Script started on Fri 25 Aug 2000 11:16:11 AM NZST
f% make    wc *
       3       4      29 BUGS
       9      92     558 CHANGES
     485    1499   11941 config.C
      52     105    1031 config.H
     272     896    7122 configure
     495     960    8984 dbparser.C
      14      23     177 dbparser.H
      37     146     957 dict.C
     372    1103    9196 dict.H
       0       0       0 docs
       0       0       0 emacs
      46     120     983 fatal.C
      13      21     144 fatal.H
     235     675    5769 formatter.C
      13      21     171 formatter.H
    1030    4432   29775 getopt.c
     149     812    5277 getopt.h
      74     358    2399 getopt1.c
     399    1201   10536 handlers.C
      25     116     878 handlers.H
      38     236    1587 INSTALL
     250     870    5585 install-sh
    2311    4253   37640 lex.C
      99     327    2866 lex.H
     147    1220    7529 LICENCE
      54      97     925 main.C
      55     222    2140 MAKEFILE
      65     266    2416 Makefile
      48     213    1966 Makefile.in
      54     104     883 query.C
      14      24     172 query.H
      11     100     658 README
      56     125    1040 resultsdb.C
      28      63     447 resultsdb.H
     321     778    7490 scanner.C
      74     172    1701 scanner.H
      68     189    1240 strpool.C
      15      29     232 strpool.H
     101     253    1743 strutils.C
      13      24     163 strutils.H
      50      92     636 toctou.H
      39     257    1509 TODO
      76     189    1753 token.C
     412    1178    9164 token.H
       0       0       0 typescript
     232     557    4413 vulndb.C
      22      72     507 vulndb.H
      36      85     676 vulninfo.H
     821    2669   14741 vulns.i4d
    9233   27248  207749 total
f% make
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 token.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 lex.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 main.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 scanner.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 resultsdb.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 vulndb.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 handlers.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 formatter.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 config.C
config.C:12: warning: `__cplusplus' redefined
*Initialization*:1: warning: this is the location of the previous definition
In file included from /usr/include/stdio.h:24,
                 from config.H:15,
                 from config.C:16:
/usr/include/stdio_tag.h:16: parse error
make: *** [config.o] Error 1
f% ed config.C
11941
10,14p
extern "C" {
  // Hack for MS Windows
#define __cplusplus
#include "getopt.h"
}
12s/^.*   ^/   :^:  // :p
  // #define __cplusplus
w
11946
q
f% make
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 config.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 query.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 fatal.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 dict.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 strutils.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 dbparser.C
g++ -c -DDATA_DIR=/tmp/its4 -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 strpool.C
g++ -c -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 getopt.c
g++ -c -Wall -DHAVE_SNPRINTF -DHAVE_UNISTD -O3 getopt1.c
g++ -o its4 token.o lex.o main.o scanner.o resultsdb.o vulndb.o handlers.o formatter.o config.o query.o fatal.o dict.o strutils.o dbparser.o strpool.o getopt.o getopt1.o
