationalized programs.)-.1 F(Fla)5.64 E .64
(w\214nder will)-.15 F .063(do the same sort of thing with _T\(\) and _\
TEXT\(\), common Microsoft macros for handling internationalized)108
446.4 R 3.47(programs. Fla)108 458.4 R .969
(w\214nder correctly ignores te)-.15 F .969
(xt inside comments and strings.)-.15 F .969(Normally \215a)5.969 F .969
(w\214nder sho)-.15 F .969(ws all)-.25 F .33(hits with a risk le)108
470.4 R -.15(ve)-.25 G 2.83(lo).15 G 2.83(fa)-2.83 G 2.83(tl)-2.83 G .33
(east 1, b)-2.83 F .33(ut you can use the \255\255minle)-.2 F -.15(ve)
-.25 G 2.83(lo).15 G .33(ption to sho)-2.83 F 2.83(wo)-.25 G .33
(nly hits with higher risk)-2.83 F(le)108 482.4 Q -.15(ve)-.25 G .506
(ls if you wish.).15 F .506(Hit descriptions also note the rele)5.506 F
-.25(va)-.25 G .506(nt Common W).25 F .505
(eakness Enumeration \(CWE\) identi-)-.8 F .347
(\214er\(s\) in parentheses, as discussed belo)108 494.4 R 4.147 -.65
(w. F)-.25 H(la).65 E .348(w\214nder is of)-.15 F .348
(\214cially CWE-Compatible.)-.25 F .348(Hit descriptions with)5.348 F
2.501("[MS-banned]" indicate functions that are in the banned list of f\
unctions released by Microsoft; see)108 506.4 R(http://msdn.microsoft.c\
om/en-us/library/bb288454.aspx for more information about banned functi\
ons.)108 518.4 Q .271(Not e)108 535.2 R -.15(ve)-.25 G .272
(ry hit \(aka \214nding\) is actually a security vulnerability).15 F
2.772(,a)-.65 G .272(nd not e)-2.772 F -.15(ve)-.25 G .272
(ry security vulnerability is neces-).15 F 1.249(sarily found.)108 547.2
R(Ne)6.249 E -.15(ve)-.25 G 1.249(rtheless, \215a).15 F 1.249
(w\214nder can be an aid in \214nding and remo)-.15 F 1.248
(ving security vulnerabilities.)-.15 F(A)6.248 E .502(common w)108 559.2
R .502(ay to use \215a)-.1 F .502(w\214nder is to \214rst apply \215a)
-.15 F .503(w\214nder to a set of source code and e)-.15 F .503
(xamine the highest-)-.15 F .562(risk items.)108 571.2 R .561
(Then, use \255\255inputs to e)5.562 F .561
(xamine the input locations, and check to mak)-.15 F 3.061(es)-.1 G .561
(ure that only le)-3.061 F -.05(ga)-.15 G 3.061(la).05 G(nd)-3.061 E
(safe input v)108 583.2 Q(alues are accepted from untrusted users.)-.25
E .892(Once you')108 600 R 1.192 -.15(ve a)-.5 H .892(udited a program,\
 you can mark source code lines that are actually \214ne b).15 F .893
(ut cause spurious)-.2 F -.1(wa)108 612 S .923(rnings so that \215a).1 F
.923(w\214nder will stop complaining about them.)-.15 F 2.523 -.8(To m)
5.923 H .923(ark a line so that these w).8 F .922(arnings are)-.1 F
1.398(suppressed, put a specially-formatted comment either on the same \
line \(after the source code\) or all by)108 624 R(itself in the pre)108
636 Q(vious line.)-.25 E(The comment must ha)5 E .3 -.15(ve o)-.2 H
(ne of the tw).15 E 2.5(of)-.1 G(ollo)-2.5 E(wing formats:)-.25 E<83>108
652.8 Q(// Fla)144 652.8 Q(w\214nder: ignore)-.15 E<83>108 669.6 Q
(/* Fla)144 669.6 Q(w\214nder: ignore */)-.15 E -.15(Fo)108 686.4 S
2.814(rc).15 G(ompatibility')-2.814 E 2.813(ss)-.55 G(ak)-2.813 E .313
(e, you can replace "Fla)-.1 F .313(w\214nder:" with "ITS4:" or "RA)-.15
F .313(TS:" in these specially-format-)-1.11 F .524(ted comments.)108
698.4 R .524(Since it')5.524 F 3.024(sp)-.55 G .524
(ossible that such lines are wrong, you can use the \255\255ne)-3.024 F
-.15(ve)-.25 G .525(rignore option, which).15 F .959(causes \215a)108
710.4 R .959(w\214nder to ne)-.15 F -.15(ve)-.25 G 3.459(ri).15 G .959
(gnore an)-3.459 F 3.459(yl)-.15 G .959
(ine no matter what the comment directi)-3.459 F -.15(ve)-.25 G 3.458
(ss).15 G .958(ay \(more confusingly)-3.458 F(,)-.65 E<adad6e65>108
722.4 Q -.15(ve)-.25 G(rignore ignores the ignores\).).15 E(Fla)72 768 Q
165.545(w\214nder 4)-.15 F(Apr 2018)2.5 E(1)206.225 E 0 Cg EP
%%Page: 2 2
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E(Fla)108 84 Q .701
(w\214nder uses an internal database called the `)-.15 F(`ruleset')-.74
E .702('; the ruleset identi\214es functions that are common)-.74 F
1.679(causes of security \215a)108 96 R 4.179(ws. The)-.15 F 1.679
(standard ruleset includes a lar)4.179 F 1.678(ge number of dif)-.18 F
1.678(ferent potential problems,)-.25 F .027
(including both general issues that can impact an)108 108 R 2.528(yC)
-.15 G .028(/C++ program, as well as a number of speci\214c Unix-lik)
-2.528 F(e)-.1 E 1.055(and W)108 120 R(indo)-.4 E 1.055
(ws functions that are especially problematic.)-.25 F 1.054
(The \255\255listrules option reports the list of current)6.054 F 1.074
(rules and their def)108 132 R 1.074(ault risk le)-.1 F -.15(ve)-.25 G
3.575(ls. As).15 F 1.075(noted abo)3.575 F -.15(ve)-.15 G 3.575(,e).15 G
-.15(ve)-3.825 G 1.075(ry potential security \215a).15 F 3.575(wf)-.15 G
1.075(ound in a gi)-3.575 F -.15(ve)-.25 G 3.575(ns).15 G(ource)-3.575 E
.401(code \214le \(matching an entry in the ruleset\) is called a `)108
144 R(`hit,)-.74 E 1.881 -.74('' a)-.7 H .401
(nd the set of hits found during an).74 F 2.901(yp)-.15 G(articular)
-2.901 E 1.288(run of the program is called the `)108 156 R(`hitlist.)
-.74 E 5.268 -.74('' H)-.7 H 1.288(itlists can be sa).74 F -.15(ve)-.2 G
3.788(d\().15 G 1.288(using \255\255sa)-3.788 F -.15(ve)-.2 G 1.289
(hitlist\), reloaded back for).15 F .965
(redisplay \(using \255\255loadhitlist\), and you can sho)108 168 R
3.465(wo)-.25 G .965(nly the hits that are dif)-3.465 F .965
(ferent from another run \(using)-.25 F<adad646966>108 180 Q
(fhitlist\).)-.25 E(Fla)108 196.8 Q .169
(w\214nder is a simple tool, leading to some fundamental pros and cons.)
-.15 F(Fla)5.169 E .169(w\214nder w)-.15 F .169(orks by doing simple)-.1
F(le)108 208.8 Q .235(xical tok)-.15 F .235
(enization \(skipping comments and correctly tok)-.1 F .235
(enizing strings\), looking for tok)-.1 F .234(en matches to the)-.1 F
.466(database \(particularly to \214nd function calls\).)108 220.8 R
(Fla)5.466 E .466(w\214nder is thus similar to RA)-.15 F .467
(TS and ITS4, which also use)-1.11 F .574(simple le)108 232.8 R .574
(xical tok)-.15 F 3.074(enization. Fla)-.1 F .574(w\214nder then e)-.15
F .574(xamines the te)-.15 F .573
(xt of the function parameters to estimate risk.)-.15 F(Unlik)108 244.8
Q 2.957(et)-.1 G .457(ools such as splint, gcc')-2.957 F 2.958(sw)-.55 G
.458(arning \215ags, and clang, \215a)-3.058 F .458(w\214nder does)-.15
F/F1 10/Times-Italic@0 SF(not)2.958 E F0 .458(use or ha)2.958 F .758
-.15(ve a)-.2 H .458(ccess to infor).15 F(-)-.2 E .053
(mation about control \215o)108 256.8 R 1.353 -.65(w, d)-.25 H .053
(ata \215o).65 F 1.353 -.65(w, o)-.25 H 2.553(rd).65 G .052
(ata types when searching for potential vulnerabilities or estimating)
-2.553 F .483(the le)108 268.8 R -.15(ve)-.25 G 2.983(lo).15 G 2.983(fr)
-2.983 G 2.983(isk. Thus,)-2.983 F<8d61>2.983 E .483
(w\214nder will necessarily produce man)-.15 F 2.983(yf)-.15 G .484
(alse positi)-3.083 F -.15(ve)-.25 G 2.984(sf).15 G .484
(or vulnerabilities and f)-2.984 F(ail)-.1 E .454(to report man)108
280.8 R 2.954(yv)-.15 G 2.954(ulnerabilities. On)-2.954 F .453
(the other hand, \215a)2.954 F .453
(w\214nder can \214nd vulnerabilities in programs that can-)-.15 F .254
(not be b)108 292.8 R .254(uilt or cannot be link)-.2 F 2.754(ed. It)-.1
F .254(can often w)2.754 F .255(ork with programs that cannot e)-.1 F
-.15(ve)-.25 G 2.755(nb).15 G 2.755(ec)-2.755 G .255
(ompiled \(at least by)-2.755 F .618(the re)108 304.8 R(vie)-.25 E(wer')
-.25 E 3.118(st)-.55 G 3.118(ools\). Fla)-3.118 F .618
(w\214nder also doesn')-.15 F 3.118(tg)-.18 G .618
(et as confused by macro de\214nitions and other oddities that)-3.118 F
.366(more sophisticated tools ha)108 316.8 R .667 -.15(ve t)-.2 H .367
(rouble with.).15 F(Fla)5.367 E .367
(w\214nder can also be useful as a simple introduction to static)-.15 F
(analysis tools in general, since it is easy to start using and easy to\
 understand.)108 328.8 Q(An)108 345.6 Q 2.757<798c>-.15 G .257
(lename gi)-2.757 F -.15(ve)-.25 G 2.757(no).15 G 2.757(nt)-2.757 G .257
(he command line will be e)-2.757 F .257(xamined \(e)-.15 F -.15(ve)-.25
G 2.757(ni).15 G 2.757(fi)-2.757 G 2.756(td)-2.757 G(oesn')-2.756 E
2.756(th)-.18 G -2.25 -.2(av e)-2.756 H 2.756(au)2.956 G .256
(sual C/C++ \214lename)-2.756 F -.15(ex)108 357.6 S .197
(tension\); thus you can force \215a).15 F .197(w\214nder to e)-.15 F
.197(xamine an)-.15 F 2.697(ys)-.15 G .198
(peci\214c \214les you desire.)-2.697 F .198(While searching directo-)
5.198 F 1.603(ries recursi)108 369.6 R -.15(ve)-.25 G(ly).15 E 4.103
<2c8d>-.65 G -.15(aw)-4.103 G 1.603(\214nder only opens and e).15 F
1.602(xamines re)-.15 F 1.602(gular \214les that ha)-.15 F 1.902 -.15
(ve C)-.2 H 1.602(/C++ \214lename e).15 F(xtensions.)-.15 E(Fla)108
381.6 Q .916(w\214nder presumes that \214les are C/C++ \214les if the)
-.15 F 3.416(yh)-.15 G -2.25 -.2(av e)-3.416 H .916(the e)3.616 F .917
(xtensions ".c", ".h", ".ec", ".ecp", ".pgc",)-.15 F 1.297(".C", ".cpp"\
, ".CPP", ".cxx", ".c++", ".cc", ".CC", ".pcc", ".hpp", or ".H".)108
393.6 R 1.296(The \214lename `)6.296 F(`\255')-.74 E 3.796('m)-.74 G
1.296(eans the)-3.796 F .901(standard input.)108 405.6 R 2.501 -.8(To p)
5.901 H(re).8 E -.15(ve)-.25 G .901
(nt security problems, special \214les \(such as de).15 F .902
(vice special \214les and named pipes\))-.25 F 1.123(are al)108 417.6 R
-.1(wa)-.1 G 1.123(ys skipped, and by def).1 F 1.123
(ault symbolic links are skipped \(the \255\255allo)-.1 F 1.123
(wlink option follo)-.25 F 1.122(ws symbolic)-.25 F(links\).)108 429.6 Q
.375(After the list of hits is a brief summary of the results \(use -D \
to remo)108 446.4 R .675 -.15(ve t)-.15 H .375(his information\).).15 F
.375(It will sho)5.375 F 2.875(wt)-.25 G(he)-2.875 E .794
(number of hits, lines analyzed \(as reported by wc \255l\), and the ph)
108 458.4 R .793(ysical source lines of code \(SLOC\) ana-)-.05 F 3.262
(lyzed. A)108 470.4 R(ph)3.262 E .763
(ysical SLOC is a non-blank, non-comment line.)-.05 F .763
(It will then sho)5.763 F 3.263(wt)-.25 G .763
(he number of hits at each)-3.263 F(le)108 482.4 Q -.15(ve)-.25 G .242
(l; note that there will ne).15 F -.15(ve)-.25 G 2.742(rb).15 G 2.742
(eah)-2.742 G .241(it at a le)-2.742 F -.15(ve)-.25 G 2.741(ll).15 G
-.25(ow)-2.741 G .241(er than minle).25 F -.15(ve)-.25 G 2.741(l\().15 G
2.741(1b)-2.741 G 2.741(yd)-2.741 G(ef)-2.741 E 2.741
(ault\). Thus, "[0])-.1 F 2.741(0[)7.741 G 5.241(1] 9")-2.741 F .364
(means that at le)108 494.4 R -.15(ve)-.25 G 2.864(l0t).15 G .364
(here were 0 hits reported, and at le)-2.864 F -.15(ve)-.25 G 2.864(l1t)
.15 G .364(here were 9 hits reported.)-2.864 F .364(It will ne)5.364 F
.365(xt sho)-.15 F(w)-.25 E .251(the number of hits at a gi)108 506.4 R
-.15(ve)-.25 G 2.751(nl).15 G -2.15 -.25(ev e)-2.751 H 2.751(lo).25 G
2.751(rl)-2.751 G(ar)-2.751 E .251(ger \(so le)-.18 F -.15(ve)-.25 G
2.75(l3).15 G 2.75(+h)-2.75 G .25
(as the sum of the number of hits at le)-2.75 F -.15(ve)-.25 G 2.75(l3)
.15 G 2.75(,4)-2.75 G 2.75(,a)-2.75 G(nd)-2.75 E 2.784(5\). Thus,)108
518.4 R .284(an entry of "[0+])2.784 F .284(37" sho)5.284 F .284
(ws that at le)-.25 F -.15(ve)-.25 G 2.785(l0o).15 G 2.785(rh)-2.785 G
.285(igher there were 37 hits \(the 0+ entry will al)-2.785 F -.1(wa)-.1
G(ys).1 E 1.407(be the same as the "hits" number abo)108 530.4 R -.15
(ve)-.15 G 3.907(\). Hits).15 F 1.406(per KSLOC is ne)3.907 F 1.406
(xt sho)-.15 F 1.406(wn; this is each of the "le)-.25 F -.15(ve)-.25 G
3.906(lo).15 G(r)-3.906 E .34(higher" v)108 542.4 R .34
(alues multiplied by 1000 and di)-.25 F .34(vided by the ph)-.25 F .34
(ysical SLOC.)-.05 F .34(If symlinks were skipped, the count)5.34 F 1.59
(of those is reported.)108 554.4 R 1.589
(If hits were suppressed \(using the "ignore" directi)6.59 F 1.889 -.15
(ve i)-.25 H 4.089(ns).15 G 1.589(ource code comments as)-4.089 F .537
(described abo)108 566.4 R -.15(ve)-.15 G .537
(\), the number suppressed is reported.).15 F .538(The minimum risk le)
5.537 F -.15(ve)-.25 G 3.038(lt).15 G 3.038(ob)-3.038 G 3.038(ei)-3.038
G .538(ncluded in the report)-3.038 F 1.953(is displayed; by def)108
578.4 R 1.953(ault this is 1 \(use \255\255minle)-.1 F -.15(ve)-.25 G
