Module 02 Lab 01 Lab Setup Start up your VM if it's not already running. Connect to your VM with the command vagrant ssh At the command line, update your software package database with the command sudo apt-get update NOTE: Depending on the speed of your Internet connection, this may take a few moments to complete. When your command prompt returns, install flawfinder: sudo apt-get -y install flawfinder Reference: sudo will let you run a command with administrator privilege (similar to "Run as Administrator" in Windows). apt-get is a software package management utility. The -y option runs the command non-interactively (assume the answer to all prompts is 'yes') You are now ready to begin Module 2 Lab 01. Module 02 Lab 01 Worksheet Static Analysis, Buffer-based and Pointer Vulnerabilities Overview This lab is designed to introduce you to static analysis tools that examine program source code for known vulnerabilities. Before beginning, make sure you have followed the instructions in the Module 02 Lab 01 Setup . You will use a combination of desktop and command line utilities for this lab. Start up your VM if it's not already running. Connect to your VM with the command vagrant ssh Change to the folder with your code with the command cd /vagrant/BufferOverflow Buffer Vulnerabilities 0 Visual Inspection - testcode01a.cpp Open this file in a text editor and examine the source code. (NOTE: a vector in C++ is roughly the same as it is in C# or Java. Here it's being used like a standard array.) What does the line vector v( 5, 1 ); do? (5 pts.) vector v( 5, 1 ); allows us to use any of the numbers shown along with those in between. Because its a fixed array we can add or modify until the highest point given is met 5 Examine the body of the main() function. Describe what's happening. (5 pts.) 5 Given your answers to the previous questions, is there a problem with this code? Why or why not? (5 pts.) (Hint: it's kind of subtle.) 5 Visual Inspection - testcode02.cpp Open this file in a text editor and examine the source code. (NOTE: cin is an input buffer) What's happening in the function test()? (5 pts.) 5 Is there a problem with this code? Why or why not? (5 pts.) 5 Dynamic Analysis - testcode01a.cpp Compile the code with the command g++ testcode01a.cpp -o test01a Run the program with the command ./test01a Copy and paste the output here (5 pts.) 5 Compile testcode01b.cpp with the command g++ testcode01b.cpp -o test01b Run the program with the command ./test01b Copy and paste the output here (5 pts.) 5 Compare the two source code files with the command: diff testcode01a.cpp testcode01b.cpp What's the difference between them? (5 pts.) 5 If the vector in test01a and test01b both have a size of five, why did test01b output six elements? (5 pts.) 5 Dynamic Analysis - testcode02.cpp Compile the code with the command g++ testcode02.cpp -o test02 Run the program with the command ./test02 At the cursor, type asdf and press . Copy and paste the output here (5 pts.) 5 Run the program again and type (or copy and paste) asdfasdfasdfasdfsdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdf then press . Copy and paste the output here. (5 pts.) 5 Why did the second run not return all of the characters you entered? (5 pts.) 5 Count the number of characters returned and explain the total (5 pts.) 5 Static Analysis 0 Run the command flawfinder testcode01a.cpp testcode02.cpp Examine the results. Were any flaws (hits) reported? If so, copy and paste the message. (5 pts.) 5 Explain the difference in in results between testcode01a.cpp and testcode02.cpp. (5 pts. 5 Invalid Pointers An invalid pointer is a pointer that either doesn't point to anything or points to something that no longer exists. In this section, you will examine the sample code inside the folder Invalid_Pointer. For each of the three code samples you will do the following: Do a visual inspection and describe what the code does and if there is a problem with the code Post the results of static analysis using the flawfinder tool. Post the results. Do dynamic analysis of the code by compiling and running it. Post and explain the results. 0 Visual Inspection - null_deref_@alias.cpp What does this code do? (5 pts.) What, if anything, is wrong with it? (5 pts.) 10 (5 pts. ) Static Analysis - null_deref_@alias.cpp 5 Dynamic Analysis - null_deref_@alias.cpp Post the results (5 pts.) Explain the results (5 pts.) 10 Visual Inspection - null_deref_basic.cpp What does this code do? (5 pts.) What, if anything, is wrong with it? (5 pts.) 10 (5 pts. ) Static Analysis - null_deref_basic.cpp 5 Dynamic Analysis - null_deref_basic.cpp Post the results (5 pts.) Explain the results (5 pts.) . 10 Visual Inspection - null_deref_scope.cpp What does this code do? (5 pts.) What, if anything, is wrong with it? (5 pts.) 10 (5 pts. ) Static Analysis - null_deref_scope.cpp 5 Dynamic Analysis - null_deref_scope.cpp Post the results (5 pts.) Explain the results (5 pts.) 10 Null Pointers A null pointer is a pointer that is assigned the value NULL. NULL is a constant with a value of zero. The result of dereferencing a null pointer is undefined. In this section, you will do dynamic analysis on code that performs null pointer dereferencing. There are two sets of code, each with three code samples, under the folder Null_Pointers. In the Null_Pointer_Bad subfolder, the code samples should crash when compiled and run. In the Null_Pointer_Good subfolder, the code samples should run correctly. For each pair of code samples: Explain what's happening in the code Explain why one crashes and the other doesn't NOTE: the code samples in each pair are trying to do the same thing. 0 Sample Pair 1 - null_deref_@alias_good.cpp and null_deref_@alias.cpp What's happening in the code? (5 pts.) Why does one crash and the other doesn't? (5 pts.) 10 Sample Pair 2 - null_deref_basic_good.cpp and null_deref_basic.cpp What's happening in the code? (5 pts.) Why does one crash and the other doesn't? (5 pts.) 10 Sample Pair 3 - null_deref_scope_good.cpp and null_deref_scope.cpp What's happening in the code? (5 pts.) Why does one crash and the other doesn't? (5 pts.) 10 Total 180 Shutdown Your VM Exit the VM command line with the command exit Shutdown the VM with the command vagrant halt Complete this worksheet and submit it to your instructor.