f% m2h -ex *.c | spell -b
abc:d:0123456789
ambig
argc
ARGV
argv
b
c
ch1
ch2
chr
CONFIG
config.h
endif
enum
env
fprintf
GETOPT
getopt
getopt.h
gettext
GLIBC
GNUC
H
i
ifdef
ifndef
indfound
initialize
initialized
len
LIBC
libc
LIBINTL
libintl.h
longind
longopts
malloc
mempcpy
memset
msgid
nameend
nextchar
o
optarg
opterr
optind
optopt
optstring
orig
P
p
pfound
posixly
PROTO
s
STDC
stdio.h
stdlib.h
str
strchr
strcmp
string.h
strlen
strncmp
tem
unistd.h
unixlib.h
unrecognized
val
versions.h
VMS
W
f% ^-b^
m2h -ex *.c | spell
abc:d:0123456789
ambig
argc
ARGV
argv
b
c
ch1
ch2
chr
CONFIG
config.h
endif
enum
env
fprintf
GETOPT
getopt
getopt.h
gettext
GLIBC
GNUC
H
i
ifdef
ifndef
indfound
len
LIBC
libc
LIBINTL
libintl.h
longind
longopts
malloc
mempcpy
memset
msgid
nameend
nextchar
o
optarg
opterr
optind
optopt
optstring
orig
P
p
pfound
posixly
PROTO
s
STDC
stdio.h
stdlib.h
str
strchr
strcmp
string.h
strlen
strncmp
tem
unistd.h
unixlib.h
val
versions.h
VMS
W
f% grep pfound *.              history 3
    45  m2h -ex *.c | spell -b
    46  m2h -ex *.c | spell
    47  history 3
f% grep -i       m2h -lc++ -ex *.[cCH] | spell -b   
0;i
0;k
1048573L
1073741789L
131071L
134217689L
16777213L
1;j
2097143L
262139L
268435399L
33554393L
4194301L
524287L
536870909L
65521L
67108859L
8388593L
a:c:CDhHi:I:l:mo:q:Qrs:Sv:Vw
abc:d:0123456789
AddCharToComment
AddCharToStr
AddDecDigit
AddExponent
AddHexChr
AddHexDigit
AddIgnore
AddLimit
AddName
AddOctChr
AddOctDigit
AddQuery
AddRecord
AddResult
AddStringToPool
AddToBigIgnoreList
AllocedValue
ambig
are:s
arg;i
argc
argc;i
ARGV
argv
arr
ascii
assert.h
atoi
B
b
BeginExponent
bgn
buf
buf1
buf2
BUFSIZE
C
c
CalculateEffectiveLineNumber
CalculateOutputWidth
capacity;i
ch
ch1
ch2
CharTok
CheckName
CheckOneContainer
chr
CommentTok
cond
ConditionalAdd
CONFIG
config.H
config.h
ContinueIdentifier
counter;i
cpp
cpy
cr
ctype.h
D
d
DB
db
dbparser.H
DeallocQueries
dec
DEF
Def
DefaultHandler
DeleteItem
desc
df
DICT
dict.H
dict2
dictBucket
dictkey
DIR
dont
DoPostProcessing
dst
DummyBucket
E
e
EAGAIN
end;p
EndComment
EndHexChr
EndIdentifier
endif
endline
EndNum
EndOctChr
EndStr
enum
env
eofError
errBadToken
errno
errno.h
EX1
EX2
ExpandPool
F
f
fatal.H
fclose
feof
ferror
FigureOutCommand
file,first
filep
FindNextArgument
FindNextSize
fmt
fname
fnamefmt
fopen
formatter.H
FormatterOutput
formfeed
fprintf
fread
FUNC
funcname
G
g
GenChr
GenOp
GetChar
GetComments
GetContentLength
GetContents
GetCurrentSize
GetDBFilePtr
GetEndLineNo
getenv
GetExponent
GetInputScanning
GetIntegerPart
GetItem
GetKeys
GetLineNo
GetMantissa
GetName
GetNameById
GetNumericValue
GetNumKeys
GetOperatorName
GETOPT
getopt
getopt.h
GetOutputFile
GetOutputWidth
GetProgramName
GetQueries
GetRepr
GetResultTable
GetReverseSort
GetSeverityAsString
GetSeverityCutoff
GetShowSeverity
GetSortType
GetSourceIdentifier
GetString
gettext
GetToken
GetTokenIndex
GetTokens
GetTokenType
GetUseHandlers
GetValue
GetVulnDBLocations
GetVulnInfo
GLIBC
GNUC
GrabSomeMem
gt
H
h
handlers.H
hardcode
hashval
hndlr
i
i,x
id
IdTok
IFDEF
ifdef
IFNDEF
ifndef
IgnoreItOrNo
IgnoreIts4Commands
ilist
inconsistancy
INCR
incr
indfound
InitDummyBucket
InitHandlers
InitParser
InitResultsDB
InitStringPool
InitVulnDB
inp
IntegerTok
INTPART
isalnum
isdigit
IsLong
islower
IsUnsigned
itok
ITS4
its4
J
j
j;i
K
k
key,key
L
l
l1
l2
lbrace
ld
lde
len
lex.H
Lex::AddCharToComment
Lex::AddCharToStr
Lex::AddDecDigit
Lex::AddExponent
Lex::AddHexChr
Lex::AddHexDigit
Lex::AddOctChr
Lex::AddOctDigit
Lex::BeginExponent
Lex::ContinueIdentifier
Lex::EndComment
Lex::EndHexChr