4.452(lt).15 G 4.452(oc)-4.452 G 1.952(hange this\).)-4.452 F 1.952
(The summary ends with important)6.952 F .282(reminders: Not e)108 590.4
R -.15(ve)-.25 G .282(ry hit is necessarily a security vulnerability).15
F 2.783(,a)-.65 G .283(nd there may be other security vulnerabili-)
-2.783 F(ties not reported by the tool.)108 602.4 Q(Fla)108 619.2 Q
1.635(w\214nder can easily inte)-.15 F 1.635
(grate into a continuous inte)-.15 F 1.635(gration system.)-.15 F -1.1
(Yo)6.635 G 4.135(um)1.1 G 1.634(ight w)-4.135 F 1.634
(ant to check out the)-.1 F(\255\255error\255le)108 631.2 Q -.15(ve)-.25
G 2.5(lo).15 G(ption to help do that.)-2.5 E(Fla)108 648 Q
(w\214nder is released under the GNU GPL license v)-.15 E
(ersion 2 or later \(GPLv2+\).)-.15 E(Fla)108 664.8 Q .046(w\214nder w)
-.15 F .046(orks similarly to another program, ITS4, which is not fully\
 open source softw)-.1 F .047(are \(as de\214ned in)-.1 F .188
(the Open Source De\214nition\) nor free softw)108 676.8 R .187
(are \(as de\214ned by the Free Softw)-.1 F .187(are F)-.1 F 2.687
(oundation\). The)-.15 F .187(author of)2.687 F(Fla)108 688.8 Q 1.222
(w\214nder has ne)-.15 F -.15(ve)-.25 G 3.722(rs).15 G 1.222(een ITS4')
-3.722 F 3.722(ss)-.55 G 1.222(ource code.)-3.722 F(Fla)6.222 E 1.222
(w\214nder is similar in man)-.15 F 3.723(yw)-.15 G 1.223(ays to RA)
-3.823 F 1.223(TS, if you are)-1.11 F -.1(fa)108 700.8 S(miliar with RA)
.1 E(TS.)-1.11 E(Fla)72 768 Q 165.545(w\214nder 4)-.15 F(Apr 2018)2.5 E
(2)206.225 E 0 Cg EP
%%Page: 3 3
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E/F1 10.95/Times-Bold@0 SF
(BRIEF TUT)72 84 Q(ORIAL)-.197 E F0(Here')108 96 Q 2.749(sab)-.55 G .249
(rief e)-2.749 F .249(xample of ho)-.15 F 2.749<778d>-.25 G -.15(aw)
-2.749 G .249(\214nder might be used.).15 F .249(Imagine that you ha)
5.249 F .549 -.15(ve t)-.2 H .249(he C/C++ source code for).15 F .861
(some program named xyzzy \(which you may or may not ha)108 108 R 1.161
-.15(ve w)-.2 H .861(ritten\), and you').15 F .862
(re searching for security)-.5 F .938(vulnerabilities \(so you can \214\
x them before customers encounter the vulnerabilities\).)108 120 R -.15
(Fo)5.938 G 3.438(rt).15 G .937(his tutorial, I')-3.438 F(ll)-.1 E
(assume that you')108 132 Q(re using a Unix-lik)-.5 E 2.5(es)-.1 G
(ystem, such as Linux, OpenBSD, or MacOS X.)-2.5 E .873
(If the source code is in a subdirectory named xyzzy)108 148.8 R 3.373
(,y)-.65 G .873(ou w)-3.373 F .874(ould probably start by opening a te)
-.1 F .874(xt windo)-.15 F(w)-.25 E .162(and using \215a)108 160.8 R
(w\214nder')-.15 E 2.662(sd)-.55 G(ef)-2.662 E .162(ault settings, to a\
nalyze the program and report a prioritized list of potential secu-)-.1
F(rity vulnerabilities \(the `)108 172.8 Q(`less')-.74 E 2.5('j)-.74 G
(ust mak)-2.5 E(es sure the results stay on the screen\):)-.1 E<8d61>144
184.8 Q(w\214nder xyzzy | less)-.15 E .615
(At this point, you will see a lar)108 213.6 R .616
(ge number of entries.)-.18 F .616
(Each entry has a \214lename, a colon, a line number)5.616 F 3.116(,a)
-.4 G .385(risk le)108 225.6 R -.15(ve)-.25 G 2.885(li).15 G 2.885(nb)
-2.885 G(rack)-2.885 E .385(ets \(where 5 is the most risk)-.1 F .385
(y\), a cate)-.15 F(gory)-.15 E 2.885(,t)-.65 G .385
(he name of the function, and a description of)-2.885 F(wh)108 237.6 Q
2.781<798d>-.05 G -.15(aw)-2.781 G .281
(\214nder thinks the line is a vulnerability).15 F 5.281(.F)-.65 G(la)
-5.281 E .281(w\214nder normally sorts by risk le)-.15 F -.15(ve)-.25 G
.282(l, sho).15 F .282(wing the riski-)-.25 F .071
(est items \214rst; if you ha)108 249.6 R .371 -.15(ve l)-.2 H .071
(imited time, it').15 F 2.571(sp)-.55 G .07(robably best to start w)
-2.571 F .07(orking on the riskiest items and continue)-.1 F .625
(until you run out of time.)108 261.6 R .625(If you w)5.625 F .625
(ant to limit the display to risks with only a certain risk le)-.1 F
-.15(ve)-.25 G 3.125(lo).15 G 3.125(rh)-3.125 G(igher)-3.125 E(,)-.4 E
1.099(use the \255\255minle)108 273.6 R -.15(ve)-.25 G 3.599(lo).15 G
3.599(ption. If)-3.599 F(you')3.599 E 1.099(re getting an e)-.5 F 1.098
(xtraordinary number of f)-.15 F 1.098(alse positi)-.1 F -.15(ve)-.25 G
3.598(sb).15 G 1.098(ecause v)-3.598 F(ariable)-.25 E .672
(names look lik)108 285.6 R 3.172(ed)-.1 G .672
(angerous function names, use the \255F option to remo)-3.172 F .973
-.15(ve r)-.15 H .673(eports about them.).15 F .673(If you don')5.673 F
(t)-.18 E 4.367
(understand the error message, please see documents such as the)108
297.6 R/F2 10/Times-Italic@0 SF(Secur)7.196 E 6.866(eP)-.37 G -1.7 -.45
(ro g)-6.866 H -.15(ra).45 G 4.366(mming HO).15 F(WT)-.5 E(O)-.18 E/F3
10/Symbol SF<e1>108 309.6 Q F0(https://dwheeler)A(.com/secure-programs)
-.55 E F3<f1>A F0 4.072(at https://dwheeler)6.572 F 4.072
(.com/secure-programs which pro)-.55 F 4.072(vides more)-.15 F
(information on writing secure programs.)108 321.6 Q .722
(Once you identify the problem and understand it, you can \214x it.)108
338.4 R .721(Occasionally you may w)5.722 F .721(ant to re-do the)-.1 F
.545(analysis, both because the line numbers will change)108 350.4 R F2
(and)3.045 E F0 .545(to mak)3.045 F 3.045(es)-.1 G .546(ure that the ne)
-3.045 F 3.046(wc)-.25 G .546(ode doesn')-3.046 F 3.046(ti)-.18 G
(ntroduce)-3.046 E(yet a dif)108 362.4 Q(ferent vulnerability)-.25 E(.)
-.65 E .516(If you')108 379.2 R .816 -.15(ve d)-.5 H .516
(etermined that some line isn').15 F 3.016(tr)-.18 G .516
(eally a problem, and you')-3.016 F .516
(re sure of it, you can insert just before)-.5 F(or on the of)108 391.2
Q(fending line a comment lik)-.25 E(e)-.1 E(/* Fla)146.5 403.2 Q
(w\214nder: ignore */)-.15 E(to k)108 415.2 Q(eep them from sho)-.1 E
(wing up in the output.)-.25 E .397(Once you')108 432 R .697 -.15(ve d)
-.5 H .397(one that, you should go back and search for the program').15
F 2.898(si)-.55 G .398(nputs, to mak)-2.898 F 2.898(es)-.1 G .398
(ure that the pro-)-2.898 F .294(gram strongly \214lters an)108 444 R
2.793(yo)-.15 G 2.793(fi)-2.793 G .293(ts untrusted inputs.)-2.793 F
(Fla)5.293 E .293(w\214nder can identify man)-.15 F 2.793(yp)-.15 G .293
(rogram inputs by using the)-2.793 F(\255\255inputs option, lik)108 456
Q 2.5(et)-.1 G(his:)-2.5 E<8d61>144 468 Q
(w\214nder \255\255inputs xyzzy)-.15 E(Fla)108 484.8 Q .427
(w\214nder can inte)-.15 F .427(grate well with te)-.15 F .428
(xt editors and inte)-.15 F .428(grated de)-.15 F -.15(ve)-.25 G .428
(lopment en).15 F .428(vironments; see the e)-.4 F(xamples)-.15 E
(for more information.)108 496.8 Q(Fla)108 513.6 Q .574
(w\214nder includes man)-.15 F 3.074(yo)-.15 G .574
(ther options, including ones to create HTML v)-3.074 F .574
(ersions of the output \(useful for)-.15 F(prettier displays\).)108
525.6 Q(The ne)5 E(xt section describes those options in more detail.)
-.15 E F1(OPTIONS)72 554.4 Q F0(Fla)108 566.4 Q .187(w\214nder has a nu\
mber of options, which can be grouped into options that control its o)
-.15 F .187(wn documentation,)-.25 F 1.272
(select input data, select which hits to display)108 578.4 R 3.772(,s)
-.65 G 1.272(elect the output format, and perform hitlist management.)
-3.772 F .691(The commonly-used \215a)108 590.4 R .691(w\214nder option\
s support the standard option syntax de\214ned in the POSIX \(Issue 7,)
-.15 F .119(2013 Edition\) section `)108 602.4 R .119(`Utility Con)-.74
F -.15(ve)-.4 G(ntions').15 E 2.618('. Fla)-.74 F .118
(w\214nder also supports the GNU long options \(double-dash)-.15 F .128
(options of form \255\255)108 614.4 R F2(option)A F0 2.628(\)a)C 2.628
(sd)-2.628 G .128(e\214ned in the)-2.628 F F2 .128(GNU C Libr)2.628 F
.128(ary Refer)-.15 F .128(ence Manual)-.37 F F0 -.74(``)2.628 G .128
(Program Ar).74 F .128(gument Syntax)-.18 F(Con)108 626.4 Q -.15(ve)-.4
G(ntions').15 E 3.003('a)-.74 G(nd)-3.003 E F2 .503(GNU Coding Standar)
3.003 F(ds)-.37 E F0 -.74(``)3.003 G .502
(Standards for Command Line Interf).74 F(aces')-.1 E 3.002('. Long)-.74
F .502(option ar)3.002 F(gu-)-.18 E .456(ments can be pro)108 638.4 R
.457(vided as `)-.15 F(`--name=v)-.74 E(alue')-.25 E 2.957('o)-.74 G
2.957(r`)-2.957 G .457(`-name v)-3.697 F(alue')-.25 E 2.957('. All)-.74
F .457(options can be accessed using the more)2.957 F .229
(readable GNU long option con)108 650.4 R -.15(ve)-.4 G .229
(ntions; some less commonly used options can).15 F F2(only)2.728 E F0
.228(be accessed using long)2.728 F(option con)108 662.4 Q -.15(ve)-.4 G
(ntions.).15 E/F4 10/Times-Bold@0 SF(Documentation)87 691.2 Q
(\255\255help)108 703.2 Q F0(Fla)72 768 Q 165.545(w\214nder 4)-.15 F
(Apr 2018)2.5 E(3)206.225 E 0 Cg EP
%%Page: 4 4
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E/F1 10/Times-Bold@0 SF<ad68>108
84 Q F0(Sho)168 84 Q 2.5(wu)-.25 G(sage \(help\) information.)-2.5 E F1
<adad76>108 112.8 Q(ersion)-.1 E F0(Sho)168 112.8 Q(ws \(just\) the v)
-.25 E(ersion number and e)-.15 E(xits.)-.15 E F1(\255\255listrules)108
141.6 Q F0 2.074(List the terms \(tok)168 141.6 R 2.074
(ens\) that trigger further e)-.1 F 2.075(xamination, their def)-.15 F
2.075(ault risk le)-.1 F -.15(ve)-.25 G 2.075(l, and the).15 F(def)168
153.6 Q .03(ault w)-.1 F .03(arning \(including the CWE identi\214er\(s\
\), if applicable\), all tab-separated.)-.1 F .03(The terms)5.03 F .066
(are primarily names of potentially-dangerous functions.)168 165.6 R
.067(Note that the reported risk le)5.067 F -.15(ve)-.25 G 2.567(la).15
G(nd)-2.567 E -.1(wa)168 177.6 S
(rning for some speci\214c code may be dif).1 E(ferent than the def)-.25
E(ault, depending on ho)-.1 E 2.5(wt)-.25 G(he term)-2.5 E 1.304
(is used.)168 189.6 R 1.304(Combine with \255D if you do not w)6.304 F
1.304(ant the usual header)-.1 F 6.304(.F)-.55 G(la)-6.304 E 1.304
(w\214nder v)-.15 F 1.304(ersion 1.29)-.15 F
(changed the separator from spaces to tabs, and added the def)168 201.6
Q(ault w)-.1 E(arning \214eld.)-.1 E F1(Selecting Input Data)87 230.4 Q
(\255\255allo)108 242.4 Q(wlink)-.1 E F0(Allo)168 242.4 Q 2.674(wt)-.25
G .174(he use of symbolic links; normally symbolic links are skipped.)
-2.674 F(Don')5.173 E 2.673(tu)-.18 G .173(se this option)-2.673 F .354
(if you')168 254.4 R .354(re analyzing code by others; attack)-.5 F .355
(ers could do man)-.1 F 2.855(yt)-.15 G .355
(hings to cause problems for an)-2.855 F 1.084
(analysis with this option enabled.)168 266.4 R -.15(Fo)6.084 G 3.584
(re).15 G 1.084(xample, an attack)-3.734 F 1.084
(er could insert symbolic links to)-.1 F .326(\214les such as /etc/pass\
wd \(leaking information about the \214le\) or create a circular loop, \
which)168 278.4 R -.1(wo)168 290.4 S .429(uld cause \215a).1 F .429
(w\214nder to run `)-.15 F(`fore)-.74 E -.15(ve)-.25 G(r').15 E 2.929
('. Another)-.74 F .428(problem with enabling this option is that)2.928
F .542(if the same \214le is referenced multiple times using symbolic l\
inks, it will be analyzed multi-)168 302.4 R 1.525
(ple times \(and thus reported multiple times\).)168 314.4 R 1.525
(Note that \215a)6.525 F 1.525(w\214nder already includes some)-.15 F
2.956(protection ag)168 326.4 R 2.957
(ainst symbolic links to special \214le types such as de)-.05 F 2.957
(vice \214le types \(e.g.,)-.25 F(/de)168 338.4 Q 1.219
(v/zero or C:\\mystuf)-.25 F 3.719(f\\com1\). Note)-.25 F 1.218
(that for \215a)3.719 F 1.218(w\214nder v)-.15 F 1.218
(ersion 1.01 and before, this w)-.15 F(as)-.1 E(the def)168 350.4 Q
(ault.)-.1 E F1<adad66>108 379.2 Q(ollo)-.25 E(wdotdir)-.1 E F0 .57
(Enter directories whose names be)168 391.2 R .57(gin with ".".)-.15 F
.57(Normally such directories are ignored, since)5.57 F(the)168 403.2 Q
4.017(yn)-.15 G 1.517(ormally include v)-4.017 F 1.516
(ersion control pri)-.15 F -.25(va)-.25 G 1.516
(te data \(such as .git/ or .svn/\), b).25 F 1.516(uild metadata)-.2 F
(\(such as .mak)168 415.2 Q
(epp\), con\214guration information, and so on.)-.1 E F1(\255\255nolink)
108 444 Q F0 5.296(Ignored. Historically)168 444 R 2.796
(this disabled follo)5.296 F 2.796(wing symbolic links; this beha)-.25 F
2.797(vior is no)-.2 F 5.297(wt)-.25 G(he)-5.297 E(def)168 456 Q(ault.)
