Security Code Review

From reSIProcate
Jump to navigation Jump to search

Introduction[edit]

This document is intended to outline procedures for reviewing the resiprocate code base for security related bugs.

Tasks[edit]

  • null raw, smart pointers checks
  • check for null, change to smart pointer if possible
  • convert Dialog and DialogSet to resip::Handled objects?
  • this will require users to change handling of these objects from raw pointers.
  • STL iterators
  • example: front(), container must not be empty to call front
  • regex search: "front|at|" , todo there is a lot here
  • buffer overruns
  • C string & memory routines (strcpy,etc, implement microsoft *_s functions for windows?)
  • regex: "strcpy|memcpy" , todo add here
  • run code analysis tools
  • todo: add tools here
  • turn on/fix compiler warnings
  • g++ -Wall, Level 3(or 4) warnings in Visual C++

References[edit]