C Code Analyzer - CCA
The C Code Analyzer (CCA) is a static analysis tool for detecting potential security problems in C source code.
This analyzer was built with the following principles in mind:
- CCA tries to spot only the errors that can actually cause problems. Not every strcpy is a security problem.
- No code annotations or tweaking is required - it's fully automatic. It's not realistic that an auditor has to crawl through thousands of LOC telling the analyzer "watch this, watch that". It's possible to extend the set of dangerous functions, malloc wrappers etc, though.
- Seamless integration in existing development platforms. The Eclipse platform has been chosen as completion to the command line tool.
It uses a C Intermediate Language to run its analysis on. It should parse all GCC and MSVC code with no substantial problems.
CCA is licensed under a BSD license.
Current features are:
- fully automatic user input tracer
- memory leak detection
- multiple/dangling free detection
- array out of bound accesses
- potential bufferoverflow detection
- clipse frontend plugin
Example Session
running CCA against MPlayer, automatic detection of this reported vulnerability.
<view session here>
running CCA against Ethereal, detection of some vulnerbility in packet-radius.c which I reported. Not sure if they fixed it, though.
<view session here>
Prerequisite
ocaml, perl
Download
Source code: cca08.tgz
Eclipse Screenshots