-.1 E F1(\255\255patch=)108 484.8 Q/F2 10/Times-Italic@0 SF(patc)A
(h\214le)-.15 E F1<ad50>108 501.6 Q F2(patc)2.5 E(h\214le)-.15 E F0 .228
(Examine the selected \214les or directories, b)168 501.6 R .227
(ut only report hits in lines that are added or modi-)-.2 F .567
(\214ed as described in the gi)168 513.6 R -.15(ve)-.25 G 3.067(np).15 G
.568(atch \214le.)-3.067 F .568
(The patch \214le must be in a recognized uni\214ed dif)5.568 F(f)-.25 E
2.294(format \(e.g., the output of GNU "dif)168 525.6 R 4.793(f-)-.25 G
4.793(uo)-4.793 G 2.293(ld ne)-4.793 F 2.293(w", "svn dif)-.25 F 2.293
(f", or "git dif)-.25 F 4.793(f[)-.25 G(commit]"\).)-4.793 E(Fla)168
537.6 Q .833(w\214nder assumes that the patch has already been applied \
to the \214les.)-.15 F .833(The patch \214le can)5.833 F 1.767
(also include changes to irrele)168 549.6 R -.25(va)-.25 G 1.767
(nt \214les \(the).25 F 4.267(yw)-.15 G 1.767(ill simply be ignored\).)
-4.267 F 1.767(The line numbers)6.767 F(gi)168 561.6 Q -.15(ve)-.25 G
2.731(ni).15 G 2.731(nt)-2.731 G .231(he patch \214le are used to deter\
mine which lines were changed, so if you ha)-2.731 F .532 -.15(ve m)-.2
H(odi-).15 E .498(\214ed the \214les since the patch \214le w)168 573.6
R .498(as created, re)-.1 F .497(generate the patch \214le \214rst.)-.15
F(Be)5.497 E -.1(wa)-.25 G .497(re that the).1 F .397
(\214le names of the ne)168 585.6 R 2.897<778c>-.25 G .397(les gi)-2.897
F -.15(ve)-.25 G 2.897(ni).15 G 2.897(nt)-2.897 G .398
(he patch \214le must match e)-2.897 F(xactly)-.15 E 2.898(,i)-.65 G
.398(ncluding upper/lo)-2.898 F(wer)-.25 E .045
(case, path pre\214x, and directory separator \(\\ vs. /\).)168 597.6 R
.045(Only uni\214ed dif)5.045 F 2.544(ff)-.25 G .044
(ormat is accepted \(GNU)-2.544 F(dif)168 609.6 Q .54(f, svn dif)-.25 F
.54(f, and git dif)-.25 F 3.04(fo)-.25 G .54(utput is okay\); if you ha)
-3.04 F .84 -.15(ve a d)-.2 H(if).15 E .54(ferent format, ag)-.25 F .54
(ain re)-.05 F .54(generate it)-.15 F 2.685(\214rst. Only)168 621.6 R
.185(hits that occur on resultant changed lines, or immediately abo)
2.685 F .485 -.15(ve a)-.15 H .185(nd belo).15 F 2.685(wt)-.25 G(hem,)
-2.685 E .043(are reported.)168 633.6 R .043
(This option implies \255\255ne)5.043 F -.15(ve)-.25 G(rignore.).15 E F1
-.65(Wa)5.043 G -.15(rn).65 G(ing).15 E F0 2.543(:D)C(o)-2.543 E F2(not)
2.543 E F0 .043(pass a patch \214le without)2.543 F(the)168 645.6 Q F1
<ad50>2.528 E F0 2.528(,b)C .028(ecause \215a)-2.528 F .027
(w\214nder will then try to treat the \214le as a source \214le.)-.15 F
.027(This will often w)5.027 F(ork,)-.1 E -.2(bu)168 657.6 S 3.348(tt).2
G .849(he line numbers will be relati)-3.348 F 1.149 -.15(ve t)-.25 H
3.349(ot).15 G .849(he be)-3.349 F .849
(ginning of the patch \214le, not the positions in)-.15 F .163
(the source code.)168 669.6 R .163(Note that you)5.163 F F1(must)2.663 E
F0 .162(also pro)2.662 F .162
(vide the actual \214les to analyze, and not just the)-.15 F .422
(patch \214le; when using)168 681.6 R F1<ad50>2.922 E F0 .423
(\214les are only reported if the)2.923 F 2.923(ya)-.15 G .423
(re both listed in the patch and also)-2.923 F
(listed \(directly or indirectly\) in the list of \214les to analyze.)
168 693.6 Q(Fla)72 768 Q 165.545(w\214nder 4)-.15 F(Apr 2018)2.5 E(4)
206.225 E 0 Cg EP
%%Page: 5 5
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E/F1 10/Times-Bold@0 SF
(Selecting Hits to Display)87 84 Q(\255\255inputs)108 96 Q<ad49>108
112.8 Q F0(Sho)144 112.8 Q 2.5(wo)-.25 G(nly functions that obtain data\
 from outside the program; this also sets minle)-2.5 E -.15(ve)-.25 G
2.5(lt).15 G 2.5(o0)-2.5 G(.)-2.5 E F1(\255\255minle)108 141.6 Q -.1(ve)
-.15 G(l=).1 E/F2 10/Times-Italic@0 SF(X)A F1(-m)108 158.4 Q F2(X)2.5 E
F0 .499(Set minimum risk le)144 158.4 R -.15(ve)-.25 G 2.999(lt).15 G
2.999(oXf)-2.999 G .499(or inclusion in hitlist.)-2.999 F .499
(This can be from 0 \(`)5.499 F .499(`no risk')-.74 F .499('\) to 5 \(`)
-.74 F(`maxi-)-.74 E(mum risk')144 170.4 Q('\); the def)-.74 E
(ault is 1.)-.1 E F1(\255\255falsepositi)108 199.2 Q -.1(ve)-.1 G<ad46>
108 216 Q F0 .437(Do not include hits that are lik)144 216 R .437
(ely to be f)-.1 F .438(alse positi)-.1 F -.15(ve)-.25 G 2.938
(s. Currently).15 F 2.938(,t)-.65 G .438(his means that function names)
-2.938 F .992(are ignored if the)144 228 R(y')-.15 E .992(re not follo)
-.5 F .991(wed by "\(", and that declarations of character arrays aren')
-.25 F 3.491(tn)-.18 G(oted.)-3.491 E .466(Thus, if you ha)144 240 R
.766 -.15(ve u)-.2 H .466(se a v).15 F .466(ariable named "access" e)
-.25 F -.15(ve)-.25 G .466
(rywhere, this will eliminate references to this).15 F 1.839(ordinary v)
144 252 R 4.339(ariable. This)-.25 F(isn')4.339 E 4.339(tt)-.18 G 1.839
(he def)-4.339 F 1.838(ault, because this also increases the lik)-.1 F
1.838(elihood of missing)-.1 F .367(important hits; in particular)144
264 R 2.867(,f)-.4 G .367
(unction names in #de\214ne clauses and calls through function pointers)
-2.867 F(will be missed.)144 276 Q F1<adad6e65>108 304.8 Q -.1(ve)-.15 G
(rignor).1 E(e)-.18 E(-n)108 321.6 Q F0(Ne)144 321.6 Q -.15(ve)-.25 G
2.5(ri).15 G(gnore security issues, e)-2.5 E -.15(ve)-.25 G 2.5(ni).15 G
2.5(ft)-2.5 G(he)-2.5 E 2.5(yh)-.15 G -2.25 -.2(av e)-2.5 H(an `)2.7 E
(`ignore')-.74 E 2.5('d)-.74 G(irecti)-2.5 E .3 -.15(ve i)-.25 H 2.5
(nac).15 G(omment.)-2.5 E F1<adad72>108 350.4 Q(egexp=)-.18 E F2 -1.07
-.9(PA T)D(TERN).9 E F1(-e)108 367.2 Q F2 -1.07 -.9(PA T)2.5 H(TERN).9 E
F0 .413(Only report hits with te)144 379.2 R .412
(xt that matches the re)-.15 F .412(gular e)-.15 F .412
(xpression pattern P)-.15 F -1.11(AT)-.92 G 2.912(TERN. F)1.11 F .412
(or e)-.15 F .412(xample, to)-.15 F 1.753
(only report hits containing the te)144 391.2 R 1.753
(xt "CWE-120", use `)-.15 F<60adad7265>-.74 E(ge)-.15 E 4.254(xC)-.15 G
(WE-120')-4.254 E 4.254('. These)-.74 F 1.754(option \215ag)4.254 F
(names are the same as grep.)144 403.2 Q F1(Selecting Output F)87 444 Q
(ormat)-.25 E(\255\255columns)108 456 Q<ad43>108 472.8 Q F0(Sho)168
472.8 Q 4.024(wt)-.25 G 1.524(he column number \(as well as the \214le \
name and line number\) of each hit; this is)-4.024 F(sho)168 484.8 Q
.609(wn after the line number by adding a colon and the column number i\
n the line \(the \214rst)-.25 F .562
(character in a line is column number 1\).)168 496.8 R .562
(This is useful for editors that can jump to speci\214c)5.562 F 1.374
(columns, or for inte)168 508.8 R 1.375
(grating with other tools \(such as those to further \214lter out f)-.15
F 1.375(alse posi-)-.1 F(ti)168 520.8 Q -.15(ve)-.25 G(s\).).15 E F1
(\255\255context)108 549.6 Q<ad63>108 566.4 Q F0(Sho)168 566.4 Q 4.25
(wc)-.25 G(onte)-4.25 E 1.75(xt, i.e., the line ha)-.15 F 1.749
(ving the "hit"/potential \215a)-.2 F 5.549 -.65(w. B)-.15 H 4.249(yd)
.65 G(ef)-4.249 E 1.749(ault the line is sho)-.1 F(wn)-.25 E
(immediately after the w)168 578.4 Q(arning.)-.1 E F1<adad637376>108
607.2 Q F0 .455(Generate output in comma-separated-v)168 607.2 R .455
(alue \(CSV\) format.)-.25 F .455(This is the recommended format)5.455 F
.023(for sending to other tools for processing.)168 619.2 R .023
(It will al)5.023 F -.1(wa)-.1 G .023(ys generate a header ro).1 F 1.323
-.65(w, f)-.25 H(ollo).65 E .023(wed by 0)-.25 F .857(or more data ro)
168 631.2 R .858(ws \(one data ro)-.25 F 3.358(wf)-.25 G .858
(or each hit\).)-3.358 F .858
(Selecting this option automatically enables)5.858 F 1.314
(\255\255quiet and \255\255dataonly)168 643.2 R 6.314(.T)-.65 G 1.314
(he headers are mostly self-e)-6.314 F(xplanatory)-.15 E 6.313(.")-.65 G
1.313(File" is the \214lename,)-6.313 F .164("Line" is the line number)
168 655.2 R 2.664(,")-.4 G .164
(Column" is the column \(starting from 1\), "Le)-2.664 F -.15(ve)-.25 G
.165(l" is the risk le).15 F -.15(ve)-.25 G(l).15 E .42
(\(0-5, 5 is riskiest\), "Cate)168 667.2 R .419
(gory" is the general \215a)-.15 F .419(w\214nder cate)-.15 F(gory)-.15
E 2.919(,")-.65 G .419(Name" is the name of the)-2.919 F 1.252
(triggering rule, "W)168 679.2 R 1.253(arning" is te)-.8 F 1.253(xt e)
-.15 F 1.253(xplaining wh)-.15 F 3.753(yi)-.05 G 3.753(ti)-3.753 G 3.753
(sah)-3.753 G 1.253(it \(\214nding\), "Suggestion" is te)-3.753 F(xt)
-.15 E .99(suggesting ho)168 691.2 R 3.49(wi)-.25 G 3.49(tm)-3.49 G .99
(ight be \214x)-3.49 F .99(ed, "Note" is other e)-.15 F .99
(xplanatory notes, "CWEs" is the list of)-.15 F .335
(one or more CWEs, "Conte)168 703.2 R .335
(xt" is the source code line triggering the hit, and "Fingerprint" is)
-.15 F .047(the SHA-256 hash of the conte)168 715.2 R .046
(xt once its leading and trailing whitespace ha)-.15 F .346 -.15(ve b)
-.2 H .046(een remo).15 F -.15(ve)-.15 G(d).15 E 1.054(\(the \214ngerpr\
int may help detect and eliminate later duplications\).)168 727.2 R
1.055(If you use Python3, the)6.055 F(Fla)72 768 Q 165.545(w\214nder 4)
-.15 F(Apr 2018)2.5 E(5)206.225 E 0 Cg EP
%%Page: 6 6
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E(hash is of the conte)168 84 Q
(xt when encoded as UTF-8.)-.15 E/F1 10/Times-Bold@0 SF
(\255\255dataonly)108 112.8 Q<ad44>108 129.6 Q F0(Don')168 129.6 Q 2.5
(td)-.18 G(isplay the header and footer)-2.5 E 5(.U)-.55 G
(se this along with \255\255quiet to see just the data itself.)-5 E F1
(\255\255html)108 158.4 Q<ad48>108 175.2 Q F0 -.15(Fo)168 175.2 S
(rmat the output as HTML instead of as simple te).15 E(xt.)-.15 E F1
(\255\255immediate)108 204 Q(-i)108 220.8 Q F0
(Immediately display hits \(don')168 220.8 Q 2.5(tj)-.18 G(ust w)-2.5 E
(ait until the end\).)-.1 E F1(\255\255singleline)108 249.6 Q(-S)108
266.4 Q F0 1.267(Display as single line of te)168 266.4 R 1.267
(xt output for each hit.)-.15 F 1.267
(Useful for interacting with compilation)6.267 F(tools.)168 278.4 Q F1
(\255\255omittime)108 307.2 Q F0 .82(Omit timing information.)168 307.2
R .82(This is useful for re)5.82 F .82(gression tests of \215a)-.15 F
.82(w\214nder itself, so that the)-.15 F(output doesn')168 319.2 Q 2.5
(tv)-.18 G(ary depending on ho)-2.75 E 2.5(wl)-.25 G
(ong the analysis tak)-2.5 E(es.)-.1 E F1(\255\255quiet)108 348 Q<ad51>
108 364.8 Q F0(Don')168 364.8 Q 3.153(td)-.18 G .652
(isplay status information \(i.e., which \214les are being e)-3.153 F
.652(xamined\) while the analysis is)-.15 F(going on.)168 376.8 Q F1
<adad657272>108 405.6 Q(or)-.18 E(-le)-.37 E -.1(ve)-.15 G(l=LEVEL).1 E
F0 1.48(Return a nonzero \(f)168 417.6 R 1.48
(alse\) error code if there is at least one hit of LEVEL or higher)-.1 F
