C/C++ Vulnerability Checks
Tools for checking vulnerabilities in C/C++ code.
Valgrind
1# Install
2sudo apt install valgrind
3
4# Check memory leaks
5valgrind --leak-check=full ./program
6
7# Detailed output
8valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes ./program
AddressSanitizer (ASan)
1# Compile with ASan
2gcc -fsanitize=address -g program.c -o program
3g++ -fsanitize=address -g program.cpp -o program
4
5# Run
6./program
Clang Static Analyzer
1# Scan with scan-build
2scan-build make
3
4# Scan single file
5clang --analyze program.c
Cppcheck
1# Install
2sudo apt install cppcheck
3
4# Check project
5cppcheck --enable=all --inconclusive --std=c++17 src/
6
7# XML output
8cppcheck --enable=all --xml src/ 2> report.xml
Flawfinder
1# Install
2pip install flawfinder
3
4# Scan
5flawfinder src/
6
7# HTML output
8flawfinder --html src/ > report.html
CI/CD Integration
1# GitHub Actions
2name: Security Scan
3
4on: [push, pull_request]
5
6jobs:
7 security:
8 runs-on: ubuntu-latest
9 steps:
10 - uses: actions/checkout@v3
11
12 - name: Install tools
13 run: |
14 sudo apt-get update
15 sudo apt-get install -y cppcheck valgrind clang-tools
16
17 - name: Run Cppcheck
18 run: cppcheck --enable=all --error-exitcode=1 src/
19
20 - name: Build with ASan
21 run: |
22 mkdir build
23 cd build
24 cmake -DCMAKE_CXX_FLAGS="-fsanitize=address -g" ..
25 make
26
27 - name: Run tests with ASan
28 run: |
29 cd build
30 ./tests
Related Snippets
- C/C++ Code Smells
Common code smells in C/C++ and how to fix them. Memory Leaks 1// ❌ Bad 2void … - C/C++ Secure Coding
Secure coding practices for C/C++ applications. Buffer Overflow Prevention 1// ❌ … - Common Antipatterns
Common software antipatterns to avoid across all languages and architectures. … - Common Code Smells
Common code smells to watch for during code reviews with examples and fixes. … - Developer Pre-Submission Checklist
Comprehensive checklist for developers before submitting a pull request. Code … - Go Code Smells
Common code smells in Go and how to fix them. Ignoring Errors 1// ❌ Bad 2result, … - Go Secure Coding
Secure coding practices for Go applications. SQL Injection Prevention 1// ❌ … - Go Vulnerability Checks
Tools for checking vulnerabilities in Go code. Govulncheck 1# Install 2go … - Haskell Code Smells
Common code smells in Haskell and how to fix them. Partial Functions 1-- ❌ Bad: … - Haskell Secure Coding
Secure coding practices for Haskell applications. SQL Injection Prevention 1-- ❌ … - Haskell Vulnerability Checks
Tools for checking vulnerabilities in Haskell code. Cabal Outdated 1# Check … - Python Code Smells
Common code smells in Python and how to fix them. Mutable Default Arguments 1# ❌ … - Python Secure Coding
Secure coding practices for Python applications. SQL Injection Prevention 1# ❌ … - Python Vulnerability Checks
Tools for checking vulnerabilities in Python code. Safety - Dependency Scanner … - Reviewer Checklist
Comprehensive checklist for code reviewers to ensure thorough and constructive … - Rust Code Smells
Common code smells in Rust and how to fix them. Unwrap/Expect Abuse 1// ❌ Bad … - Rust Secure Coding
Secure coding practices for Rust applications. SQL Injection Prevention 1// ❌ … - Rust Vulnerability Checks
Tools for checking vulnerabilities in Rust code. Cargo Audit 1# Install 2cargo … - TypeScript Code Smells
Common code smells in TypeScript and how to fix them. Using any 1// ❌ Bad … - TypeScript Secure Coding
Secure coding practices for TypeScript applications. XSS Prevention 1// ❌ … - TypeScript Vulnerability Checks
Tools for checking vulnerabilities in TypeScript/JavaScript code. npm audit 1# …