Lex::EndIdentifier
Lex::EndNum
Lex::EndOctChr
Lex::EndStr
Lex::GenChr
Lex::GenOp
Lex::GetChar
Lex::Init
Lex::Lex
Lex::LexCComment
Lex::LexCPPComment
Lex::LexPreprocessorStuff
Lex::MakeFloat
Lex::MakeLong
Lex::MakeUnsigned
Lex::Scan
Lex::ScanLine
Lex::StartBase10OrLowerNum
Lex::StartHexChr
Lex::StartHexNum
Lex::StartIdentifier
Lex::StartOctChr
Lex::UngetChar
LexCComment
LexCPPComment
LexPreprocessorStuff
LIBC
libc
LIBINTL
libintl.h
line2
LineIgnoreList
lineno
longind
longopts
lt
M
m
MakeFloat
MakeLong
MakeUnsigned
MakeUserDefinedStringsShared
malloc
MANT
mant
memcpy
mempcpy
memset
msgid
N
n
nameend
neg
newlen
newpool
nextchar
NT
num
numBuckets
numBuckets;i
numKeys
numkeys
O
o
oct
oldBuckets
OperatorTok
opname
optarg
opterr
optind
optopt
optstr
optstring
orig
outbuf
OutOfMemory
P
p
ParseDefine
ParseError
ParseOptions
Perror
perror
pfound
pos
posixly
PreprocCond
PreprocEndToken
PreprocMacro
PreprocStartToken
pri
PrintAll
PrintFooter
ProcessIgnores
progname
PROTO
ptr
Q
q
qmark
qsort
queries;i
query.H
R
r
r.id
r.line
r.s
r.source
r.v
r1
r2
rbrace
RealSize
RealTok
REC
rehashSize
repr
ResizeResultsTable
RESULTSDB
resultsdb.H
RISK,v
RunQueries
RunQuery
RunScan
RunTOCTOUScan
S
s
s,id
s1
s2
ScanfHandler
ScanIgnoreFile
ScanLine
scanner.H
Scanner::AddToBigIgnoreList
Scanner::CalculateEffectiveLineNumber
Scanner::CheckName
Scanner::CheckOneContainer
Scanner::FigureOutCommand
Scanner::IgnoreItOrNo
Scanner::ProcessIgnores
Scanner::RunScan
secondHash
SetItem
SetOutputFile
SetProgramName
ShowDescription
ShowHelp
ShowSolution
ShowUsage
size;i
sizeIndex
sizeof
sl
SnarfDBFile
SnarfFile
sncp
SNPRINTF
snprintf
SnprintfHandler
SortFilenameSeverity
SortFilenameVulname
SortSeverityFilename
SortSeverityVulname
SortVulnameFilename
SortVulnameSeverity
sprintf
SprintfHandler
sr
src
srcid
ss
SscanfHandler
start;p
StartBase10OrLowerNum
StartCComment
StartCPPComment
StartHexChr
StartHexNum
StartIdentifier
startline
StartOctChr
STDC
stdio.h
stdlib.h
STR
str
strcasecmp
strcat
strchr
strcmp
strcpy
StrcpyHandler
strerror
stricmp
string.h
stringpart
StringTok
strlen
strncat
strncmp
strncpy
STRPOOL
strpool.H
STRUTILS
strutils.H
T
t
t2
tc
tem
tindex
tn
TOCTOU
toctou
toctou.H
tok
token.H
TokenContainer
TokenContainer::Add
TokenContainer::GetToken
TokenContainer::Resize
TokenContainer::TokenContainer
TokenId
TTBucket
TTSite
U
u
UDE
UNDEF
UngetChar
UNISTD
unistd.h
unixlib.h
unterminatedCommentError
V
v
v,tc,i,src
v,tc,i,src,0
v,tc,i,src,1
v1
val
Var
var
VarInfo
varlist
varname
varnames
versions.h
VMS
vtab
vuln
VULNDB
vulndb.H
VULNINFO
VulnInfo
vulninfo.H
vulns.i4d
W
w
WIN32
X
x
xor
Y
y
YieldEmptyDefinition
YieldFuncName
YieldFunctionDefEnd
YieldIntegerAssignment
YieldIntegerValue
YieldKeyName
YieldStringAssignment
YieldStringValue
YieldVariableValue
YieldVarName
Z
z
f% make install
/usr/sbin/install -c -d /tmp/bin
install: The -c, -f, -n options each require a directory following!
make: *** [install] Error 2
f% ed Makefile
2416
/INSTALL/
INSTALL=/usr/sbin/install -c
s/sbin/ucb/p
INSTALL=/usr/ucb/install -c
w
2415
q
f% make install
/usr/ucb/install -c -d /tmp/bin
/usr/ucb/install -c its4 /tmp/bin 
/usr/ucb/install -c -d /tmp/its4
/usr/ucb/install -c vulns.i4d /tmp/its4
/usr/ucb/install -c -d /tmp/man/man1
/usr/ucb/install -c docs/its4.1 /tmp/man/man1/
echo "Installation complete."
Installation complete.
f% ls /tmp/bin
its4
f% ls /tmp/man/man1
its4.1
f% nroff -m        tkman /tmp/man/man1/its4.1
tkman: Command not found
f% nroff -man - /tmp/man/man1/its4.1 | m less
less: Command not found
f% ^less^more
nroff -man /tmp/man/man1/its4.1 | more