6.48(.I)-.55 G 3.98(fa)-6.48 G(dif)168 429.6 Q .204(fhitlist is pro)-.25
F .203(vided, hits noted in it are ignored.)-.15 F .203
(This option can be useful within a contin-)5.203 F 1.791(uous inte)168
441.6 R 1.792(gration script, especially if you mark kno)-.15 F 1.792
(wn-okay lines as "\215a)-.25 F 1.792(w\214nder: ignore".)-.15 F 1.233
(Usually you w)168 453.6 R 1.233(ant le)-.1 F -.15(ve)-.25 G 3.733(lt)
.15 G 3.733(ob)-3.733 G 3.733(ef)-3.733 G 1.232
(airly high, such as 4 or 5.)-3.833 F 1.232(By def)6.232 F 1.232
(ault, \215a)-.1 F 1.232(w\214nder returns 0)-.15 F
(\(true\) on a successful run.)168 465.6 Q F1(Hitlist Management)87
494.4 Q<adad7361>108 506.4 Q -.1(ve)-.25 G(hitlist=).1 E/F2 10
/Times-Italic@0 SF(F)A F0(Sa)168 518.4 Q .3 -.15(ve a)-.2 H
(ll resulting hits \(the "hitlist"\) to F).15 E(.)-.8 E F1
(\255\255loadhitlist=)108 547.2 Q F2(F)A F0 .44
(Load the hitlist from F instead of analyzing source programs.)168 559.2
R -.8(Wa)5.44 G .44(rning: Do).8 F F2(not)2.94 E F0 .44(load hitlists)
2.94 F 2.707(from untrusted sources \(for security reasons\).)168 571.2
R 2.707(These are internally implemented using)7.707 F(Python')168 583.2
Q 3.708(s")-.55 G 1.208(pickle" f)-3.708 F(acility)-.1 E 3.708(,w)-.65 G
1.208(hich trusts the input.)-3.708 F 1.209
(Note that stored hitlists often cannot be)6.208 F 2.652
(read when using an older v)168 595.2 R 2.652
(ersion of Python, in particular)-.15 F 5.152(,i)-.4 G 5.152(fs)-5.152 G
-2.25 -.2(av e)-5.152 H 2.652(hitlist w).2 F 2.652(as used b)-.1 F(ut)
-.2 E<8d61>168 607.2 Q 1.435(w\214nder w)-.15 F 1.436
(as run using Python 3, the hitlist can')-.1 F 3.936(tb)-.18 G 3.936(el)
-3.936 G 1.436(oaded by running \215a)-3.936 F 1.436(w\214nder with)-.15
F(Python 2.)168 619.2 Q F1(\255\255diffhitlist=)108 648 Q F2(F)A F0(Sho)
168 660 Q 3.54(wo)-.25 G 1.039(nly hits \(loaded or analyzed\) not in F)
-3.54 F 6.039(.F)-.8 G -.1(wa)-2.5 G 3.539(sp).1 G 1.039
(resumably created pre)-3.539 F 1.039(viously using)-.25 F<adad7361>168
672 Q -.15(ve)-.2 G 2.865(hitlist. W).15 F .365(arning: Do)-.8 F F2(not)
2.866 E F0(dif)2.866 E 2.866(fh)-.25 G .366
(itlists from untrusted sources \(for security reasons\).)-2.866 F(If)
5.366 E .668(the \255\255loadhitlist option is not pro)168 684 R .668
(vided, this will sho)-.15 F 3.168(wt)-.25 G .668
(he hits in the analyzed source code)-3.168 F .143
(\214les that were not pre)168 696 R .144(viously stored in F)-.25 F
5.144(.I)-.8 G 2.644(fu)-5.144 G .144
(sed along with \255\255loadhitlist, this will sho)-2.644 F 2.644(wt)
-.25 G(he)-2.644 E .095(hits in the loaded hitlist not in F)168 708 R
5.094(.T)-.8 G .094(he dif)-5.094 F .094(ference algorithm is conserv)
-.25 F(ati)-.25 E -.15(ve)-.25 G 2.594(;h).15 G .094(its are only con-)
-2.594 F .683(sidered the `)168 720 R(`same')-.74 E 3.183('i)-.74 G
3.183(ft)-3.183 G(he)-3.183 E 3.183(yh)-.15 G -2.25 -.2(av e)-3.183 H
.683(the same \214lename, line number)3.383 F 3.183(,c)-.4 G .683
(olumn position, function)-3.183 F(Fla)72 768 Q 165.545(w\214nder 4)-.15
F(Apr 2018)2.5 E(6)206.225 E 0 Cg EP
%%Page: 7 7
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E(name, and risk le)168 84 Q -.15
(ve)-.25 G(l.).15 E/F1 10/Times-Bold@0 SF(Character Encoding)87 112.8 Q
F0(Fla)108 124.8 Q .871(w\214nder presumes that the character encoding \
your system uses is also the character encoding used by)-.15 F 1.355
(your source \214les.)108 136.8 R(Ev)6.355 E 1.355(en if this isn')-.15
F 3.856(tc)-.18 G 1.356(orrect, if you run \215a)-3.856 F 1.356
(w\214nder with Python 2 these non-conformities)-.15 F
(often do not impact processing in practice.)108 148.8 Q(Ho)108 172.8 Q
(we)-.25 E -.15(ve)-.25 G 1.328 -.4(r, i).15 H 3.028(fy).4 G .528
(ou run \215a)-3.028 F .528
(w\214nder with Python 3, this can be a problem.)-.15 F .528(Python 3 w)
5.528 F .528(ants the w)-.1 F .527(orld to al)-.1 F -.1(wa)-.1 G(ys).1 E
1.464(use encodings perfectly correctly)108 184.8 R 3.964(,e)-.65 G -.15
(ve)-4.214 G 1.464(rywhere, e).15 F -.15(ve)-.25 G 3.964(nt).15 G 1.464
(hough the w)-3.964 F 1.464(orld often doesn')-.1 F 3.965(tc)-.18 G
1.465(are what Python 3)-3.965 F -.1(wa)108 196.8 S 2.845(nts. This).1 F
.345(is a problem e)2.845 F -.15(ve)-.25 G 2.845(ni).15 G 2.845(ft)
-2.845 G .345(he non-conforming te)-2.845 F .345
(xt is in comments or strings \(where it often doesn')-.15 F(t)-.18 E
2.986(matter\). Python)108 208.8 R 2.986(3f)2.986 G .486(ails to pro)
-3.086 F .486(vide useful b)-.15 F .486
(uilt-ins to deal with the messiness of the real w)-.2 F .487
(orld, so it')-.1 F 2.987(sn)-.55 G(on-)-2.987 E(tri)108 220.8 Q
(vial to deal with this problem without depending on e)-.25 E
(xternal libraries \(which we')-.15 E(re trying to a)-.5 E -.2(vo)-.2 G
(id\).).2 E 2.5(As)108 244.8 S
(ymptom of this problem is if you run \215a)-2.5 E
(w\214nder and you see an error message lik)-.15 E 2.5(et)-.1 G(his:)
-2.5 E/F2 10/Times-Italic@0 SF(UnicodeDecodeErr)108 268.8 Q
(or: 'utf-8' codec can')-.45 E 2.5(td)-.3 G
(ecode byte ... in position ...: in)-2.5 E(valid continuation byte)-.4 E
F0(If this happens to you, there are se)108 292.8 Q -.15(ve)-.25 G
(ral options.).15 E .463(The \214rst option is to con)108 316.8 R -.15
(ve)-.4 G .462
(rt the encoding of the \214les to be analyzed so that it').15 F 2.962
(sas)-.55 G .462(ingle encoding \(usually)-2.962 F 1.128
(the system encoding\).)108 328.8 R -.15(Fo)6.128 G 3.628(re).15 G 1.128
(xample, the program "icon)-3.778 F 1.128(v" can be used to con)-.4 F
-.15(ve)-.4 G 1.128(rt encodings.).15 F 1.128(This w)6.128 F(orks)-.1 E
.258(well if some \214les ha)108 340.8 R .558 -.15(ve o)-.2 H .258
(ne encoding, and some ha).15 F .558 -.15(ve a)-.2 H(nother).15 E 2.758
(,b)-.4 G .258(ut the)-2.958 F 2.758(ya)-.15 G .258
(re consistent within a single \214le.)-2.758 F(If)5.257 E .07
(the \214les ha)108 352.8 R .37 -.15(ve e)-.2 H .07
(ncoding errors, you').15 F .07(ll ha)-.1 F .37 -.15(ve t)-.2 H 2.57
<6f8c>.15 G 2.57(xt)-2.57 G 2.57(hem. I)-2.57 F .07
(strongly recommend using the UTF-8 encoding for)2.57 F
(all source code and in the system itself; if you do that, man)108 364.8
Q 2.5(yp)-.15 G(roblems disappear)-2.5 E(.)-.55 E .366
(The second option is to tell \215a)108 388.8 R .366
(w\214nder what the encoding of the \214les is.)-.15 F .366
(E.G., you can set the LANG en)5.366 F(vi-)-.4 E .549(ronment v)108
400.8 R 3.049(ariable. Y)-.25 F .549
(ou can set PYTHONIOENCODING to the encoding you w)-1.1 F .55
(ant your output to be in, if)-.1 F(that')108 412.8 Q 2.5(sd)-.55 G(if)
-2.5 E 2.5(ferent. This)-.25 F(in theory w)2.5 E(ould w)-.1 E(ork, b)-.1
E(ut I ha)-.2 E -.15(ve)-.2 G(n').15 E 2.5(th)-.18 G
(ad much success with this.)-2.5 E(The third option is to run \215a)108
436.8 Q(w\214nder using Python 2 instead of Python 3.)-.15 E(E.g., "p)5
E(ython2 \215a)-.1 E(w\214nder ...".)-.15 E/F3 10.95/Times-Bold@0 SF
(EXAMPLES)72 465.6 Q F0 .226(Here are v)108 477.6 R .226(arious e)-.25 F
.226(xamples of ho)-.15 F 2.725(wt)-.25 G 2.725(oi)-2.725 G -1.9 -.4
(nv o)-2.725 H .425 -.1(ke \215).4 H -.15(aw).1 G(\214nder).15 E 5.225
(.T)-.55 G .225(he \214rst e)-5.225 F .225(xamples sho)-.15 F 2.725(wv)
-.25 G .225(arious simple command-)-2.975 F 1.273(line options.)108
489.6 R(Fla)6.273 E 1.273(w\214nder is designed to w)-.15 F 1.274
(ork well with te)-.1 F 1.274(xt editors and inte)-.15 F 1.274
(grated de)-.15 F -.15(ve)-.25 G 1.274(lopment en).15 F(viron-)-.4 E
(ments, so the ne)108 501.6 Q(xt sections sho)-.15 E 2.5(wh)-.25 G .5
-.25(ow t)-2.5 H 2.5(oi).25 G(nte)-2.5 E(grate \215a)-.15 E
(w\214nder into vim and emacs.)-.15 E F1(Simple command-line options)87
530.4 Q(\215aw\214nder /usr/sr)108 542.4 Q(c/linux-3.16)-.18 E F0 1.705
(Examine all the C/C++ \214les in the directory /usr/src/linux-3.16 and\
 all its subdirectories)168 554.4 R(\(recursi)168 566.4 Q -.15(ve)-.25 G
.334(ly\), reporting on all hits found.).15 F .334(By def)5.334 F .334
(ault \215a)-.1 F .334(w\214nder will skip symbolic links and)-.15 F
(directories with names that start with a period.)168 578.4 Q F1
(\215aw\214nder \255\255minle)108 607.2 Q -.1(ve)-.15 G(l=4 .).1 E F0
.154(Examine all the C/C++ \214les in the current directory and its sub\
directories \(recursi)168 619.2 R -.15(ve)-.25 G .153(ly\); only).15 F
(report vulnerabilities le)168 631.2 Q -.15(ve)-.25 G 2.5(l4a).15 G
(nd up \(the tw)-2.5 E 2.5(oh)-.1 G(ighest risk le)-2.5 E -.15(ve)-.25 G
(ls\).).15 E F1(\215aw\214nder \255\255inputs mydir)108 660 Q F0 1.03(E\
xamine all the C/C++ \214les in mydir and its subdirectories \(recursi)
168 672 R -.15(ve)-.25 G 1.03(ly\), and report func-).15 F
(tions that tak)168 684 Q 2.5(ei)-.1 G
(nputs \(so that you can ensure that the)-2.5 E 2.5<798c>-.15 G
(lter the inputs appropriately\).)-2.5 E(Fla)72 768 Q 165.545
(w\214nder 4)-.15 F(Apr 2018)2.5 E(7)206.225 E 0 Cg EP
%%Page: 8 8
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E/F1 10/Times-Bold@0 SF
(\215aw\214nder \255\255ne)108 84 Q -.1(ve)-.15 G(rignor).1 E 2.5(em)
-.18 G(ydir)-2.5 E F0 .3(Examine all the C/C++ \214les in the directory\
 mydir and its subdirectories, including e)168 96 R -.15(ve)-.25 G 2.8
(nt).15 G(he)-2.8 E(hits mark)168 108 Q
(ed for ignoring in the code comments.)-.1 E F1
(\215aw\214nder \255\255csv .)108 136.8 Q F0 .252
(Examine the current directory do)168 148.8 R .253(wn \(recursi)-.25 F
-.15(ve)-.25 G .253(ly\), and report all hits in CSV format.).15 F .253
(This is)5.253 F 1.395(the recommended form if you w)168 160.8 R 1.395
(ant to further process \215a)-.1 F 1.394
(w\214nder output using other tools)-.15 F
(\(such as data correlation tools\).)168 172.8 Q F1
(\215aw\214nder \255QD mydir)108 201.6 Q F0 .092
(Examine mydir and report only the actual results \(remo)168 213.6 R
.093(ving the header and footer of the out-)-.15 F 3.062(put\). This)168
225.6 R .561(form may be useful if the output will be piped into other \
tools for further analy-)3.062 F .341
(sis, though CSV format is probably the better choice in that case.)168
237.6 R .342(The \255C \(\255\255columns\) and)5.342 F
(\255S \(\255\255singleline\) options can also be useful if you')168
249.6 Q(re piping the data into other tools.)-.5 E F1
(\215aw\214nder \255QDSC mydir)108 278.4 Q F0 .554(Examine mydir)168
290.4 R 3.054(,r)-.4 G .554
(eporting only the actual results \(no header or footer\).)-3.054 F .553
(Each hit is reported)5.553 F 1.119
