NewsSource Code Analysis Lab Assignment Help

Hits: 0

SOURCE CODE ANALYSIS
Lab Description
Students are provided with a vulnerable C code. You will analyze the C
code by using two static analysis tools, e.g., FlawFinder and cppcheck,
understand their outputs, and correct the vulnerabilities accordingly.
Lab Goal
The goal of the following laboratory exercises is for you to get familiar with
source code analysis tools, understand their outputs, and improve your
code accordingly.
Lab Environment
A personal computer with one of the Linux Operating Systems installed
(strongly recommend Ubuntu 20.04). You can create an Ubuntu VM within
VirtualBox.
What to Submit
Students will submit a document with:
1) The screenshot or printout of execution results of step C.
2) Your analysis and comparison description of step D.
3) For step E, write the corrected program, and printouts/screenshots of
the results of the corrected program running with FlawFinder and
cppcheck.
4) List the functions you corrected, and write briefly how you corrected it.
Bonus: Submit the report to Canvas in class.
Reminder
Keep academic integrity in mind! It will be strictly enforced!

Page | 2
This document is licensed with a Creative Commons Attribution 4.0 International License ©2017 Catalyzing Computing and Cybersecurity in
Community Colleges (C5).
Lab Exercise
A. Download & install FlawFinder https://github.com/david–a–
wheeler/flawfinder
a. Various installation ways.
b. Hint: two of the easiest installation methods are Python’s “pip”
or your system’s package manage (e.g., apt install …)
B. Download & install cppcheck

a. cppcheck, https://cppcheck.sourceforge.io/
b. usage: https://linux.die.net/man/1/cppcheck
c. Hint: cppcheck ––enable=all <file_name>
C. Use the given “vulnerable_code.c” file as input, Run FlawFinder and
cppcheck to scan security vulnerabilities.
D. Analyze and compare the results of FlawFinder and cppcheck on
“vulnerable_code.c”
a. Compare the severity found for similar vulnerability found
b. Compare vulnerabilities that found in each tool that were
similar or different.
E. Modify the programs based on the results of FlawFinder and
cppcheck. Run FlawFinder and cppcheck again to check whether
some of the complaints no longer exist.
a. For the modified “vulnerable_code.c” based on cppcheck, run it
in FlawFinder.
b. For the modified “vulnerable_code.c” based on FlawFinder, run
it in cppcheck

For Source Code Analysis Lab Assignment Help please click here