Static Source Code Analysis

Software Security: Identification of currently unidentified vulnerabilities in software with the aid of Static Code Analysis

From the implementation phase onwards, the source code of the target software is checked for conformity with formal methods, as well as being tested for compliance with the syntactic conventions of the programming language and the programming rules. This procedure is comparable to a parser that performs a lexical, syntactic and semantic analysis of the programming code.

As a rule, each bug requires a manual audit in accordance with the lexical rules of the programming language used and its semantic affiliations, so as to rule out false positives and to devise relevant fixing strategies. Hence, the quality and quantity of the analysis results largely depend on the selection of suitable tools.

Procedure/Method Used

The Static Code Analysis (Code Review, Static Source Code Analysis) is either a tool–based and automated or a semi– automated technique; the findings produced by the tools are collected and “manually” evaluated. The source code of the target software is analyzed without being executed (white box). The chart below is a graphical representation of the systematic process of Static Code Analysis.

static source code process
static source code process

There are three types of tools used in the area of Static Code Analysis:

  • Style Checking tools are used to test the source code for compliance with the programming rules. As a rule, these simple tools do not detect any vulnerabilities that are responsible for producing software bugs.
  • Semantic Analysis tools supplement the syntax tree of the compiler with additional information which is checked for statically identifiable bugs by applying various rules. Typical bugs include: data type problems, non–initialised variables and unused methods.
  • Deep Flow Static Analysis is the most effective type of tool: the semantic analysis is supplemented by the generation of a “control flow graph” and the conduction of a data flow analysis, which enables the identification of complex bugs based on such factors as race conditions, deadlocks or incorrect pointer administration.