How to Use CodeWarrior for SAST – Step-by-step Guide

CodeWarrior is a SAST tool supporting multiple languages such as C, C#, PHP, Java, Ruby, ASP, and JavaScript for a variety of security vulnerabilities. This tool is available for Linux OX, BSD, and MacOS systems. You do not need to install it on a machine, simply compiling it using “make” is sufficient to run this tool after the downloading is completed. 
In addition, even though it is a web application, Apache is not required. After starting the canner, it will prompt you to select the source code to be scanned by opening up the web browser. As compared to other tools, this tool has a relatively low rate of false positives. 

Setup & Usage 

You can download this tool from GitHub. Or, you can also clone the Git repository using the following command – 
git clone 
cd CodeWarrior 
$ make 

Figure 1 Cloning the repository

CodeWarrior runs at HTTPd with TLS and uses the KISS principle. The KISS principle is a design principle which states that the systems work best if kept simple, rather than making them complicated.  

  • For compilation, CodeWarrior needs “gcc” preinstalled. If it’s not installed, then simply enter this command: 
  • sudo apt-get install gcc  (This command works with Debian-based Linux Distros.) 

    Figure 2 Compiling CodeWarrior using make command

  • After downloading the repository, you will need to compile it using the “make command. Execute the downloaded file as “bin/warrior”. 

Figure 3 Executing CodeWarrior

      Now, let’s get started with a demo. 

  • We tested this tool on a repository that contains incomplete and vulnerable code. The link for this repository is  
  • Use the git clone command to clone this repository in your system
  • After cloning the repository, go to your browser and enter the path where the repository is saved into your system. 
  • The repository contains PHP code. Select “PHP Common fails” in the module and “.php” in the extension.  
  • Click on Start. You will see possible vulnerabilities with specific descriptions for every finding. 

Figure 5 Vulnerabilities listed with a complete description


web/ = local of JavaScript, html and CSS sources 
src/ = C source code (web socket) 
eggs/ = external modules to search codes using regex 
conf/whitelist.conf = list of IPs that have access in the HTTPd server 
bin/ = file to execute 
doc/ = at construction 
lib/ = external libraries 
cert/ = loads your certificates for TLS here 

Create certificate 

If there is a requirement to create your own certificate, then follow these steps – 
cd cert 
openssl req -x509 -sha256 -nodes -days 365 –newkey rsa:2048 –keyout certkey.key -out certificate.crt 
cat certificate.crt certkey.key > certkey.pem 
cd .. 

Concluding Notes 

  • If there is a return error, it means that the port is in use, close it using – 

              $ fuser -k n tcp 4444

  •  Usthe Chrome browser to run the application. 
  • Use, do not use the localhost name. 
  • If you face an issue during the compilation process, then look for an error that’s being generated.
  • In most cases, some required libraries are not pre-installed due to which problems occur during compilation. We also faced this issue during compilation. 

Figure 6 Troubleshooting an error raised due to unmet dependency.

Here, the development package for OpenSSL is not installed. So, simply enter the following command: 

sudo apt-get install libssl-dev 

(Read about the differences between DAST & SAST here.)

Penetration Testing

Penetration Testing Service

Cloud Penetration Testing Services

Network Penetration Testing

Application Penetration Testing

Web Application Penetration Testing

Social Engineering

background image