Code Analysis

2020/02/20 (整理 & 增加連結)
2021/04/19 (微調內容)

簡介

程式碼分析有靜態分析以及動態分析，有幾個主要的重點:

靜態分析
- 統一寫作風格 (coding style)
- 找到安全漏洞
  - 善用檢測工具幫你預先找出軟體安全性漏洞 (2014)
    - Team Foundation Server
    - Fortify
    - AppScan
    - Checkmarx
動態分析
- 分析程式的執行瓶頸
自動化檢測工具掃瞄漏洞快又準評選仔細比一比 (2007)
- 黑箱VS白箱；動態VS靜態
- 免費開源碼工具VS商業化工具
- 自動化檢測工具建議評選條件
  - 平台內建編譯器（compiler）
  - 支援多種程式語言
  - Web-based架構以符合程式開發管理所需
  - 供應商團隊的客製支援與資安顧問輔導能力

工具

Top Free Static Code Analysis Tools (2018)
- Brakeman (for Ruby)
- NodeJsScan (for Node.js)
- RIPS (for PHP)
- FindBugs (for Java)
- Microsoft FxCop (for .net)
- JsHint (for JavaScript)
- CodeCrawler (for c#)
- YASCA (for .Net, Java, C/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL)
- Visual Code Grepper (for C++, C#, VB, PHP, Java and PL/SQL)
- Graudit (Only Linux) (for ASP, JSP, Perl, PHP, Python)
- Code Warrior (Only Linux) (for C, C#, PHP, Java, Ruby, ASP, JavaScript)
Source Code Analysis Tools OWASP列出很多工具，OWASP也提供了open source的工具，如:OWASP ASST。
- FindSecBugs: A security specific plugin for SpotBugs that significantly improves SpotBugs's ability to find security vulnerabilities in Java programs. Works with the old FindBugs too.
- OWASP ASST (Automated Software Security Toolkit)
  - An Open Source, Source Code Scanning Tool, developed with JavaScript (Node.js framework), Scans for PHP & MySQL Security Vulnerabilities According to OWASP Top 10 and Some other OWASP's famous vulnerabilities, and it teaches developers of how to secure their codes after scan.
- SonarQube
  - Scans source code for 15 languages for Bugs, Vulnerabilities, and Code Smells. SonarQube IDE plugins for Eclipse, Visual Studio, and IntelliJ provided by [SonarLint].
  - Use SonarQube as a Service (free for open source projects)
  - SonarQube | SonarScanner : a step by step guide.
    - SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
- SpotBugs (Java)
  - This is the active fork replacement for FindBugs, which is not maintained anymore. Very little security. FindSecBugs plugin provides security rules.

Visual Studio

Visual Studio Code

Integrating Prettier + ESLint + Airbnb Style Guide in VSCode (for JavaScript)
Linting Python in VS Code (Lint for Python)

Javascript

These tools will help you write clean code
- Prettier
  - Prettier是個排版的工具會協助我們讓程式碼更容易閱讀 (如:內縮....)
  - 導入 Prettier
  - .vscode/settings.json
- ESLint
  - Lint是個靜態分析工具，ESLint是Javascript的Lint，會進行程式風格的檢查，避免一些常犯的錯誤
    - Airbnb JavaScript Style Guide
    - Google JavaScript Style Guide
    - JavaScript Standard Style
    - 5 JavaScript Style Guides — Including AirBnB, GitHub(Standard), & Google
      - Idiomatic JavaScript Style Guide
      - jQuery JavaScript Style Guide
  - 在 VSCode 啟用程式碼規範工具 (ESLint) **
  - VS Code ESLint extension (Lint for JavaScript)
  - VS Code TSLint (Lint for TypeScript)
- Automate Format and Lint on Save
  - 安裝ESLint extension
- Husky
  - Husky就是讓在我們在commit或push程式碼之前可以進行一些檢查
- Lint-staged
- With Husky and Lint-staged Combined
- EditorConfig是個跨編輯器的設定，目前很多編輯器可以支援，有些直接可以使用(如:GitHub、IntelliJIDEA、WebStorm)，有些需要plugin(如:eclipse、Visual Studio Code)(詳參: EditorConfig說明)
Analysing JavaScript Files For Bug Bounty Hunters
- Using BURP SUITE
- Using waybackurls

Java

Comparison of Static Code Analysis Tools for Java - Findbugs vs PMD vs Checkstyle
- Checkstyle
  - Checkstyle extension for Visual Studio Code (for Java)
- FindBug
- PMD
- Using PMD and FindBugs
  - Code Analysis

Report abuse