User Commands                                             ITS4(1)



NNNNAAAAMMMMEEEE
     its4 - Scan C/C++ source for potential security problems.

SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS
     iiiittttssss4444 [-mrCDHQSV?]  [-a  function]  [-c  [{0,1,2,3,4,5}]  [-i
     function]  [-I  file]  [-l function] [-o filename] [-q func-
     tion]   [-s   {0,1,2,3,4,5,6}]   [-v   file]    [-w    cols]
     [--db-location=file]       [--help]      [--ignore=function]
     [--no-commands]     [--no-descriptions]      [--no-severity]
     [--no-solutions]    [--output=filename]   [--query=function]
     [--reverse] [--no-handlers]  [--quiet]  [--ignore-file=file]
     [--add=function]      [--input-mode]      [--limit=function]
     [--severity-cutoff={0,1,2,3,4,5}]   [--sort={0,1,2,3,4,5,6}]
     [--width=cols] [FILE...]

[2;7m--More--[22;27m
DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN
     This manual page documents iiiittttssss4444,,,, a scanner  for  C  and  C++
     code that searches for potential security holes.

     The iiiittttssss4444 scanner searches the  entire  program  source  with
     heuristics  in  an  attempt  to  find library calls that may
     indicate a security vulnerability.

     File arguments are required unless  either  the  --[4mquery[24m  or
     --[4mversion[24m argument is used.


  OOOOPPPPTTTTIIIIOOOONNNNSSSS
     -[4ma[24m, --[4madd[24m=[4mfunction[24m
          Add a new function name to the database for  this  scan
          only.   Modify  the database file or create a new data-
          base file for a more permanent solution.

     -[4mc[24m, --[4mseverity[24m-[4mcutoff[24m={[4m0[24m,[4m1[24m,[4m2[24m,[4m3[24m,[4m4[24m,[4m5[24m}
          Set severity cutoff.  The default is 2.  Lower  numbers
          generally give more warnings.

[2;7m--More--[22;27m
     -[4mC[24m, --[4mno[24m-[4mcommands[24m
          Ignore commands to ITS4 that are embedded in  comments.
          See  the  section  "COMMANDS"  for information on these
          commands.

     -[4mD[24m, --[4mno[24m-[4mdescriptions[24m
          Don't display descriptions of potential problems.

     -[4mH[24m, --[4mno[24m-[4mhandlers[24m
          Don't use any clever tricks, just  match  token  names.
          This  flag gives more warnings than if you don't use it
          (or at least no fewer).  The reason is  because  checks
          that  reduced the severity of ssssttttrrrrccccppppyyyy((((ddddsssstttt,,,, ''''''''ffffoooooooo'''''''')))) to 0
          are now not made.




SunOS 5.7                 Last change:                          1



[2;7m--More--[22;27m

[K


User Commands                                             ITS4(1)



     -[4mi[24m, --[4mignore[24m=[4mfunction[24m
          Ignore instances of a particular function  name.   This
          flag can be used as many times as you like.

     -[4mI[24m, --[4mignore[24m-[4mfile[24m=[4mfilename[24m
          Specify a file to read ignore info from,  causing  ITS4
          to not report instances of those functions.  Each func-
          tion to ignore should be on its own line.

     -[4ml[24m, --[4mlimit[24m=[4mfunction[24m
          Tells ITS4 not to scan for any functions, except  those
          passed  in  with  this  flag.  You can use this flag as
          many times as you want.

