Table of Contents
In this article, I will take you through the steps to install flawfinder on Ubuntu 20.04 LTS (Focal Fossa). If you are a C/C++ developer and looking for a tool or an application to find the security flaw in your code before releasing it for general use then flawfinder is the one you should start with. Flawfinder is a free and open source program that examines C/C++ source code and reports any possible security weakness sorted by the risk level. It might not be able to find all the security flaws but atleast it can remove the initial security risk before the code gets released to general public. More on official website.
How to Install flawfinder on Ubuntu 20.04 LTS (Focal Fossa)
Also Read: How to Install picard-tools on Ubuntu 20.04 LTS (Focal Fossa)
Step 1: Prerequisites
a) You should have a running Ubuntu 20.04 LTS System.
b) You should have sudo or root access to run privileged commands.
c) You should have apt-get utility available in your System.
Step 2: Update Your System
To sync the system with all the latest available updates from all the enabled repositories, you can use apt-get update command as shown below. If any of the packages needs to be upgraded then you can upgrade it by using apt-get upgrade command.
root@cyberithub:~# apt-get update
Hit:1 http://in.archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://in.archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Hit:4 http://ppa.launchpad.net/graphics-drivers/ppa/ubuntu focal InRelease
Get:5 http://in.archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Hit:6 https://dl.google.com/linux/chrome/deb stable InRelease
Hit:7 http://ppa.launchpad.net/nilarimogard/webupd8/ubuntu focal InRelease
Get:8 http://in.archive.ubuntu.com/ubuntu focal-updates/main amd64 DEP-11 Metadata [278 kB]
Get:9 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:10 http://download.opensuse.org/repositories/home:/selmf/xUbuntu_20.04 InRelease
Get:11 http://in.archive.ubuntu.com/ubuntu focal-updates/universe amd64 DEP-11 Metadata [390 kB]
Get:12 http://in.archive.ubuntu.com/ubuntu focal-updates/multiverse amd64 DEP-11 Metadata [940 B]
Hit:13 https://repo.protonvpn.com/debian stable InRelease
Step 3: Install flawfinder
In the next step, you can install flawfinder by using apt-get install flawfinder command as shown below. This will download and install the package along with all its dependencies from Ubuntu repo.
root@cyberithub:~# apt-get install flawfinder Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libreadline5 linux-headers-5.13.0-37-generic linux-hwe-5.13-headers-5.13.0-37 linux-image-5.13.0-37-generic linux-modules-5.13.0-37-generic linux-modules-extra-5.13.0-37-generic Use 'apt autoremove' to remove them. The following NEW packages will be installed: flawfinder 0 upgraded, 1 newly installed, 0 to remove and 17 not upgraded. Need to get 55.6 kB of archives. After this operation, 173 kB of additional disk space will be used. Get:1 http://in.archive.ubuntu.com/ubuntu focal/universe amd64 flawfinder all 2.0.10-0.1 [55.6 kB] Fetched 55.6 kB in 0s (117 kB/s) Selecting previously unselected package flawfinder. (Reading database ... 240881 files and directories currently installed.) Preparing to unpack .../flawfinder_2.0.10-0.1_all.deb ... Unpacking flawfinder (2.0.10-0.1) ... Setting up flawfinder (2.0.10-0.1) ... Processing triggers for man-db (2.9.1-1) ...
Step 4: Check Version
To check the current installed version, you can use flawfinder --version command as shown below.
root@cyberithub:~# flawfinder --version
2.0.10
Step 5: Find Potential Security Flaws
We are going to create a sample C source code which we will use with flawfinder to find the potential security flaws in the code. First let's create a directory called program in the current location.
root@cyberithub:~# mkdir program
Then create a simple program called hello.c inside the directory with below source code.
root@cyberithub:~# cd program/ root@cyberithub:~/program# nano hello.c #include <stdio.h> void main() { printf("Hi, This is from CyberITHub"); }
Once we have our example source code created, we can find the potential security flaws in the code by using flawfinder program command as shown below.
root@cyberithub:~# flawfinder program Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining program/hello.c FINAL RESULTS: ANALYSIS SUMMARY: No hits found. Lines analyzed = 6 in approximately 0.00 seconds (1233 lines/second) Physical Source Lines of Code (SLOC) = 5 Hits@level = [0] 1 [1] 0 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 1 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 200 [1+] 0 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.
Step 6: Uninstall flawfinder
Once you are done with flawfinder, you can choose to uninstall it from your system by using apt-get remove flawfinder command as shown below.
root@cyberithub:~# apt-get remove flawfinder Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libreadline5 linux-headers-5.13.0-37-generic linux-hwe-5.13-headers-5.13.0-37 linux-image-5.13.0-37-generic linux-modules-5.13.0-37-generic linux-modules-extra-5.13.0-37-generic Use 'apt autoremove' to remove them. The following packages will be REMOVED: flawfinder 0 upgraded, 0 newly installed, 1 to remove and 17 not upgraded. After this operation, 173 kB disk space will be freed. Do you want to continue? [Y/n] Y (Reading database ... 240895 files and directories currently installed.) Removing flawfinder (2.0.10-0.1) ... Processing triggers for man-db (2.9.1-1) ...