SecureProgramming.com

CQUAL: A tool for adding type qualifiers to C	Category: Code Auditing
	Language: C, C++, and Objective-C

Posted by John Viega on Sun, Aug 31, 2003 (03:43 PM) GMT

External URL: http://www.cs.berkeley.edu/~jfoster/cqual/

This tool can be used to build analyses that can detect security problems if you annotate your program with type information. For example, it allows you to declare variables as such:

int main(int argc, $tainted argv) {

If we try passing a $tainted variable to a function that takes an $untainted as a parameter, then there's a security violation that the system can determine statically. This tool has also been used to detect format string problems.

All trademarks and copyrights on this page are owned by their respective owners. Copyrights on submitted material are copyrighted by the submitter. Everything else is Copyright © 2003 by John Viega and Matt Messier. Click here for licensing information regarding the use of recipes on this site and from The Secure Programming Cookbook for C and C++.