How to Use CodeWarrior for SAST – Step-by-step Guide

Request a quote
20 May, 2019

How to Use CodeWarrior for SAST – Step-by-step Guide

CodeWarrior is a SAST tool supporting multiple languages such as C, C#, PHP, Java, Ruby, ASP, and JavaScript for a variety of security vulnerabilities. This tool is available for Linux OX, BSD, and MacOS systems. You do not need to install it on a machine, simply compiling it using “make” is sufficient to run this tool after the downloading is completed. 

In addition, even though it is a web application, Apache is not required. After starting the canner, it will prompt you to select the source code to be scanned by opening up the web browser. As compared to other tools, this tool has a relatively low rate of false positives. 

Setup & Usage 

You can download this tool from GitHub. Or, you can also clone the Git repository using the following command – 

git clone https://github.com/CoolerVoid/codewarrior.git 

cd CodeWarrior 

$ make 

Figure 1 Cloning the repository

CodeWarrior runs at HTTPd with TLS and uses the KISS principle. The KISS principle is a design principle which states that the systems work best if kept simple, rather than making them complicated.  

  • For compilation, CodeWarrior needs “gcc” preinstalled. If it’s not installed, then simply enter this command: 
  • sudo apt-get install gcc  (This command works with Debian based Linux Distros.) 

    Figure 2 Compiling CodeWarrior using make command

  • After downloading the repository, you will need to compile it using the “make command. Execute the downloaded file as “bin/warrior”. 

Figure 3 Executing CodeWarrior

      Now, let’s get started with a demo. 

  • We tested this tool on a repository that contains incomplete and vulnerable code. The link for this repository is  
  • https://github.com/joostvanveen/php-security-pitfalls.git 
  • Use the git clone command to clone this repository in your system
  • After cloning the repository, go to your browser and enter the path where the repository is saved into your system. 
  • The repository contains PHP code. Select “PHP Common fails” in the module and “.php” in extension.  
  • Click on Start. You will see possible vulnerabilities with specific description for every finding. 

Figure 5 Vulnerabilities listed with a complete description

Directories 

web/ = local of JavaScript, html and CSS sources 

src/ = C source code (web socket) 

eggs/ = external modules to search codes using regex 

conf/whitelist.conf = list of IPs that have access in the HTTPd server 

bin/ = file to execute 

doc/ = at construction 

lib/ = external libraries 

cert/ = loads your certificates for TLS here 

Create certificate 

If there is a requirement to create your own certificate, then follow these steps – 

cd cert 

openssl req -x509 -sha256 -nodes -days 365 –newkey rsa:2048 –keyout certkey.key -out certificate.crt 

cat certificate.crt certkey.key > certkey.pem 

cd .. 

Concluding Notes 

  • If there is a return error, it means that the port is in use, close it using – 

              $ fuser -k n tcp 4444

  •  Usthe Chrome browser to run the application. 
  • Use 127.0.0.1, do not use localhost name. 
  • If you face an issue during the compilation process, then look for error that’s being generated.
  • In most cases, some required libraries are not pre-installed due to which problems occur during compilation. We also faced this issue during compilation. 

Figure 6 Troubleshooting an error raised due to unmet dependency.

Here, the development package for OpenSSL is not installed. So, simply enter the following command: 

sudo apt-get install libssl-dev 

(Read about the differences between DAST & SAST here.)