Click here to Skip to main content
15,917,177 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
I am developing a vulnerability scanner which scan c/c++ source code for vulnerable functions like strcpy, printf etc.
I tried coding it but because of unavailability of any related code Im stuck on this problem.
Can anyone help me with this prblem

What I have tried:

I tried parsing and tokenization as well
I tried function by function comparison
Posted
Updated 12-Dec-20 8:13am
Comments
Nelek 12-Dec-20 7:09am    
Are you sure you want to do such a difficult project? Wouldn't be better to start with something a bit more accessible?
Member 15018883 12-Dec-20 7:35am    
you are absolutely right I must start up with smaller ones
But the thing is my instructor gave me just 4 days to build such a heavy project, Im a student of BS-Cyber Security (5th semester).
I am not for entire ready made solution i didnt ask for that as well
i just need guidance thats all
Nelek 12-Dec-20 10:45am    
If you are a student of Cyber Security, then this is something you should be able to do on your own. I can't imagine that your teacher gives you 4 days to do something that has not been taught minimally in the lessons.

In 4 days there is no possibility to build such a project for the real world. I suppose your teacher wants to be how you structure the project, how you implement it and so on.
If you are discarding things I would not delete the code, I would comment it out and give a explanation why are you not following that path anymore. That can be interesting for him too.
Member 15018883 12-Dec-20 12:15pm    
I am trying one path
I will share it with you tomorrow
thanks for your help
I appreciate it

Tokenizing is really rather simple. Look for anything that can not be part of a symbol or function. Valid parts of a symbol are numbers, letters, and underscore. Read the text, null those characters out, and look at what's left. Compare those with a list of vulnerable functions and you have it. You can rule out items that start with a number. You might also want to check for text strings (surrounded by double quotes) and skip text within them - remember to watch out for escaped quotes which is a \" within a string. You could read the list from a file to be more flexible. There are a family of functions that can help with this. Among them are strtok, strstr, and substr. Read up on those to see which will best serve your purposes.
 
Share this answer
 
We are more than willing to help those that are stuck: but that doesn't mean that we are here to do it all for you! We can't do all the work, you are either getting paid for this, or it's part of your grades and it wouldn't be at all fair for us to do it all for you.

So we need you to do the work, and we will help you when you get stuck. That doesn't mean we will give you a step by step solution you can hand in!
Start by explaining where you are at the moment, and what the next step in the process is. Then tell us what you have tried to get that next step working, and what happened when you did.

If you are having problems getting started at all, then this may help: How to Write Code to Solve a Problem, A Beginner's Guide[^]
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900