     -[4mm[24m, --[4minput[24m-[4mmode[24m
[2;7m--More--[22;27m
          Tells ITS4 to print out all  non-argv  spots  at  which
          input can enter.  This option causes some other options
          to be ignored.  Most importantly, the regular scan does
          not happen, no severities are visibly reported, and the
          cutoff is ignored.  Also,  the  default  sorting  value
          changes to 0, from 2 (see below).

     -[4mo[24m, --[4moutput[24m=[4mfilename[24m
          Direct output to a given filename instead of stdout.

     -[4mq[24m, --[4mquery[24m=[4mfunction[24m
          Show database record for the given function name.  This
          flag can be used as many times as you like.

     -[4mr[24m, --[4mreverse[24m
          Sort output in reverse order.

     -[4ms[24m, --[4msort[24m={[4m0[24m,[4m1[24m,[4m2[24m,[4m3[24m,[4m4[24m,[4m5[24m,[4m6[24m}
          Sort output.  Takes integer from 0-6.   Default  is  2,
          unless  -m  (--input-mode)  flag  is also set, in which
          case the default is 0.

[2;7m--More--[22;27m
     0000=   No sort, report in order scanned.

     1111=   Sort by most severe, then group by location.

     2222=   Sort by most severe, then group by vulnerability.

     3333=   Sort by vulnerability, then severity.

     4444=   Sort by vulnerability, then location.

     5555=   Sort by file, then by severity.

     6666=   Sort by file, then by vulnerability.

     The programmer can pass commands to the  ITS4  scanner  from



SunOS 5.7                 Last change:                          2



[2;7m--More--[22;27m

[K


User Commands                                             ITS4(1)



     within the source code by embedding the commands within com-
     ments.  Currently, the only command supported is the  IGNORE
     command, which is capable of suppressing individual warnings
     (unless the -C flag is passed to the program).  If there  is
     code  on  the  same  line  as  the comment, then the command
     applies to that line.  If not, the command  applies  to  the
     very  next  line (so don't have blank lines between the com-
     ment and the code).  If there are two comments on one  line,
     both  with  ITS4  commands,  the  first operates only on the
     current line, up to the comment.  The second  operates  only
     on  the  current line after the comment, or the next line if
     there is no code on the current line.


     The ignore command is best explained with some examples:
[2;7m--More--[22;27m

[K
     strcpy(dst, src); /* ITS4: ignore */

     strcpy(dst, src); /* ITS4: ignore strcpy */

ignores both
     strcpy(dst, src); strcat(dst,  src2);   /*  ITS4:  ignore  */  //

strcat */
     strcpy(dst,  src);  strcat(dst,  src2);   /* ITS4: ignore strcpy,

     You  can't  embed a comment in the same comment block as the
     command.  Use a separate comment for that.

BBBBUUUUGGGGSSSS
     This man page is wrong if your  system  does  not  have  GNU
     getopt,  which  supports long options.  If that is the case,
     only short versions of options are supported.

AAAAUUUUTTTTHHHHOOOORRRR
     John Viega, [4mviega[24m@[4mlist[24m.[4morg[24m

[2;7m--More--[22;27m
     NNNNOOOOTTTTEEEE:::: The copyright of this software  is  held  by  Reliable
     Software  Technologies.   There are some restrictions to its
     commercial use.  See the LLLLIIIICCCCEEEENNNNCCCCEEEE file  that  came  with  the
     package for details, or visit














SunOS 5.7                 Last change:                          3



f% view getopt.C [cC]
[24;1H"getopt.c" [Read only] 1030 lines, 29775 characters [H[J/* Getopt for GNU.[2;4HNOTE: getopt is now part of the C library, so if you don't know what
   "Keep this file name-space clean" means, talk to drepper@gnu.org
   before changing it!

   Copyright (C) 1987, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99
[8CFree Software Foundation, Inc.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Library General Public License as
   published by the Free Software Foundation; either version 2 of the
   License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Library General Public License for more details.

   You should have received a copy of the GNU Library General Public
   License along with the GNU C Library; see the file COPYING.LIB.  If not,
   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.  */
^L[H[23B"getopt.c" [Read only] 1030 lines, 29775 characters[H[23B[K:q
D[J[?25hf% exit
f% 
script done on Fri 25 Aug 2000 11:24:27 AM NZST
