Design And Implementation Of C/C++ Source Code Vulnerability Detection System Based On Static Analysis

With the development of computer technology and the Internet,software in today's society has become an essential part of people's lives.There are more or less vulnerabilities in the design and implementation of software products.These vulnerabilities also cause huge security risks in the process of software use,and may cause serious harm.While the functions of software products are becoming more and more perfect,the amount of code is also increasing,which greatly increases the difficulty of detecting vulnerabilities in software by traditional software testing methods.The design and implementation of a better-performing vulnerability detection system has been a relatively important subject in the field of software security.The C/C++ source code vulnerability detection system based on static analysis uses static analysis to perform vulnerability detection on C/C++ source code.It has the vulnerability detection function of custom detection classes and the CWE vulnerability detection function.The paper classifies common defects and analyzes their causes.The system defines defect patterns for these defects,and formulates vulnerability detection rules through pattern matching algorithms and defect detection algorithms.For the vulnerability detection function of the custom detection class,the system first performs lexical and semantic analysis on the source code and constructs a double-linked list to store the analysis results,and then traverses the linked list to match the custom defect pattern,and reports if the match is successful Information about the defect.For the CWE vulnerability detection function,the system will match the source code with the custom CWE rules,find the function that may cause the vulnerability,verify whether the parameter of the function will generate the corresponding vulnerability,and output the vulnerability information if the vulnerability is detected.Based on the above principles,this C/C++ source code vulnerability detection system is designed and implemented.Finally,an experiment is designed to test the performance of the vulnerability detection system.Select a test set with related vulnerabilities to test the system.For the selected test set,the false negative rate and false positive rate of system detection vulnerabilities are both within the expected range,indicating that the performance of the designed vulnerability detection system meets the requirements.