(on one line, and column numbers are reported.)168 302.4 R 1.12
(This can be a useful command if you are)6.119 F(feeding \215a)168 314.4
Q(w\214nder output to other tools.)-.15 E F1
(\215aw\214nder \255\255quiet \255\255html \255\255context mydir > r)108
343.2 Q(esults.html)-.18 E F0 1.185(Examine all the C/C++ \214les in th\
e directory mydir and its subdirectories, and produce an)168 355.2 R
.277(HTML formatted v)168 367.2 R .277(ersion of the results.)-.15 F
.278(Source code management systems \(such as Source-)5.277 F -.15(Fo)
168 379.2 S -.18(rg).15 G 2.5(ea).18 G(nd Sa)-2.5 E -.25(va)-.2 G
(nnah\) might use a command lik).25 E 2.5(et)-.1 G(his.)-2.5 E F1
(\215aw\214nder \255\255quiet \255\255sa)108 408 Q -.1(ve)-.25 G
(hitlist sa).1 E -.1(ve)-.25 G(d.hits *.[ch]).1 E F0 .406
(Examine all .c and .h \214les in the current directory)168 420 R 5.406
(.D)-.65 G(on')-5.406 E 2.906(tr)-.18 G .406
(eport on the status of processing,)-2.906 F(and sa)168 432 Q .3 -.15
(ve t)-.2 H
(he resulting hitlist \(the set of all hits\) in the \214le sa).15 E
-.15(ve)-.2 G(d.hits.).15 E F1(\215aw\214nder \255\255diffhitlist sa)108
460.8 Q -.1(ve)-.25 G(d.hits *.[ch]).1 E F0 .324
(Examine all .c and .h \214les in the current directory)168 472.8 R
2.825(,a)-.65 G .325(nd sho)-2.825 F 2.825(wa)-.25 G .625 -.15(ny h)
-2.825 H .325(its that weren').15 F 2.825(ta)-.18 G .325(lready in)
-2.825 F .921(the \214le sa)168 484.8 R -.15(ve)-.2 G 3.421
(d.hits. This).15 F .921(can be used to sho)3.421 F 3.421(wo)-.25 G .921
(nly the `)-3.421 F(`ne)-.74 E(w')-.25 E 3.42('v)-.74 G .92
(ulnerabilities in a modi\214ed)-3.42 F(program, if sa)168 496.8 Q -.15
(ve)-.2 G(d.hits w).15 E(as created from the older v)-.1 E
(ersion of the program being analyzed.)-.15 E F1
(\215aw\214nder \255\255patch r)108 525.6 Q(ecent.patch .)-.18 E F0 .641
(Examine the current directory recursi)168 537.6 R -.15(ve)-.25 G(ly).15
E 3.141(,b)-.65 G .642(ut only report lines that were changed or added)
-3.341 F(in the already-applied patch\214le named)168 549.6 Q/F2 10
/Times-Italic@0 SF -.37(re)2.5 G(cent.patc).37 E(h)-.15 E F0(.)A F1
(\215aw\214nder \255\255r)108 578.4 Q(egex "CWE-120|CWE-126" sr)-.18 E
(c/)-.18 E F0(Examine directory)168 590.4 Q F2(sr)2.5 E(c)-.37 E F0
(recursi)2.5 E -.15(ve)-.25 G(ly).15 E 2.5(,b)-.65 G
(ut only report hits where CWE-120 or CWE-126 apply)-2.7 E(.)-.65 E F1
(In)87 619.2 Q -.1(vo)-.4 G(king fr).1 E(om vim)-.18 E F0 .178(The te)
108 631.2 R .177(xt editor vim includes a "quick\214x" mechanism that w)
-.15 F .177(orks well with \215a)-.1 F(w\214nder)-.15 E 2.677(,s)-.4 G
2.677(ot)-2.677 G .177(hat you can easily)-2.677 F(vie)108 643.2 Q 2.5
(wt)-.25 G(he w)-2.5 E(arning messages and jump to the rele)-.1 E -.25
(va)-.25 G(nt source code.).25 E .322(First, you need to in)108 660 R
-.2(vo)-.4 G .522 -.1(ke \215).2 H -.15(aw).1 G .322
(\214nder to create a list of hits, and there are tw).15 F 2.822(ow)-.1
G .323(ays to do this.)-2.922 F .323(The \214rst w)5.323 F(ay)-.1 E .218
(is to start \215a)108 672 R .218
(w\214nder \214rst, and then \(using its output\) in)-.15 F -.2(vo)-.4 G
.418 -.1(ke v).2 H 2.718(im. The).1 F .218(second w)2.718 F .218
(ay is to start \(or continue to)-.1 F(run\) vim, and then in)108 684 Q
-.2(vo)-.4 G .2 -.1(ke \215).2 H -.15(aw).1 G
(\214nder \(typically from inside vim\).).15 E -.15(Fo)108 700.8 S 3.071
(rt).15 G .571(he \214rst w)-3.071 F(ay)-.1 E 3.071(,r)-.65 G .572
(un \215a)-3.071 F .572(w\214nder and store its output in some FLA)-.15
F .572(WFILE \(say "\215a)-.9 F .572(w\214le"\), then in)-.15 F -.2(vo)
-.4 G .772 -.1(ke v).2 H(im).1 E .486(using its -q option, lik)108 712.8
R 2.986(et)-.1 G .486(his: "vim -q \215a)-2.986 F 2.986(w\214le". The)
-.15 F .486(second w)2.986 F .486(ay \(starting \215a)-.1 F .486
(w\214nder after starting vim\) can)-.15 F 1.017(be done a le)108 724.8
R 1.017(gion of w)-.15 F 3.517(ays. One)-.1 F 1.017(is to in)3.517 F -.2
(vo)-.4 G 1.218 -.1(ke \215).2 H -.15(aw).1 G 1.018
(\214nder using a shell command, ":!\215a).15 F(w\214nder)-.15 E 1.018
(-command >)-.2 F(Fla)72 768 Q 165.545(w\214nder 4)-.15 F(Apr 2018)2.5 E
(8)206.225 E 0 Cg EP
%%Page: 9 9
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E(FLA)108 84 Q .252
(WFILE", then follo)-.9 F 2.752(wt)-.25 G .251
(hat with the command ":cf FLA)-2.752 F 2.751(WFILE". Another)-.9 F -.1
(wa)2.751 G 2.751(yi).1 G 2.751(st)-2.751 G 2.751(os)-2.751 G .251
(tore the \215a)-2.751 F(w\214nder)-.15 E(command in your mak)108 96 Q
(e\214le \(as, say)-.1 E 2.5(,ap)-.65 G(seudocommand lik)-2.5 E 2.5(e")
-.1 G<8d61>-2.5 E(w"\), and then run ":mak)-.15 E 2.5<658d>-.1 G -.15
(aw)-2.5 G(".).15 E .417
(In all these cases you need a command for \215a)108 112.8 R .417
(w\214nder to run.)-.15 F 2.917(Ap)5.417 G .418
(lausible command, which places each hit)-2.917 F(in its o)108 124.8 Q
(wn line \(-S\) and remo)-.25 E -.15(ve)-.15 G 2.5(sh).15 G
(eaders and footers that w)-2.5 E(ould confuse it, is:)-.1 E/F1 10
/Times-Bold@0 SF(\215aw\214nder \255SQD .)108 141.6 Q F0 -1.1(Yo)108
170.4 S 2.96(uc)1.1 G .46(an no)-2.96 F 2.96(wu)-.25 G .46(se v)-2.96 F
.46(arious editing commands to vie)-.25 F 2.96(wt)-.25 G .46
(he results.)-2.96 F .46(The command ":cn" displays the ne)5.46 F .46
(xt hit;)-.15 F .011(":cN" displays the pre)108 182.4 R .011
(vious hit, and ":cr" re)-.25 F .012(winds back to the \214rst hit.)-.25
F .012(":copen" will open a windo)5.012 F 2.512(wt)-.25 G 2.512(os)
-2.512 G(ho)-2.512 E(w)-.25 E .203
(the current list of hits, called the "quick\214x windo)108 194.4 R .202
(w"; ":cclose" will close the quick\214x windo)-.25 F 4.002 -.65(w. I)
-.25 H 2.702(ft).65 G .202(he b)-2.702 F(uf)-.2 E(fer)-.25 E .25
(in the used windo)108 206.4 R 2.75(wh)-.25 G .25(as changed, and the e\
rror is in another \214le, jumping to the error will f)-2.75 F 2.75
(ail. Y)-.1 F .25(ou ha)-1.1 F .55 -.15(ve t)-.2 H(o).15 E(mak)108 218.4
Q 2.588(es)-.1 G .088(ure the windo)-2.588 F 2.588(wc)-.25 G .088
(ontains a b)-2.588 F(uf)-.2 E .087
(fer which can be abandoned before trying to jump to a ne)-.25 F 2.587
<778c>-.25 G .087(le, say by)-2.587 F(sa)108 230.4 Q
(ving the \214le; this pre)-.2 E -.15(ve)-.25 G
(nts accidental data loss.).15 E F1(In)87 259.2 Q -.1(vo)-.4 G(king fr)
.1 E(om emacs)-.18 E F0 .269(The te)108 271.2 R .269(xt editor / operat\
ing system emacs includes "grep mode" and "compile mode" mechanisms tha\
t w)-.15 F(ork)-.1 E .825(well with \215a)108 283.2 R(w\214nder)-.15 E
3.324(,m)-.4 G .824(aking it easy to vie)-3.324 F 3.324(ww)-.25 G .824
(arning messages, jump to the rele)-3.424 F -.25(va)-.25 G .824
(nt source code, and \214x).25 F(an)108 295.2 Q 2.5(yp)-.15 G
(roblems you \214nd.)-2.5 E 1.426(First, you need to in)108 312 R -.2
(vo)-.4 G 1.626 -.1(ke \215).2 H -.15(aw).1 G 1.427
(\214nder to create a list of w).15 F 1.427(arning messages.)-.1 F -1.1
(Yo)6.427 G 3.927(uc)1.1 G 1.427(an use "grep mode" or)-3.927 F 2.646
("compile mode" to create this list.)108 324 R 2.645
(Often "grep mode" is more con)7.645 F -.15(ve)-.4 G 2.645
(nient; it lea).15 F -.15(ve)-.2 G 5.145(sc).15 G 2.645(ompile mode)
-5.145 F .537(untouched so you can easily recompile once you')108 336 R
.837 -.15(ve c)-.5 H .537(hanged something.).15 F(Ho)5.537 E(we)-.25 E
-.15(ve)-.25 G 1.337 -.4(r, i).15 H 3.037(fy).4 G .537(ou w)-3.037 F
.537(ant to jump to)-.1 F .51(the e)108 348 R .51
(xact column position of a hit, compile mode may be more con)-.15 F -.15
(ve)-.4 G .509(nient because emacs can use the col-).15 F
(umn output of \215a)108 360 Q
(w\214nder to directly jump to the right location without an)-.15 E 2.5
(ys)-.15 G(pecial con\214guration.)-2.5 E 2.064 -.8(To u)108 376.8 T
.465(se grep mode, enter the command "M-x grep" and then enter the need\
ed \215a).8 F .465(w\214nder command.)-.15 F 2.065 -.8(To u)5.465 H(se)
.8 E 1.307(compile mode, enter the command "M-x compile" and enter the \
needed \215a)108 388.8 R 1.307(w\214nder command.)-.15 F 1.307
(This is a)6.307 F(meta-k)108 400.8 Q .436 -.15(ey c)-.1 H .136
(ommand, so you').15 F .137(ll need to use the meta k)-.1 F .437 -.15
(ey f)-.1 H .137(or your k).15 F -.15(ey)-.1 G .137
(board \(this is usually the ESC k).15 F -.15(ey)-.1 G 2.637(\). As).15
F 1.016(with all emacs commands, you')108 412.8 R 1.016
(ll need to press RETURN after typing "grep" or "compile".)-.1 F 1.015
(So on man)6.015 F(y)-.15 E(systems, the grep mode is in)108 424.8 Q -.2
(vo)-.4 G -.1(ke).2 G 2.5(db).1 G 2.5(yt)-2.5 G
(yping ESC x g r e p RETURN.)-2.5 E -1.1(Yo)108 441.6 S 3.563(ut)1.1 G
1.063(hen need to enter a command, remo)-3.563 F 1.063(ving whate)-.15 F
-.15(ve)-.25 G 3.563(rw).15 G 1.063(as there before if necessary)-3.663
F 6.063(.A)-.65 G 1.064(plausible com-)-2.499 F(mand is:)108 453.6 Q F1
(\215aw\214nder \255SQDC .)108 470.4 Q F0 .135(This command mak)108
487.2 R .135(es e)-.1 F -.15(ve)-.25 G .135
(ry hit report a single line, which is much easier for tools to handle.)
.15 F .134(The quiet and)5.134 F .546(dataonly options remo)108 499.2 R
.846 -.15(ve t)-.15 H .546
(he other status information not needed for use inside emacs.).15 F .546
(The trailing period)5.546 F(means that the current directory and all d\
escendents are searched for C/C++ code, and analyzed for \215a)108 511.2
Q(ws.)-.15 E 1.312(Once you')108 528 R 1.612 -.15(ve i)-.5 H -1.9 -.4
(nv o).15 H -.1(ke).4 G 3.812<648d>.1 G -.15(aw)-3.812 G(\214nder).15 E
3.811(,y)-.4 G 1.311(ou can use emacs to jump around in its results.)
-3.811 F 1.311(The command C-x \222)6.311 F 1.247
(\(Control-x backtick\) visits the source code location for the ne)108
540 R 1.247(xt w)-.15 F 1.248(arning message.)-.1 F 1.248
(C-u C-x \222 \(control-u)6.248 F .808
(control-x backtick\) restarts from the be)108 552 R 3.307(ginning. Y)
-.15 F .807(ou can visit the source for an)-1.1 F 3.307(yp)-.15 G .807
(articular error message)-3.307 F 1.64(by mo)108 564 R 1.64
(ving to that hit message in the *compilation* b)-.15 F(uf)-.2 E 1.641
(fer or *grep* b)-.25 F(uf)-.2 E 1.641(fer and typing the return k)-.25
F -.15(ey)-.1 G(.)-.5 E(\(T)108 576 Q 2.853
(echnical note: in the compilation b)-.7 F(uf)-.2 E(fer)-.25 E 5.352(,t)
-.4 G 2.852(his in)-5.352 F -.2(vo)-.4 G -.1(ke).2 G 5.352(sc).1 G
(ompile-goto-error)-5.352 E 5.352(.\) Y)-.55 F 2.852
(ou can also click the)-1.1 F(Mouse-2 b)108 588 Q
(utton on the error message \(you don')-.2 E 2.5(tn)-.18 G
(eed to switch to the *compilation* b)-2.5 E(uf)-.2 E(fer \214rst\).)
