Defects and Vulnerability Analysis (original) (raw)

A CWE Compatible Tool

GNAT SAS has been designated as CWE-Compatible by the MITRE Corporation's Common Weakness Enumeration (CWE) Compatibility and Effectiveness Program and can detect a multitude of code weaknesses, including several that are among, or are in the same class as, the CWE’s Top 25 Most Dangerous Software Errors.

It's advanced static error detection finds bugs before programs are run. By mathematically analyzing every line of code, and considering every possible input and every path through the program, It can be used very early in the development life-cycle to identify problems when they are much less costly to repair. The tool can also be used retrospectively on existing code bases, to detect latent vulnerabilities.

CWE-120 (Classic Buffer Overflow)
“The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.”

CWE-131 (Incorrect Calculation of Buffer Size)
“The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.”

CWE-190 (Integer Overflow or Wraparound)
“The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.”

The following CWE weaknesses will also be detected: