GNATSAS Security Report
1. Potential Security Vulnerabilities Detected by GNATSAS
GNATSAS 24.0w (unknown_date) ran on 2023-07-17 15:04:04 with the following parameters:
gnatsas analyze -P gnat_sas_by_example.gpr --level 3and found the following potential security vulnerabilities:
bad_assign.adb:3:9: high: validity check [CWE 457] (Inspector): X is uninitialized here
|
bad_induction.adb:4:12: high: validity check [CWE 457] (Inspector): check fails here; requires X'Initialized (iteration 1 of 10)
|
bad_call_search.adb:9:11: medium: precondition <validity check> [CWE 457] (Inspector): precondition might fail on call to search; requires X(1) = Y or X(2) = Y or X(3) = Y or X(4) = Y or X(5) = Y or X(6) = Y or X(7) = Y or X(8) = Y or X(9) = Y or X(10) to be initialized
|
bad_cond_assign.adb:3:9: medium warning: test always true [CWE 571] (Inspector): test always true because B or not B
|
bad_cond_assign.adb:6:9: medium warning: dead code [CWE 561] (Inspector): dead code because B or not B
|
bad_multi_cond_assign.adb:7:12: medium warning: dead code [CWE 561] (Inspector): dead code because not B2 or Y >= 1
|
bad_multi_induction.adb:5:13: medium warning: loop does not complete normally [CWE 835] (Inspector)
|
bad_multi_induction.adb:5:13: medium warning: test always true [CWE 571] (Inspector): test always true because X1 < Y
|
bad_multi_induction.adb:8:4: medium warning: dead code [CWE 561] (Inspector): dead code because X1 < Y
|
bad_self_assign.adb:4:6: medium warning: useless reassignment [CWE 563] (Inspector): useless reassignment of X
|
bad_self_deref_assign.adb:4:10: medium warning: useless reassignment [CWE 563] (Inspector): useless reassignment of X.all
|
bad_multi_cond_assign.adb:6:13: low warning: test always false [CWE 570] (Inspector): test always false because not B2 or Y >= 1
|
2. Security Vulnerabilities Not Present
2.1. CWEs not detected
The following table shows CWEs that have been scanned by GNATSAS and have not been detected.
| CWE Identifiers |
|---|
| 362 |
| 821 |
2.2. CWEs prevented by Ada
The following table shows CWEs that relate to specific features of languages other than Ada - for example, a CWE that is particular to Java, and cannot affect an Ada program. Merely using Ada at all is sufficient to prevent these CWEs.
| CWE Identifiers | Note |
|---|---|
| 467, 484 | Only affects C and C++ |
| 500 | Only affects C++ and Java |
| 520, 526 | Only affects .NET languages |
| 8, 9, 487, 555, 574 | Only affects Java |
| 103, 104, 107, 108, 109, 110, 608 | Only affects Struts framework |
The next table shows a group of CWEs that reflect programming language problems and constructs that cannot affect Ada at all, but are not particular to any other specific language.
| CWE Identifiers | Note |
|---|---|
| 588 | Unsafe pointer usage - not possible in Ada |
| 95 | Unvalidated code in dynamic “eval” context - not possible in Ada |
| 481, 482 | Confusion between assignment and comparison - not possible in Ada |
| 170 | Improper null termination of Strings - not possible in Ada |
| 228, 229, 233, 237, 240 (and variants thereof) | Parameters missing/extra/confused - not possible in Ada owing to parameter passing rules and strong type checking |
2.3. CWEs Mitigated by Ada
The following table lists CWEs by their identifier and short description that are mitigated thanks to Ada's built-in run-time checks and exception handling.
| CWE Identifiers | Short Description |
|---|---|
| 120 | Buffer Overflow |
| 123 | Write-what-where condition |
| 124 | Buffer Under-write |
| 125 | Out-of-bounds read |
| 128 | Wrap-around error |
| 129 | Improper validation of array index |
| 130 | Improper handling of length parameter |
| 131 | Incorrect calculation of buffer size |
| 136 | Type errors |
| 137 | Representation errors |
| 190 | Integer overflow or wraparound |
| 191 | Integer underflow or wraparound |
| 193 | Off-by-one error |
| 194 | Unexpected sign extension |
| 197 | Numeric truncation error |
| 252 | Unchecked return value |
| 253 | Incorrect check of function return value |
| 369 | Divide-by-zero |
| 476 | Null pointer dereference |
| 682 | Incorrect calculation |
| 786 | Access before start of buffer |
| 787 | Out-of-bounds write |
| 788 | Access after end of buffer |
| 805 | Buffer access with incorrect length |
| 824 | Uninitialized pointer |
Annex A. List of Ada Source Files Analyzed by GNATSAS
The following files have been analyzed by GNATSAS:
assign_pos.adb |
bad_multi_induction.adb |
assign_all_arr.adb |
above_call_unknown.adb |
search.adb |
assign.adb |
map.adb |
bad_assign_arr.adb |
assign_arr.adb |
pointer_assign.adb |
bad_deref.adb |
multi_induction.adb |
induction.adb |
unknown.ads |
double_pointer_assign.adb |
bad_self_deref_assign.adb |
call_assign.ads |
bad_self_assign.adb |
cond_assign.adb |
assign_rec.ads |
assign_to_pos.adb |
assign_all_arr_incr_unk.adb |
bad_induction.adb |
call_unknown.adb |
call_unknown_ptr.adb |
search_loop.adb |
filter.adb |
case_assign.ads |
bad_deref_assign.adb |
assign_all_arr_incr.adb |
ident_arr.adb |
ident_arr.ads |
call_unknown_pos.adb |
top_down.adb |
call_double_pointer_assign.adb |
bad_assign_to_pos.adb |
deref.adb |
search_unk.adb |
self_assign.adb |
reverse_call_assign.ads |
bad_call_search.adb |
case_assign.adb |
call_unknown_arr.adb |
sum_all_arr.adb |
search_while.adb |
bad_assign_rec.adb |
bad_assign.adb |
bad_assign_all_arr_unk.adb |
assign_arr.ads |
bad_cond_assign.adb |
call_double_pointer_assign.ads |
self_deref_assign.adb |
rec_constant.adb |
bad_search.adb |
assign_arr_unk.adb |
diff_pointer_assign.adb |
call_search.adb |
concat.adb |
call_assign.adb |
unknown_arr.ads |
bad_call_assign.adb |
call_unknown_rel.adb |
deref_assign.adb |
unknown_ptr.ads |
assign_rec.adb |
multi_cond_assign.adb |
call_pointer_assign.adb |
bad_multi_cond_assign.adb |
deref.ads |
concat_op.adb |
bad_pointer_assign.adb |
reverse_call_assign.adb |
assign_arr_unk.ads |
context.adb |
bad_assign_all_arr.adb |