-.25 E .237(If you w)108 604.8 R .237
(ant to use grep mode to jump to speci\214c columns of a hit, you')-.1 F
.238(ll need to specially con\214gure emacs)-.1 F 1.279(to do this.)108
616.8 R 2.879 -.8(To d)6.279 H 3.779(ot).8 G 1.279
(his, modify the emacs v)-3.779 F 1.279(ariable "grep-re)-.25 F(ge)-.15
E 3.779(xp-alist". This)-.15 F -.25(va)3.779 G 1.278
(riable tells Emacs ho).25 F 3.778(wt)-.25 G(o)-3.778 E .348
(parse output of a "grep" command, similar to the v)108 628.8 R .349
(ariable "compilation-error)-.25 F(-re)-.2 E(ge)-.15 E .349
(xp-alist" which lists v)-.15 F(ari-)-.25 E
(ous formats of compilation error messages.)108 640.8 Q F1(In)87 669.6 Q
-.1(vo)-.4 G(king fr).1 E(om Integrated De)-.18 E -.1(ve)-.15 G
(lopment En).1 E(vir)-.4 E(onments \(IDEs\))-.18 E F0 -.15(Fo)108 681.6
S 2.5(r\().15 G(other\) IDEs, consult your IDE')-2.5 E 2.5(ss)-.55 G
(et of plug-ins.)-2.5 E(Fla)72 768 Q 165.545(w\214nder 4)-.15 F
(Apr 2018)2.5 E(9)206.225 E 0 Cg EP
%%Page: 10 10
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E/F1 10.95/Times-Bold@0 SF
(COMMON WEAKNESS ENUMERA)72 84 Q(TION \(CWE\))-1.04 E F0 1.218
(The Common W)108 96 R 1.218(eakness Enumeration \(CWE\) is `)-.8 F
1.218(`a formal list or dictionary of common softw)-.74 F 1.217
(are weak-)-.1 F .211(nesses that can occur in softw)108 108 R(are')-.1
E 2.711(sa)-.55 G .212
(rchitecture, design, code or implementation that can lead to e)-2.711 F
(xploitable)-.15 E 1.186(security vulnerabilities...)108 120 R 1.186
(created to serv)6.186 F 3.686(ea)-.15 G 3.685(sac)-3.686 G 1.185
(ommon language for describing softw)-3.685 F 1.185(are security weak-)
-.1 F(nesses')108 132 Q 2.5('\()-.74 G(https://cwe.mitre.or)-2.5 E
(g/about/f)-.18 E 2.5(aq.html\). F)-.1 F
(or more information on CWEs, see https://cwe.mitre.or)-.15 E(g.)-.18 E
(Fla)108 148.8 Q .422(w\214nder supports the CWE and is of)-.15 F .422
(\214cially CWE-Compatible.)-.25 F .423
(Hit descriptions typically include a rele-)5.422 F -.25(va)108 160.8 S
.763(nt Common W).25 F .763(eakness Enumeration \(CWE\) identi\214er in\
 parentheses where there is kno)-.8 F .762(wn to be a rele-)-.25 F -.25
(va)108 172.8 S .067(nt CWE.).25 F -.15(Fo)5.067 G 2.567(re).15 G .067
(xample, man)-2.717 F 2.567(yo)-.15 G 2.567(ft)-2.567 G .067(he b)-2.567
F(uf)-.2 E(fer)-.25 E .068
(-related hits mention CWE-120, the CWE identi\214er for `)-.2 F(`b)-.74
E(uf)-.2 E(fer)-.25 E(cop)108 184.8 Q 2.536(yw)-.1 G .036
(ithout checking size of input')-2.536 F 2.536('\()-.74 G .036(aka `)
-2.536 F .036(`Classic Buf)-.74 F .036(fer Ov)-.25 F(er\215o)-.15 E(w')
-.25 E 2.536('\). In)-.74 F 2.536(af)2.536 G .536 -.25(ew c)-2.536 H
.036(ases more than one CWE).25 F .66(identi\214er may be listed.)108
196.8 R .66(The HTML report also includes h)5.66 F(yperte)-.05 E .66
(xt links to the CWE de\214nitions hosted at)-.15 F 2.5(MITRE. In)108
208.8 R(this w)2.5 E(ay)-.1 E 2.5<2c8d>-.65 G -.15(aw)-2.5 G
(\214nder is designed to meet the CWE-Output requirement.).15 E .686
(In some cases there are CWE mapping and usage challenges; here is ho)
108 225.6 R 3.186<778d>-.25 G -.15(aw)-3.186 G .686
(\214nder handles them.).15 F .685(If the)5.685 F .393
(same entry maps to multiple CWEs simultaneously)108 237.6 R 2.894(,a)
-.65 G .394(ll the CWE mappings are listed as separated by com-)-2.894 F
3.377(mas. This)108 249.6 R .876
(often occurs with CWE-20, Improper Input V)3.377 F .876
(alidation; thus the report "CWE-676, CWE-120")-1.11 F .052(maps to tw)
108 261.6 R 2.552(oC)-.1 G 2.552(WEs. In)-2.552 F .053(addition, \215a)
2.552 F .053(w\214nder pro)-.15 F .053
(vides additional information for those who are are interested)-.15 F
.494(in the CWE/SANS top 25 list 2011 \(https://cwe.mitre.or)108 273.6 R
.493(g/top25/\) when mappings are not directly to them.)-.18 F(Man)108
285.6 Q 3.594(yp)-.15 G 1.094(eople will w)-3.594 F 1.095(ant to search\
 for speci\214c CWEs in this top 25 list, such as CWE-120 \(classic b)
-.1 F(uf)-.2 E(fer)-.25 E -.15(ove)108 297.6 S(r\215o).15 E 2.721
(w\). The)-.25 F .221(challenge is that some \215a)2.721 F .22
(w\214nder hits map to a more general CWE that w)-.15 F .22
(ould include a top)-.1 F .155(25 item, while in some other cases hits \
map to a more speci\214c vulnerability that is only a subset of a top 2\
5)108 309.6 R 3.949(item. T)108 321.6 R 3.949(or)-.8 G(esolv)-3.949 E
3.949(et)-.15 G 1.449(his, in some cases \215a)-3.949 F 1.449
(w\214nder will list a sequence of CWEs in the format "more-gen-)-.15 F
1.796
(eral/more-speci\214c", where the CWE actually being mapped is follo)108
333.6 R 1.797(wed by a "!".)-.25 F 1.797(This is al)6.797 F -.1(wa)-.1 G
1.797(ys done).1 F(whene)108 345.6 Q -.15(ve)-.25 G 3.269(ra\215).15 G
1.068 -.15(aw i)-3.269 H 3.268(sn).15 G .768
(ot mapped directly to a top 25 CWE, b)-3.268 F .768
(ut the mapping is related to such a CWE.)-.2 F(So)5.768 E .356("CWE-11\
9!/CWE-120" means that the vulnerability is mapped to CWE-119 and that \
CWE-120 is a subset)108 357.6 R .834(of CWE-119.)108 369.6 R .833(In co\
ntrast, "CWE-362/CWE-367!" means that the hit is mapped to CWE-367, a s\
ubset of)5.834 F 2.578(CWE-362. Note)108 381.6 R .078
(that this is a subtle syntax change from \215a)2.578 F .078
(w\214nder v)-.15 F .078(ersion 1.31; in \215a)-.15 F .079(w\214nder v)
-.15 F .079(ersion 1.31,)-.15 F 1.241
(the form "more-general:more-speci\214c" meant what is no)108 393.6 R
3.741(wl)-.25 G 1.241(isted as "more-general!/more-speci\214c", while)
-3.741 F .006
("more-general/more-speci\214c" meant "more-general/more-speci\214c!".)
108 405.6 R -.8(To)5.006 G .007(ols can handle both the v).8 F .007
(ersion 1.31)-.15 F .689(and the current format, if the)108 417.6 R
3.188(yw)-.15 G .688(ish, by noting that the older format did not use "\
!" at all \(and thus this is)-3.188 F(easy to distinguish\).)108 429.6 Q
(These mapping mechanisms simplify searching for certain CWEs.)5 E .77
(CWE v)108 446.4 R .77(ersion 2.7 \(released June 23, 2014\) w)-.15 F
.771(as used for the mapping.)-.1 F .771
(The current CWE mappings select)5.771 F .213
(the most speci\214c CWE the tool can determine.)108 458.4 R .213
(In theory)5.213 F 2.713(,m)-.65 G .213
(ost CWE security elements \(signatures/patterns)-2.713 F .268(that the\
 tool searches for\) could theoretically be mapped to CWE-676 \(Use of \
Potentially Dangerous Func-)108 470.4 R 1.017(tion\), b)108 482.4 R
1.017(ut such a mapping w)-.2 F 1.017(ould not be useful.)-.1 F 1.017
(Thus, more speci\214c mappings were preferred where one)6.017 F .52
(could be found.)108 494.4 R(Fla)5.52 E .52(w\214nder is a le)-.15 F .52
(xical analysis tool; as a result, it is impractical for it to be more \
speci\214c)-.15 F .967(than the mappings currently implemented.)108
506.4 R .966(This also means that it is unlik)5.966 F .966
(ely to need much updating for)-.1 F 1.688(map currenc)108 518.4 R 1.688
(y; it simply doesn')-.15 F 4.189(th)-.18 G -2.25 -.2(av e)-4.189 H
1.689(enough information to re\214ne to a detailed CWE le)4.389 F -.15
(ve)-.25 G 4.189(lt).15 G 1.689(hat CWE)-4.189 F 1.96(changes w)108
530.4 R 1.96(ould typically af)-.1 F 4.46(fect. The)-.25 F 1.96
(list of CWE identi\214ers w)4.46 F 1.96
(as generated automatically using "mak)-.1 F(e)-.1 E(sho)108 542.4 Q
.103(w-cwes", so there is con\214dence that this list is correct.)-.25 F
.104(Please report CWE mapping problems as b)5.104 F .104(ugs if)-.2 F
(you \214nd an)108 554.4 Q -.65(y.)-.15 G(Fla)108 571.2 Q .708
(w\214nder may f)-.15 F .708(ail to \214nd a vulnerability)-.1 F 3.208
(,e)-.65 G -.15(ve)-3.458 G 3.208(ni).15 G 3.207<668d>-3.208 G -.15(aw)
-3.207 G .707(\214nder co).15 F -.15(ve)-.15 G .707
(rs one of these CWE weaknesses.).15 F(That)5.707 E .814(said, \215a)108
583.2 R .815
(w\214nder does \214nd vulnerabilities listed by the CWEs it co)-.15 F
-.15(ve)-.15 G .815(rs, and it will not report lines without).15 F 2.027
(those vulnerabilities in man)108 595.2 R 4.527(yc)-.15 G 4.527
(ases. Thus,)-4.527 F 2.027(as required for an)4.527 F 4.527(yt)-.15 G
2.026(ool intending to be CWE compatible,)-4.527 F<8d61>108 607.2 Q
2.212(w\214nder has a rate of f)-.15 F 2.212(alse positi)-.1 F -.15(ve)
-.25 G 4.712(sl).15 G 2.212(ess than 100% and a rate of f)-4.712 F 2.213
(alse ne)-.1 F -.05(ga)-.15 G(ti).05 E -.15(ve)-.25 G 4.713(sl).15 G
2.213(ess than 100%.)-4.713 F(Fla)108 619.2 Q .281(w\214nder almost al)
-.15 F -.1(wa)-.1 G .281(ys reports whene).1 F -.15(ve)-.25 G 2.781(ri)
.15 G 2.781<748c>-2.781 G .28
(nds a match to a CWE security element \(a signature/pattern)-2.781 F(a\
s de\214ned in its database\), though certain obscure constructs can ca\
use it to f)108 631.2 Q(ail \(see B)-.1 E(UGS belo)-.1 E(w\).)-.25 E
(Fla)108 648 Q .206(w\214nder can report on the follo)-.15 F .206
(wing CWEs \(these are the CWEs that \215a)-.25 F .207(w\214nder co)-.15
F -.15(ve)-.15 G .207(rs; `).15 F(`*')-.74 E 2.707('m)-.74 G .207
(arks those)-2.707 F(in the CWE/SANS top 25 list\):)108 660 Q<83>108
676.8 Q(CWE-20: Improper Input V)118 676.8 Q(alidation)-1.11 E<83>108
693.6 Q(CWE-22: Improper Limitation of a P)118 693.6 Q
(athname to a Restricted Directory \(`)-.15 E(`P)-.74 E(ath T)-.15 E(ra)
-.35 E -.15(ve)-.2 G(rsal').15 E('\))-.74 E<83>108 710.4 Q .365(CWE-78:\
 Improper Neutralization of Special Elements used in an OS Command \(`)
118 710.4 R .364(`OS Command Injec-)-.74 F(tion')118 722.4 Q('\)*)-.74 E
(Fla)72 768 Q 165.545(w\214nder 4)-.15 F(Apr 2018)2.5 E(10)201.225 E 0
Cg EP
%%Page: 11 11
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E<83>108 84 Q 1.991(CWE-119: Imp\
roper Restriction of Operations within the Bounds of a Memory Buf)118 84
R 1.991(fer \(a parent of)-.25 F(CWE-120*, so this is sho)118 96 Q
(wn as CWE-119!/CWE-120\))-.25 E<83>108 112.8 Q(CWE-120: Buf)118 112.8 Q
(fer Cop)-.25 E 2.5(yw)-.1 G(ithout Checking Size of Input \(`)-2.5 E
(`Classic Buf)-.74 E(fer Ov)-.25 E(er\215o)-.15 E(w')-.25 E('\)*)-.74 E
<83>108 129.6 Q(CWE-126: Buf)118 129.6 Q(fer Ov)-.25 E(er)-.15 E(-read)
-.2 E<83>108 146.4 Q(CWE-134: Uncontrolled F)118 146.4 Q(ormat String*)
-.15 E<83>108 163.2 Q(CWE-190: Inte)118 163.2 Q(ger Ov)-.15 E(er\215o)
-.15 E 2.5(wo)-.25 G 2.5(rW)-2.5 G(raparound*)-2.5 E<83>108 180 Q
(CWE-250: Ex)118 180 Q(ecution with Unnecessary Pri)-.15 E(vile)-.25 E
(ges)-.15 E<83>108 196.8 Q(CWE-327: Use of a Brok)118 196.8 Q
(en or Risk)-.1 E 2.5(yC)-.15 G(ryptographic Algorithm*)-2.5 E<83>108
213.6 Q .407(CWE-362: Concurrent Ex)118 213.6 R .407
(ecution using Shared Resource with Improper Synchronization \(`)-.15 F
.407(`Race Condi-)-.74 F(tion')118 225.6 Q('\))-.74 E<83>108 242.4 Q
(CWE-377: Insecure T)118 242.4 Q(emporary File)-.7 E<83>108 259.2 Q
(CWE-676: Use of Potentially Dangerous Function*)118 259.2 Q<83>108 276
Q(CWE-732: Incorrect Permission Assignment for Critical Resource*)118
276 Q<83>108 292.8 Q .595(CWE-785: Use of P)118 292.8 R .596
(ath Manipulation Function without Maximum-sized Buf)-.15 F .596
(fer \(child of CWE-120*, so)-.25 F(this is sho)118 304.8 Q
(wn as CWE-120/CWE-785\))-.25 E<83>108 321.6 Q
(CWE-807: Reliance on Untrusted Inputs in a Security Decision*)118 321.6
Q<83>108 338.4 Q
(CWE-829: Inclusion of Functionality from Untrusted Control Sphere*)118
338.4 Q -1.1(Yo)108 355.2 S 2.582(uc)1.1 G .081
(an select a speci\214c subset of CWEs to report by using the `)-2.582 F
<60adad7265>-.74 E(ge)-.15 E(x')-.15 E 2.581('\()-.74 G .081
(-e\) option.)-2.581 F .081(This option accepts)5.081 F 3.991(ar)108
367.2 S -.15(eg)-3.991 G 1.491(ular e).15 F 1.491
(xpression, so you can select multiple CWEs, e.g., `)-.15 F<60adad7265>
-.74 E(ge)-.15 E 3.992(x")-.15 G(CWE-120|CWE-126"')-3.992 E 3.992('. If)
-.74 F(you)3.992 E .024(select multiple CWEs with `)108 379.2 R(`|')-.74
E 2.524('o)-.74 G 2.524(nac)-2.524 G .024
(ommand line you will typically need to quote the parameters \(since an)
-2.524 F(unquoted `)108 391.2 Q(`|')-.74 E 2.5('i)-.74 G 2.5(st)-2.5 G
(he pipe symbol\).)-2.5 E(Fla)5 E
(w\214nder is designed to meet the CWE-Searchable requirement.)-.15 E
.498(If your goal is to report a subset of CWEs that are listed in a \
\214le, that can be achie)108 408 R -.15(ve)-.25 G 2.999(do).15 G 2.999
(naU)-2.999 G(nix-lik)-2.999 E 2.999(es)-.1 G(ys-)-2.999 E .894
(tem using the `)108 420 R<60adad7265>-.74 E(ge)-.15 E(x')-.15 E 3.394
('a)-.74 G .894(ka `)-3.394 F(`\255e')-.74 E 3.394('o)-.74 G 3.394
(ption. The)-3.394 F .894(\214le must be in re)3.394 F .893(gular e)-.15
