Tips Tricks Scrubbing Source Code For Common Coding

Tips & Tricks: Scrubbing Source Code For Common Coding Mistakes (Fx. Cop And PREfast) Nicholas Guerrera TLNL 06 Software Design Engineer Microsoft Corporation 1

Why Code Analysis? One of a collection of strategies for improving code quality Identify potential issues earlier in development cycle Problems are cheaper to fix the earlier they are identified 2

Code Analysis In Visual Studio Team System Managed code analysis (Fx. Cop) C#, C++/CLI, VB. NET, ASP. NET Unmanaged code analysis (PREfast) C/C++ Automatically suppress warnings in source File bugs based on analysis results Enforce code analysis policy for check-ins 3

Types Of Mistakes Typographical Misuse of API Security issues API design guidelines / best practices Code complexity and maintainability Constructs that do not perform well 4

Demo: Managed Code Analysis In Visual Studio Team System Nicholas Guerrera Software Design Engineer Visual Studio Team System 5

Example One SQL injection vulnerability private string Get. Account. Number(string username, string password) { string cnx. String = Configuration. Manager. App. Settings["Connection. String"]; using (Sql. Connection connection = new Sql. Connection(cnx. String)) using (Sql. Command command = new Sql. Command()) { connection. Open(); command. Connection = connection; command. Command. Text = "SELECT Account. Number FROM Users " + "WHERE (Username='" + username + "')" + "' AND (Password='" + password + "')"; return (string)command. Execute. Scalar(); } "q' OR 'q'='q" } 6

Example Two Naming and design guidelines public class box { public int height; public int width; public box(int height, int width) { this. height = height; this. width = width; this. print_to_console(); } public void print_to_console() { Console. Write. Line("({0}, {1}", this. height, this. width); } } Issues: public fields, incorrect casing, underscores Tip: Use C# refactoring to fix these! 7

Example Three Globalization error private Font Read. Font. From. Settings() { Xml. Document doc = new Xml. Document(); doc. Load(Get. Settings. Xml. Path()); Xml. Node font. Node = doc. Select. Single. Node("Font"); float size = float. Parse(font. Node. Attributes["Size"]. Value); string name = font. Node. Attributes["Name"]. Value; Font. Style style = (Font. Style)Enum. Parse(typeof(Font. Style), font. Node. Attributes["Style"]. Value); return new Font(name, size, style); } Issue: Missing IFormat. Provider argument, defaults to Culture. Info. Current. Culture 8

Example Four Serialization error public class Sample. Exception : Exception { public Sample. Exception() : base() { } public Sample. Exception(string message) : base(message) { } public Sample. Exception(string message, Exception inner. Exception) : base(message, inner. Exception) { } } Issue: Missing [Serializable] attribute and deserialization constructor Exception cannot be serialized or thrown across App. Domains. 9

Demo: Unmanaged Code Analysis In Visual Studio Team System Nicholas Guerrera Software Design Engineer Visual Studio Team System 10

$Example One Buffer overrun void Print. Module. File. Name() { wchar_t *p = (wchar_t$

Example One Buffer overrun void Print. Module. File. Name() { wchar_t *p = (wchar_t *)malloc(MAX_PATH); Get. Module. File. Name(NULL, p, MAX_PATH); printf("%S", p); } Issues Buffer overrun: confusion between character and byte counts Misuse of malloc and Get. Module. File. Name 11

Example Two Arithmetic overflow long Shift(int x, int y) { return x << y; } Issue Arithmetic overflow: result is cast to 64 -bit after the shift may already have overflown beyond 32 -bits. 12

Example Three Incorrect HRESULT usage // Call Co. Initialize and return true if it succeeds. bool Initialize() { if (Co. Initialize(0)) { return false; } return true; } Issue HRESULT and bool are semantically different, use FAILED or SUCCEEDED macros. Success codes can be non-zero (true in a boolean context). For example, S_FALSE == 0 x 1 13

Example Four Incorrect printf usage bool Print. Stuff() { printf("%s - %d", 22, "twenty-two"); printf("%s - %d", "twenty-two", 22); } Issues Type mismatches Too few arguments Too many arguments 14

Example Five Possible NULL dereference void Do. Work() { int x, *p; if (Condition()) { p = &x; } else { p = (int *)malloc(sizeof(int)); } *p = 27; } Issue: If Condition() returns false, p could be null Tip: Double-click on messages in the error list to see path highlighting 15

Where To Find Out More Getting started with code analysis Hands-On Lab: Visual Studio Team System, Source Code Analysis: HOLTLN 04 Visual Studio Team System 2005 Beta 2, CTP, or upcoming RTM Discussions on public forums at http: //forums. microsoft. com Fx. Cop is also available as a standalone tool from http: //www. gotdotnet. com/ 16

Questions? 17