Difference between revisions of "Security Code Review"

From reSIProcate
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
== Tasks ==
 
== Tasks ==
  
* NULL raw, smart pointers checks
+
* null raw, smart pointers checks
 
:*check for null, change to smart pointer if possible
 
:*check for null, change to smart pointer if possible
 +
:*convert Dialog and DialogSet to resip::Handled objects?
 +
::*this will require users to change handling of these objects from raw pointers.
 
* STL iterators  
 
* STL iterators  
 
:*example: front(), container must not be empty to call front
 
:*example: front(), container must not be empty to call front
 +
:*regex search: "front|at|"  , todo there is a lot here
 
* buffer overruns
 
* buffer overruns
 
:*C string & memory routines (strcpy,etc, implement microsoft *_s functions for windows?)
 
:*C string & memory routines (strcpy,etc, implement microsoft *_s functions for windows?)
 +
:*regex: "strcpy|memcpy" , todo add here
 
* run code analysis tools
 
* run code analysis tools
 +
:* todo: add tools here
 
* turn on/fix compiler warnings
 
* turn on/fix compiler warnings
 
:* g++ -Wall, Level 3(or 4) warnings in Visual C++
 
:* g++ -Wall, Level 3(or 4) warnings in Visual C++

Latest revision as of 11:26, 11 December 2006

Introduction[edit]

This document is intended to outline procedures for reviewing the resiprocate code base for security related bugs.

Tasks[edit]

  • null raw, smart pointers checks
  • check for null, change to smart pointer if possible
  • convert Dialog and DialogSet to resip::Handled objects?
  • this will require users to change handling of these objects from raw pointers.
  • STL iterators
  • example: front(), container must not be empty to call front
  • regex search: "front|at|" , todo there is a lot here
  • buffer overruns
  • C string & memory routines (strcpy,etc, implement microsoft *_s functions for windows?)
  • regex: "strcpy|memcpy" , todo add here
  • run code analysis tools
  • todo: add tools here
  • turn on/fix compiler warnings
  • g++ -Wall, Level 3(or 4) warnings in Visual C++

References[edit]