F .893(xpression format.)-.15 F -.15(Fo)5.893 G 3.393(re).15 G(xample,)
-3.543 E -.74(``)108 432 S<8d61>.74 E .955
(w\214nder -e $\(cat \214le1\)')-.15 F 3.455('w)-.74 G .956
(ould report only hits that matched the pattern in `)-3.555 F(`\214le1')
-.74 E 3.456('. If)-.74 F .956(\214le1 contained)3.456 F -.74(``)108 444
S(CWE-120|CWE-126').74 E 2.5('i)-.74 G 2.5(tw)-2.5 G
(ould only report hits matching those CWEs.)-2.6 E 2.581(Al)108 460.8 S
.081
(ist of all CWE security elements \(the signatures/patterns that \215a)
-2.581 F .08(w\214nder looks for\) can be found by using)-.15 F .448
(the `)108 472.8 R(`\255\255listrules')-.74 E 2.948('o)-.74 G 2.948
(ption. Each)-2.948 F .449(line lists the signature tok)2.949 F .449
(en \(typically a function name\) that may lead to a)-.1 F .917
(hit, the def)108 484.8 R .917(ault risk le)-.1 F -.15(ve)-.25 G .917
(l, and the def).15 F .917(ault w)-.1 F .917
(arning \(which includes the def)-.1 F .917(ault CWE identi\214er\).)-.1
F -.15(Fo)5.916 G 3.416(rm).15 G(ost)-3.416 E .727
(purposes this is also enough if you w)108 496.8 R .727
(ant to see what CWE security elements map to which CWEs, or the)-.1 F
(re)108 508.8 Q -.15(ve)-.25 G 3.506(rse. F).15 F 1.006(or e)-.15 F
1.006(xample, to see the most of the signatures \(function names\) that\
 map to CWE-327, without)-.15 F .164(seeing the def)108 520.8 R .164
(ault risk le)-.1 F -.15(ve)-.25 G 2.664(lo).15 G 2.664(rd)-2.664 G .164
(etailed w)-2.664 F .164(arning te)-.1 F .164(xt, run `)-.15 F(`\215a)
-.74 E .164(w\214nder \255\255listrules | grep CWE-327 | cut -f1')-.15 F
('.)-.74 E -1.1(Yo)108 532.8 S 3.088(uc)1.1 G .588(an also see the tok)
-3.088 F .588(ens without a CWE mapping this w)-.1 F .588
(ay by running `)-.1 F(`\215a)-.74 E .587
(w\214nder -D --listrules | grep)-.15 F .676(-v CWE-')108 544.8 R 3.176
('. Ho)-.74 F(we)-.25 E -.15(ve)-.25 G 1.476 -.4(r, w).15 H .676(hile \
\255\255listrules lists all CWE security elements, it only lists the de\
f).4 F .676(ault mappings)-.1 F .091
(from CWE security elements to CWE identi\214ers.)108 556.8 R .09
(It does not include the re\214nements that \215a)5.091 F .09
(w\214nder applies)-.15 F(\(e.g., by e)108 568.8 Q
(xamining function parameters\).)-.15 E 1.135(If you w)108 585.6 R 1.135
(ant a detailed and e)-.1 F 1.135(xact mapping between the CWE security\
 elements and CWE identi\214ers, the)-.15 F<8d61>108 597.6 Q 1.179
(w\214nder source code \(included in the distrib)-.15 F 1.179
(ution\) is the best place for that information.)-.2 F 1.178
(This detailed)6.178 F 1.459
(information is primarily of interest to those fe)108 609.6 R 3.959(wp)
-.25 G 1.459(eople who are trying to re\214ne the CWE mappings of)-3.959
F<8d61>108 621.6 Q 1.02(w\214nder or re\214ne CWE in general.)-.15 F
1.02(The source code documents the mapping between the security ele-)
6.02 F .991(ments to the respecti)108 633.6 R 1.292 -.15(ve C)-.25 H
.992(WE identi\214ers, and is a single Python \214le.).15 F .992(The `)
5.992 F(`c_rules')-.74 E 3.492('d)-.74 G .992(ataset de\214nes most)
-3.492 F .359(rules, with reference to a function that may mak)108 645.6
R 2.859(ef)-.1 G .359(urther re\214nements.)-2.859 F -1.1(Yo)5.359 G
2.859(uc)1.1 G .358(an search the dataset for func-)-2.859 F .043
(tion names to see what CWE it generates by def)108 657.6 R .044
(ault; if \214rst parameter is not `)-.1 F(`normal')-.74 E 2.544('t)-.74
G .044(hen that is the name)-2.544 F .64
(of a re\214ning Python method that may select dif)108 669.6 R .64
(ferent CWEs \(depending on additional information\).)-.25 F(Con-)5.64 E
-.15(ve)108 681.6 S(rsely).15 E 3.191(,y)-.65 G .691
(ou can search for `)-3.191 F(`CWE-number')-.74 E 3.191('a)-.74 G .692
(nd \214nd what security elements \(signatures or patterns\) refer)
-3.191 F .595(to that CWE identi\214er)108 693.6 R 5.595(.F)-.55 G .595
(or most people, this is much more than the)-5.745 F 3.095(yn)-.15 G
.594(eed; most people just w)-3.095 F .594(ant to scan)-.1 F
(their source code to quickly \214nd problems.)108 705.6 Q(Fla)72 768 Q
165.545(w\214nder 4)-.15 F(Apr 2018)2.5 E(11)201.225 E 0 Cg EP
%%Page: 12 12
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E/F1 10.95/Times-Bold@0 SF
(SECURITY)72 84 Q F0 .781
(The whole point of this tool is to help \214nd vulnerabilities so the)
108 96 R 3.282(yc)-.15 G .782(an be \214x)-3.282 F 3.282(ed. Ho)-.15 F
(we)-.25 E -.15(ve)-.25 G 1.582 -.4(r, d).15 H -2.15 -.25(ev e).4 H .782
(lopers and).25 F(re)108 108 Q(vie)-.25 E .352(wers must kno)-.25 F
2.852(wh)-.25 G .852 -.25(ow t)-2.852 H 2.852(od).25 G -2.15 -.25(ev e)
-2.852 H .352(lop secure softw).25 F .352
(are to use this tool, because otherwise,)-.1 F/F2 10/Times-Italic@0 SF
2.851(af)2.851 G .351(ool with a tool)-2.851 F(is still a fool)108 120 Q
F0 5(.M)C 2.5(yb)-5 G(ook at https://dwheeler)-2.5 E
(.com/secure-programs may help.)-.55 E .214
(This tool should be, at most, a small part of a lar)108 136.8 R .214
(ger softw)-.18 F .214(are de)-.1 F -.15(ve)-.25 G .214
(lopment process designed to eliminate or).15 F .228
(reduce the impact of vulnerabilities.)108 148.8 R(De)5.227 E -.15(ve)
-.25 G .227(lopers and re).15 F(vie)-.25 E .227(wers need kno)-.25 F
2.727(wh)-.25 G .727 -.25(ow t)-2.727 H 2.727(od).25 G -2.15 -.25(ev e)
-2.727 H .227(lop secure softw).25 F(are,)-.1 E(and the)108 160.8 Q 2.5
(yn)-.15 G(eed to apply this kno)-2.5 E
(wledge to reduce the risks of vulnerabilities in the \214rst place.)
-.25 E(Dif)108 177.6 Q 1.924
(ferent vulnerability-\214nding tools tend to \214nd dif)-.25 F 1.924
(ferent vulnerabilities.)-.25 F 1.924(Thus, you are best of)6.924 F
4.424(fu)-.25 G(sing)-4.424 E(human re)108 189.6 Q(vie)-.25 E 2.5(wa)
-.25 G(nd a v)-2.5 E(ariety of tools.)-.25 E
(This tool can help \214nd some vulnerabilities, b)5 E
(ut by no means all.)-.2 E -1.1(Yo)108 206.4 S 2.859(us)1.1 G .359
(hould al)-2.859 F -.1(wa)-.1 G .359(ys analyze a).1 F F2(copy)2.859 E
F0 .359(of the source program being analyzed, not a directory that can \
be modi-)2.859 F .344(\214ed by a de)108 218.4 R -.15(ve)-.25 G .344
(loper while \215a).15 F .344(w\214nder is performing the analysis.)-.15
F .344(This is)5.344 F F2(especially)2.844 E F0 .344(true if you don')
2.844 F 2.845(tn)-.18 G(ecess-)-2.845 E .807(ily trust a de)108 230.4 R
-.15(ve)-.25 G .806(loper of the program being analyzed.).15 F .806
(If an attack)5.806 F .806(er has control o)-.1 F -.15(ve)-.15 G 3.306
(rt).15 G .806(he \214les while you')-3.306 F(re)-.5 E .538
(analyzing them, the attack)108 242.4 R .538(er could mo)-.1 F .838 -.15
(ve \214)-.15 H .538(les around or change their contents to pre).15 F
-.15(ve)-.25 G .539(nt the e).15 F .539(xposure of a)-.15 F .078(securi\
ty problem \(or create the impression of a problem where there is none\
\).)108 254.4 R .077(If you')5.077 F .077(re w)-.5 F .077
(orried about mali-)-.1 F 1.017(cious programmers you should do this an)
108 266.4 R(yw)-.15 E(ay)-.1 E 3.517(,b)-.65 G 1.018
(ecause after analysis you')-3.517 F 1.018(ll need to v)-.1 F 1.018
(erify that the code)-.15 F -2.15 -.25(ev e)108 278.4 T .711
(ntually run is the code you analyzed.).25 F .711
(Also, do not use the \255\255allo)5.711 F .71
(wlink option in such cases; attack)-.25 F(ers)-.1 E(could create malic\
ious symbolic links to \214les outside of their source code area \(such\
 as /etc/passwd\).)108 290.4 Q .725
(Source code management systems \(lik)108 307.2 R 3.225(eG)-.1 G .725
(itHub, SourceF)-3.225 F(or)-.15 E .725(ge, and Sa)-.18 F -.25(va)-.2 G
.726(nnah\) de\214nitely f).25 F .726(all into this cate-)-.1 F .11
(gory; if you')108 319.2 R .11
(re maintaining one of those systems, \214rst cop)-.5 F 2.61(yo)-.1 G
2.61(re)-2.61 G .11(xtract the \214les into a separate directory \(that)
-2.76 F(can')108 331.2 Q 2.5(tb)-.18 G 2.5(ec)-2.5 G
(ontrolled by attack)-2.5 E(ers\) before running \215a)-.1 E
(w\214nder or an)-.15 E 2.5(yo)-.15 G(ther code analysis tool.)-2.5 E
1.276(Note that \215a)108 348 R 1.276(w\214nder only opens re)-.15 F
1.276(gular \214les, directories, and \(if requested\) symbolic links; \
it will ne)-.15 F -.15(ve)-.25 G(r).15 E 1.608
(open other kinds of \214les, e)108 360 R -.15(ve)-.25 G 4.107(ni).15 G
4.107(fas)-4.107 G 1.607(ymbolic link is made to them.)-4.107 F 1.607
(This counters attack)6.607 F 1.607(ers who insert)-.1 F .363
(unusual \214le types into the source code.)108 372 R(Ho)5.363 E(we)-.25
E -.15(ve)-.25 G 1.163 -.4(r, t).15 H .363(his only w).4 F .363
(orks if the \214lesystem being analyzed can')-.1 F 2.863(tb)-.18 G(e)
-2.863 E .48(modi\214ed by an attack)108 384 R .479
(er during the analysis, as recommended abo)-.1 F -.15(ve)-.15 G 5.479
(.T).15 G .479(his protection also doesn')-5.479 F 2.979(tw)-.18 G .479
(ork on)-3.079 F(Cygwin platforms, unfortunately)108 396 Q(.)-.65 E .788
(Cygwin systems \(Unix emulation on top of W)108 412.8 R(indo)-.4 E .789
(ws\) ha)-.25 F 1.089 -.15(ve a)-.2 H 3.289(na).15 G .789
(dditional problem if \215a)-3.289 F .789(w\214nder is used to)-.15 F
1.054(analyze programs that the analyst cannot trust.)108 424.8 R 1.053
(The problem is due to a design \215a)6.053 F 3.553(wi)-.15 G 3.553(nW)
-3.553 G(indo)-3.953 E 1.053(ws \(that it)-.25 F .998
(inherits from MS-DOS\).)108 436.8 R .998(On W)5.998 F(indo)-.4 E .998
(ws and MS-DOS, certain \214lenames \(e.g., `)-.25 F(`com1')-.74 E .999
('\) are automatically)-.74 F .686(treated by the operating system as t\
he names of peripherals, and this is true e)108 448.8 R -.15(ve)-.25 G
3.186(nw).15 G .685(hen a full pathname is)-3.186 F(gi)108 460.8 Q -.15
(ve)-.25 G 2.974(n. Y).15 F .474(es, W)-1 F(indo)-.4 E .475
(ws and MS-DOS really are designed this badly)-.25 F 5.475(.F)-.65 G(la)
-5.475 E .475(w\214nder deals with this by checking)-.15 F .867(what a \
\214lesystem object is, and then only opening directories and re)108
472.8 R .867(gular \214les \(and symlinks if enabled\).)-.15 F
(Unfortunately)108 484.8 Q 2.519(,t)-.65 G .019(his doesn')-2.519 F
2.519(tw)-.18 G .019(ork on Cygwin; on at least some v)-2.619 F .02
(ersions of Cygwin on some v)-.15 F .02(ersions of W)-.15 F(in-)-.4 E
(do)108 496.8 Q .259(ws, merely trying to determine if a \214le is a de)
-.25 F .259(vice type can cause the program to hang.)-.25 F 2.759(Aw)
5.259 G .259(orkaround is)-2.859 F 1.648(to delete or rename an)108
508.8 R 4.148<798c>-.15 G 1.649(lenames that are interpreted as de)
-4.148 F 1.649(vice names before performing the analysis.)-.25 F 4.706
(These so-called `)108 520.8 R(`reserv)-.74 E 4.706(ed names')-.15 F
7.206('a)-.74 G 4.705(re CON, PRN, A)-7.206 F 4.705
(UX, CLOCK$, NUL, COM1-COM9, and)-.55 F 1.797
(LPT1-LPT9, optionally follo)108 532.8 R 1.798(wed by an e)-.25 F 1.798
(xtension \(e.g., `)-.15 F(`com1.txt')-.74 E 1.798('\), in an)-.74 F
4.298(yd)-.15 G(irectory)-4.298 E 4.298(,a)-.65 G 1.798(nd in an)-4.298
F 4.298(yc)-.15 G(ase)-4.298 E(\(W)108 544.8 Q(indo)-.4 E
(ws is case-insensiti)-.25 E -.15(ve)-.25 G(\).).15 E(Do)108 561.6 Q F2
(not)2.809 E F0 .308(load or dif)2.809 F 2.808(fh)-.25 G .308
(itlists from untrusted sources.)-2.808 F(The)5.308 E 2.808(ya)-.15 G
.308(re implemented using the Python pickle module,)-2.808 F 1.918
(and the pickle module is not intended to be secure ag)108 573.6 R 1.919
(ainst erroneous or maliciously constructed data.)-.05 F .218(Stored hi\
tlists are intended for later use by the same user who created the hitl\
ist; in that conte)108 585.6 R .218(xt this restric-)-.15 F
(tion is not a problem.)108 597.6 Q F1 -.11(BU)72 626.4 S(GS).11 E F0
(Fla)108 638.4 Q .398(w\214nder is based on simple te)-.15 F .399(xt pa\
ttern matching, which is part of its fundamental design and not easily)
-.15 F 3.282(changed. This)108 650.4 R .782(design approach leads to a \
number of fundamental limitations, e.g., a higher f)3.282 F .782
(alse positi)-.1 F -.15(ve)-.25 G .054
(rate, and is the underlying cause of most of the b)108 662.4 R .055
(ugs listed here.)-.2 F .055(On the positi)5.055 F .355 -.15(ve s)-.25 H
.055(ide, \215a).15 F .055(w\214nder doesn')-.15 F 2.555(tg)-.18 G(et)
-2.555 E .17(confused by man)108 674.4 R 2.67(yc)-.15 G .169
(omplicated preprocessor sequences that other tools sometimes chok)-2.67
F 2.669(eo)-.1 G .169(n; \215a)-2.669 F .169(w\214nder can)-.15 F
(often handle code that cannot link, and sometimes cannot e)108 686.4 Q
-.15(ve)-.25 G 2.5(nc).15 G(ompile or b)-2.5 E(uild.)-.2 E(Fla)108 703.2
Q .86(w\214nder is currently limited to C/C++.)-.15 F .861
