GNAT Static Analysis Suite 26 Release Notes¶
We present here a few highlights of the new features in GNAT SAS 26. You can access the complete list in the GNAT SAS 26 feature file.
New analyses¶
Taint analysis¶
GNAT SAS now offers taint analysis. Taint analysis spots security defects that arise when data flows from external data sources (called _sources_) to vulnerable subprograms (called _sinks_). For example, input from a user might flow to a subprogram that executes an operating-system command. Without appropriate handling of the data (called _sanitization_), a user might exploit such a tainted data flow to execute an unexpected and dangerous operating-system command, breaching system security.
This release of GNAT SAS includes built-in identification of key sources and sinks from the Ada runtime, the GNATcoll library, and key parts of the Ada Web Server (AWS). GNAT SAS will report on dangerous data flows from these identified sources, through your code, and to identified sinks. GNAT SAS reports dangerous data flows with full path information, so you can follow the data flow and determine whether it should be considered safe or a sanitizer should be applied. Each sink is associated with a CWE; the CWE identifier is used in reporting to help you identify the vulnerability and assess its impact more easily. CWEs covered by taint analysis include: 20, 22, 77, 78, 79, 89, 94, 200, 918.
Taint analysis is driven by new annotations that identify taint sources, sinks and sanitizers. These new annotations allow you to extend the analysis to your own code: simply annotate sources and sinks, and GNAT SAS will report on dangerous data flows.
For more information, see the GNAT SAS Users Guide.
Type state analysis¶
GNAT SAS now offers type state analysis. Type state analysis spots problems that arise from incorrect adherence to API protocols, especially protocols that govern the use of resources. For example, a file resource should be opened once, read from or written to one or more times, and finally closed once. Opening a file multiple times, reading or writing from a file that has not been opened, or failing to close a file are all errors: they do not conform the protocol.
This release of GNAT SAS includes built-in type state analysis of the Ada.Text_IO API. Analysis is currently limited to within a given subprogram, but will be expanded to support interprocedural analysis will full path information in an upcoming release.
For more information, see the GNAT SAS Users Guide.
Parameter mode analysis¶
GNAT SAS now reports when the use of a parameter in a subprogram is inconsistent with its specification. For example, if a parameter is marked in out but is never written, GNAT SAS will suggest that it be changed to in.
Aliasing between up-level variables and by-copy parameters¶
GNAT SAS now reports on instances in which a global variable is modified directly from within a subprogram and also passed into the same subprogram as a pass-by-copy in out or out parameter. This situation is potentially dangerous and difficult to spot, as the pass-by-copy parameter will (silently) overwrite the value of the global that was set within the subprogam.
User interface¶
GNAT Metrics integration¶
GNAT Metrics can now be launched from the gnatsas tool using gnatsas metrics. All GNAT Metrics command-line options are suppored by this integration. Results from gnat metrics are output as before.
Improved performance of GNAT Check¶
GNAT Check now executes rules up to 30% faster. On generic code, GNAT Check is up to 200% faster.
Introduce LKQL Rule Composition¶
It is now possible to combine multiple LKQL rule sets with the new combine method. This lets users compose multiple LKQL rule file when using this in conjuction with the import statements. This makes LKQL rule file features equivalent to the legacy rule option format.
Qualification of the new LKQL Rule File Format¶
The LKQL Rule File Format is now part of the GNATcheck qualification kit.
GNATcheck text report now displays each message’s category¶
The GNATcheck text report now categorizes each message by prefixing it with appropriate identifiers to specify whether a message is a rule violation, a warning, or an error.