forked from ntop/nDPI
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcodesonar.conf
109 lines (104 loc) · 5 KB
/
codesonar.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
#codeSonar config file
WARNING_FILTER += discard class="Negative Character Value"
SEARCH_BOUND = 300
TAINT_SEARCH_BOUND = 300
PATH_FINDING_EFFORT = 2000
PATH_SHORTENING_EFFORT = 300
MAX_ATTEMPTED_SIMILAR_PATHS = 16
TAINT_MAX_ATTEMPTED_SIMILAR_PATHS = 16
MAX_SUMMARIES_PER_PROCEDURE = 7
MAX_MODIFIED_VALUES = 150
TAINT_MAX_MODIFIED_VALUES = 150
MAX_CHECKED_INPUTS_PER_PROCEDURE = 100
TAINT_MAX_CHECKED_INPUTS_PER_PROCEDURE = 100
MAX_CHECKS_PER_INPUT = 30
MAX_GLOBAL_CHECK_AGE = 2
MAX_CHECK_COMPLEXITY = 40
MAX_EXPRESSION_COMPLEXITY = 48
TAINT_MAX_EXPRESSION_COMPLEXITY = 80
TAINT_MAX_SET_CARDINALITY = 20
TIME_LIMIT_INTRA_EXPLORE = 600
TIME_LIMIT_INTRA_CLASSIFY = 600
TIME_LIMIT_INTER_CLASSIFY = 600
TIME_LIMIT_RESOLVE = 600
TIME_LIMIT_REFINE = 600
TIME_LIMIT_LEAK_CLASSIFY = 600
TIME_LIMIT_LEAK_REFINE = 600
TIME_LIMIT_PROP_EXHAUSTIVE = 600
REPORT_IMPLIED_INEQUALITY = Yes
TAINT_CALLSITE_EXPANSION_EFFORT = 3000
DP_REFINEMENT_EXACT_TIMEOUT = 20
DP_REFINEMENT_APPROXIMATE_TIMEOUT = 20
TAINT_PLUS_DP_REFINEMENT_TIMEOUT = 40
# This preset enables the C/C++ warning classes that are considered
# most useful for security audits. This is a strict subset of those
# classes whose significance is 'security'.
# Visit a page like
# http://localhost:7340/install/codesonar/doc/html/Preferences/SecurityAnalysis.html
# for documentation on what these settings do.
WARNING_FILTER += allow class="2$Buffer Overrun"
WARNING_FILTER += allow class="Addition Overflow of Allocation Size"
WARNING_FILTER += allow class="Addition Overflow of Size"
WARNING_FILTER += allow class="Hardcoded DNS Name"
WARNING_FILTER += allow class="Multiplication Overflow of Allocation Size"
WARNING_FILTER += allow class="Multiplication Overflow of Size"
WARNING_FILTER += allow class="Return from Computational Exception Signal Handler"
WARNING_FILTER += allow class="Returned Pointer Not Treated as const"
WARNING_FILTER += allow class="Subtraction Underflow of Allocation Size"
WARNING_FILTER += allow class="Subtraction Underflow of Size"
WARNING_FILTER += allow class="Tainted Allocation Size"
WARNING_FILTER += allow class="Tainted Configuration Setting"
WARNING_FILTER += allow class="Tainted Filename"
WARNING_FILTER += allow class="Tainted Network Address"
WARNING_FILTER += allow class="Tainted Write"
WARNING_FILTER += allow class="Truncation of Allocation Size"
WARNING_FILTER += allow class="Truncation of Size"
# Classes below are enabled by default: they are included for
# completeness, in case they have been disabled by a previous rule.
# Note that this default enabling means that a class may remain
# enabled even if its WARNING_FILTER rule is commented out below.
WARNING_FILTER += allow class="Buffer Overrun"
WARNING_FILTER += allow class="Buffer Underrun"
WARNING_FILTER += allow class="Coercion Alters Value"
WARNING_FILTER += allow class="Command Injection"
WARNING_FILTER += allow class="Double Free"
WARNING_FILTER += allow class="Encryption without Padding"
WARNING_FILTER += allow class="File System Race Condition"
WARNING_FILTER += allow class="Format String"
WARNING_FILTER += allow class="Format String Injection"
WARNING_FILTER += allow class="Format String Type Error"
WARNING_FILTER += allow class="Function Call Has No Effect"
WARNING_FILTER += allow class="Hardcoded Authentication"
WARNING_FILTER += allow class="Hardcoded Crypto Key"
WARNING_FILTER += allow class="Hardcoded Crypto Salt"
WARNING_FILTER += allow class="Hardcoded Seed in PRNG"
WARNING_FILTER += allow class="Inappropriate Call Outside Loop"
WARNING_FILTER += allow class="Integer Overflow of Allocation Size"
WARNING_FILTER += allow class="LDAP Injection"
WARNING_FILTER += allow class="Library Injection"
WARNING_FILTER += allow class="Misaligned Object"
WARNING_FILTER += allow class="Negative Character Value"
WARNING_FILTER += allow class="Negative Shift Amount"
WARNING_FILTER += allow class="Overlapping Memory Regions"
WARNING_FILTER += allow class="Padding Passed Across a Trust Boundary"
WARNING_FILTER += allow class="Plaintext Storage of Password"
WARNING_FILTER += allow class="Plaintext Transmission of Password"
WARNING_FILTER += allow class="Pool Mismatch"
WARNING_FILTER += allow class="Predictable Seed in PRNG"
WARNING_FILTER += allow class="Return Pointer to Freed"
WARNING_FILTER += allow class="Return Pointer to Local"
WARNING_FILTER += allow class="Return from noreturn"
WARNING_FILTER += allow class="SQL Injection"
WARNING_FILTER += allow class="Shift Amount Exceeds Bit Width"
WARNING_FILTER += allow class="Tainted Buffer Access"
WARNING_FILTER += allow class="Tainted Environment Variable"
WARNING_FILTER += allow class="Thread is not Joinable"
WARNING_FILTER += allow class="Type Mismatch"
WARNING_FILTER += allow class="Type Overrun"
WARNING_FILTER += allow class="Type Underrun"
WARNING_FILTER += allow class="Uninitialized Variable"
WARNING_FILTER += allow class="Unreasonable Size Argument"
WARNING_FILTER += allow class="Unterminated C String"
WARNING_FILTER += allow class="Use After Close"
WARNING_FILTER += allow class="Use After Free"
WARNING_FILTER += allow class="Use of Weak Cryptographic Algorithm"