(In addition, when analyzing C++ it focuses primarily on the C)5.86 F
.49(subset of C++.)108 715.2 R -.15(Fo)5.49 G 2.99(re).15 G .49
(xample, \215a)-3.14 F .49(w\214nder does not report on e)-.15 F .49
(xpressions lik)-.15 F 2.99(ec)-.1 G .49(in >> charb)-2.99 F .49
(uf, where charb)-.2 F(uf)-.2 E .275(is a char array)108 727.2 R 5.275
(.T)-.65 G .275(hat is because \215a)-5.275 F .275(w\214nder doesn')-.15
F 2.776(th)-.18 G -2.25 -.2(av e)-2.776 H .276
(type information, and ">>" is safe with man)2.976 F 2.776(yo)-.15 G
(ther)-2.776 E(Fla)72 768 Q 165.545(w\214nder 4)-.15 F(Apr 2018)2.5 E
(12)201.225 E 0 Cg EP
%%Page: 13 13
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E .448
(types; reporting on all ">>" w)108 84 R .447(ould lead to too man)-.1 F
2.947(yf)-.15 G .447(alse positi)-3.047 F -.15(ve)-.25 G 2.947(s. That)
.15 F .447(said, it')2.947 F 2.947(sd)-.55 G .447
(esigned so that adding)-2.947 F
(support for other languages should be easy where its te)108 96 Q
(xt-based approach can usefully apply)-.15 E(.)-.65 E(Fla)108 112.8 Q
.812(w\214nder can be fooled by user)-.15 F .812(-de\214ned functions o\
r method names that happen to be the same as those)-.2 F .186
(de\214ned as `)108 124.8 R(`hits')-.74 E 2.686('i)-.74 G 2.686(ni)
-2.686 G .186(ts database, and will often trigger on de\214nitions \(as\
 well as uses\) of functions with the)-2.686 F .997(same name.)108 136.8
R .997(This is typically not a problem for C code.)5.997 F .998
(In C code, a function with the same name as a)5.998 F .496
(common library routine name often indicates that the de)108 148.8 R
-.15(ve)-.25 G .495(loper is simply re).15 F .495
(writing a common library rou-)-.25 F .071(tine with the same interf)108
160.8 R .071(ace, say for portability')-.1 F 2.571(ss)-.55 G(ak)-2.571 E
2.571(e. C)-.1 F .071(programs tend to a)2.571 F -.2(vo)-.2 G .071
(id reusing the same name for).2 F 2.858(ad)108 172.8 S(if)-2.858 E .357
(ferent purpose \(since in C function names are global by def)-.25 F
2.857(ault\). There)-.1 F .357(are reasonable odds that these)2.857 F
(re)108 184.8 Q .406(written routines will be vulnerable to the same ki\
nds of misuse, and thus, reusing these rules is a reason-)-.25 F .187
(able approach.)108 196.8 R(Ho)5.187 E(we)-.25 E -.15(ve)-.25 G .987 -.4
(r, t).15 H .186
(his can be a much more serious problem in C++ code which hea).4 F .186
(vily uses classes)-.2 F 1.354
(and namespaces, since the same method name may ha)108 208.8 R 1.655
-.15(ve m)-.2 H(an).15 E 3.855(yd)-.15 G(if)-3.855 E 1.355
(ferent meanings.)-.25 F 1.355(The \255\255f)6.355 F(alsepositi)-.1 E
-.15(ve)-.25 G 1.189(option can help some)108 220.8 R 1.189
(what in this case.)-.25 F 1.189
(If this is a serious problem, feel free to modify the program, or)6.189
F(process the \215a)108 232.8 Q
(w\214nder output through other tools to remo)-.15 E .3 -.15(ve t)-.15 H
(he f).15 E(alse positi)-.1 E -.15(ve)-.25 G(s.).15 E .025(Preprocessor\
 commands embedded in the middle of a parameter list of a call can caus\
e problems in parsing,)108 249.6 R 2.383(in particular)108 261.6 R 4.883
(,i)-.4 G 4.883(fas)-4.883 G 2.382(tring is opened and then closed mult\
iple times using an #ifdef .. #else construct,)-4.883 F<8d61>108 273.6 Q
.072(w\214nder gets confused.)-.15 F .073
(Such constructs are bad style, and will confuse man)5.073 F 2.573(yo)
-.15 G .073(ther tools too.)-2.573 F .073(If you must)5.073 F
(analyze such \214les, re)108 285.6 Q(write those lines.)-.25 E
(Thankfully)5 E 2.5(,t)-.65 G(hese are quite rare.)-2.5 E(Fla)108 302.4
Q 2.657(w\214nder reports vulnerabilities re)-.15 F -.05(ga)-.15 G 2.656
(rdless of the parameters of "#if" or "#ifdef".).05 F 5.156(Ac)7.656 G
2.656(onstruct "#if)-5.156 F -1.35(VA)108 314.4 S .721
(LUE" will often ha)1.35 F 1.022 -.15(ve V)-.2 H .722
(ALUE of 0 in some cases, and non-zero in others.)-1.2 F(Similarly)5.722
E 3.222(,")-.65 G .722(#ifdef V)-3.222 F(ALUE")-1.35 E .606(will ha)108
326.4 R .906 -.15(ve V)-.2 H .606
(ALUE de\214ned in some cases, and not de\214ned in others.)-1.2 F(Fla)
5.606 E .606(w\214nder reports in all cases, which)-.15 F .541
(means that \215a)108 338.4 R .541
(w\214nder has a chance of reporting vulnerabilities in all alternati)
-.15 F -.15(ve)-.25 G 3.041(s. This).15 F .541(is not a b)3.041 F .542
(ug, this is)-.2 F(intended beha)108 350.4 Q(vior)-.2 E(.)-.55 E(Fla)108
367.2 Q .739(w\214nder will report hits e)-.15 F -.15(ve)-.25 G 3.239
(ni).15 G 3.239(ft)-3.239 G(he)-3.239 E 3.239(ya)-.15 G .739
(re between a literal "#if 0" and "#endif".)-3.239 F .739(It w)5.739 F
.739(ould be possible to)-.1 F .841(change this particular situation, b)
108 379.2 R .841
(ut directly using "#if 0" to comment-out code \(other than during deb)
-.2 F(ug-)-.2 E .965(ging\) is itself that the remo)108 391.2 R -.25(va)
-.15 G 3.465(li).25 G 3.465(sv)-3.465 G .964(ery temporary \(in which c\
ase we should report it\) or an indicator of a)-3.615 F 1.278
(problem with poor code practices.)108 403.2 R 1.278(If you w)6.278 F
1.279(ant to permanently get rid of code, then delete it instead of)-.1
F .683(using "#if 0", since you can al)108 415.2 R -.1(wa)-.1 G .683
(ys see what it w).1 F .683(as using your v)-.1 F .682
(ersion control softw)-.15 F 3.182(are. If)-.1 F .682(you don')3.182 F
3.182(tu)-.18 G(se)-3.182 E -.15(ve)108 427.2 S(rsion control softw).15
E(are, then that')-.1 E 2.5(st)-.55 G(he b)-2.5 E
(ug you need to \214x right no)-.2 E -.65(w.)-.25 G .602(Some comple)108
444 R 3.102(xo)-.15 G 3.102(ru)-3.102 G .602
(nusual constructs can mislead \215a)-3.102 F(w\214nder)-.15 E 5.602(.I)
-.55 G 3.102(np)-5.602 G(articular)-3.102 E 3.102(,i)-.4 G 3.102(fap)
-3.102 G .602(arameter be)-3.102 F .602(gins with get-)-.15 F(te)108 456
Q .978(xt\(" and ends with \), \215a)-.15 F .977
(w\214nder will presume that the parameter of gette)-.15 F .977
(xt is a constant.)-.15 F .977(This means it)5.977 F 1.266
(will get confused by patterns lik)108 468 R 3.766(eg)-.1 G(ette)-3.766
E 1.266(xt\("hi"\) + function\("bye"\).)-.15 F 1.266
(In practice, this doesn')6.266 F 3.767(ts)-.18 G 1.267(eem to be a)
-3.767 F(problem; gette)108 480 Q
(xt\(\) is usually wrapped around the entire parameter)-.15 E(.)-.55 E
2.201(The routine to detect statically de\214ned character arrays uses \
simple te)108 496.8 R 2.2(xt matching; some complicated)-.15 F -.15(ex)
108 508.8 S(pressions can cause it to trigger or not trigger une).15 E
(xpectedly)-.15 E(.)-.65 E(Fla)108 525.6 Q .221
(w\214nder looks for speci\214c patterns kno)-.15 F .221
(wn to be common mistak)-.25 F 2.721(es. Fla)-.1 F .221
(w\214nder \(or an)-.15 F 2.721(yt)-.15 G .221(ool lik)-2.721 F 2.722
(ei)-.1 G .222(t\) is not)-2.722 F 2.573(ag)108 537.6 S .072
(ood tool for \214nding intentionally malicious code \(e.g., T)-2.573 F
.072(rojan horses\); malicious programmers can easily)-.35 F
(insert code that w)108 549.6 Q
(ould not be detected by this kind of tool.)-.1 E(Fla)108 566.4 Q .355
(w\214nder looks for speci\214c patterns kno)-.15 F .355
(wn to be common mistak)-.25 F .355(es in application code.)-.1 F .355
(Thus, it is lik)5.355 F(ely)-.1 E .674(to be less ef)108 578.4 R(fecti)
-.25 E .974 -.15(ve a)-.25 H .674(nalyzing programs that aren').15 F
3.174(ta)-.18 G .673(pplication-layer code \(e.g., k)-3.174 F .673
(ernel code or self-hosting)-.1 F 2.867(code\). The)108 590.4 R .367(te\
chniques may still be useful; feel free to replace the database if your\
 situation is signi\214cantly)2.867 F(dif)108 602.4 Q
(ferent from normal.)-.25 E(Fla)108 619.2 Q(w\214nder')-.15 E 3.071(sd)
-.55 G(ef)-3.071 E .571(ault output format \(\214lename:linenumber)-.1 F
3.071(,f)-.4 G(ollo)-3.071 E .571
(wed optionally by a :columnnumber\) can be)-.25 F 1.775
(misunderstood if an)108 631.2 R 4.275(ys)-.15 G 1.775(ource \214les ha)
-4.275 F 2.075 -.15(ve ve)-.2 H 1.775(ry weird \214lenames.).15 F 1.775
(Filenames embedding a ne)6.775 F(wline/linefeed)-.25 E .708(character \
will cause odd breaks, and \214lenames including colon \(:\) are lik)108
643.2 R .708(ely to be misunderstood.)-.1 F .708(This is)5.708 F .175
(especially important if \215a)108 655.2 R(w\214nder')-.15 E 2.675(so)
-.55 G .176(utput is being used by other tools, such as \214lters or te)
-2.675 F .176(xt editors.)-.15 F .176(If you)5.176 F .449
(are using \215a)108 667.2 R(w\214nder')-.15 E 2.949(so)-.55 G .449(utp\
ut in other tools, consider using its CSV format instead \(which can ha\
ndle this\).)-2.949 F 1.013(If you')108 679.2 R 1.013(re looking at ne)
-.5 F 3.513(wc)-.25 G 1.013(ode, e)-3.513 F 1.014
(xamine the \214les for such characters.)-.15 F(It')6.014 E 3.514(si)
-.55 G 1.014(ncredibly unwise to ha)-3.514 F 1.314 -.15(ve s)-.2 H(uch)
.15 E .842(\214lenames an)108 691.2 R(yw)-.15 E .842(ay; man)-.1 F 3.342
(yt)-.15 G .842(ools can')-3.342 F 3.342(th)-.18 G .842
(andle such \214lenames at all.)-3.342 F(Ne)5.842 E .842
(wline and linefeed are often used as)-.25 F .857
(internal data delimeters.)108 703.2 R .857(The colon is often used as \
special characters in \214lesystems: MacOS uses it as a)5.857 F 1.135
(directory separator)108 715.2 R 3.635(,W)-.4 G(indo)-4.035 E 1.135
(ws/MS-DOS uses it to identify dri)-.25 F 1.435 -.15(ve l)-.25 H 1.135
(etters, W).15 F(indo)-.4 E 1.135(ws/MS-DOS inconsistently)-.25 F .541
(uses it to identify special de)108 727.2 R .541(vices lik)-.25 F 3.041
(eC)-.1 G .541(ON:, and applications on man)-3.041 F 3.041(yp)-.15 G
.542(latforms use the colon to identify)-3.041 F(Fla)72 768 Q 165.545
(w\214nder 4)-.15 F(Apr 2018)2.5 E(13)201.225 E 0 Cg EP
%%Page: 14 14
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(FLA)72 48 Q 134.71(WFINDER\(1\) Fla)-.9 F 134.71
(w\214nder FLA)-.15 F(WFINDER\(1\))-.9 E 2.927(URIs/URLs. Filenames)108
84 R .427(including spaces and/or tabs don')2.927 F 2.927(tc)-.18 G .427
(ause problems for \215a)-2.927 F(w\214nder)-.15 E 2.927(,t)-.4 G .427
(hough note that)-2.927 F(other tools might ha)108 96 Q .3 -.15(ve p)-.2
H(roblems with them.).15 E(Fla)108 112.8 Q(w\214nder is not internation\
alized, so it currently does not support localization.)-.15 E .132
(In general, \215a)108 129.6 R .133(w\214nder attempts to err on the si\
de of caution; it tends to report hits, so that the)-.15 F 2.633(yc)-.15
G .133(an be e)-2.633 F(xam-)-.15 E .398(ined further)108 141.6 R 2.898
(,i)-.4 G .398(nstead of silently ignoring them.)-2.898 F .397
(Thus, \215a)5.397 F .397(w\214nder prefers to ha)-.15 F .697 -.15(ve f)
-.2 H .397(alse positi).05 F -.15(ve)-.25 G 2.897(s\().15 G .397
(reports that)-2.897 F .317(turn out to not be problems\) rather than f)
108 153.6 R .318(alse ne)-.1 F -.05(ga)-.15 G(ti).05 E -.15(ve)-.25 G
2.818(s\().15 G -.1(fa)-2.818 G .318
(ilures to report security vulnerabilities\).).1 F .318(But this)5.318 F
(is a generality; \215a)108 165.6 Q
(w\214nder uses simplistic heuristics and simply can')-.15 E 2.5(tg)-.18
G(et e)-2.5 E -.15(ve)-.25 G(rything "right".).15 E .062
(Security vulnerabilities might not be identi\214ed as such by \215a)108
182.4 R(w\214nder)-.15 E 2.561(,a)-.4 G .061(nd con)-2.561 F -.15(ve)-.4
G(rsely).15 E 2.561(,s)-.65 G .061(ome hits aren')-2.561 F 2.561(tr)-.18
G(eally)-2.561 E 1.506(security vulnerabilities.)108 194.4 R 1.506(This\
 is true for all static security scanners, and is especially true for t\
ools lik)6.506 F(e)-.1 E<8d61>108 206.4 Q .044
(w\214nder that use a simple le)-.15 F .043(xical analysis and pattern \
analysis to identify potential vulnerabilities.)-.15 F .043(Still, it)
5.043 F 1.111(can serv)108 218.4 R 3.611(ea)-.15 G 3.611(sau)-3.611 G
1.111(seful aid for humans, helping to identify useful places to e)
-3.611 F 1.111(xamine further)-.15 F 3.611(,a)-.4 G 1.112(nd that')
-3.611 F 3.612(st)-.55 G(he)-3.612 E(point of this simple tool.)108
230.4 Q/F1 10.95/Times-Bold@0 SF(SEE ALSO)72 259.2 Q F0 1.345
(See the \215a)108 271.2 R 1.344(w\214nder website at https://dwheeler)
-.15 F(.com/\215a)-.55 E(w\214nder)-.15 E 6.344(.Y)-.55 G 1.344
(ou should also see the)-7.444 F/F2 10/Times-Italic@0 SF(Secur)4.174 E
3.844(eP)-.37 G -1.7 -.45(ro g)-3.844 H -.15(ra).45 G(m-).15 E(ming HO)
108 283.2 Q(WT)-.5 E(O)-.18 E F0(at)2.77 E F2(https://dwheeler)2.5 E
(.com/secur)-1.11 E(e-pr)-.37 E -.1(og)-.45 G -.15(ra).1 G(ms).15 E F0
(.).27 E F1 -.548(AU)72 312 S(THOR).548 E F0(Da)108 324 Q
(vid A. Wheeler \(dwheeler@dwheeler)-.2 E(.com\).)-.55 E(Fla)72 768 Q
165.545(w\214nder 4)-.15 F(Apr 2018)2.5 E(14)201.225 E 0 Cg EP
%%Trailer
end
%%EOF