Polyspace BugFinder: Disabling Security Defects

조회 수: 4 (최근 30일)
Narayan Narvekar
Narayan Narvekar 2021년 5월 18일
편집: Anirban 2021년 5월 18일
Hello Support Team,
I would like to get some information on what would be the impact if the "Polyspace BugFinder Security Defects" are disabled in our embedded C project.
According to the documentation, these defects highlight places in the code which are vulnerable to hacking or other security attacks. If our software does not need to satisfy any such security requirements, would it be ok to disable these defects from our project?
Best Regards,
Narayan

이 질문에 답변하려면 로그인하십시오.

채택된 답변

Anirban
Anirban 2021년 5월 18일
편집: Anirban 2021년 5월 18일
Hi,
I will start with the difference between a security defect checker and another type of defect checker. A security defect shows a vulnerability in your code that by itself is not a problem, but has to be actively exploited by a hacker to cause a problem. A very simple example is the following: a Division by zero by itself is a problem. But the equivalent security defect is a Tainted division operand, which shows cases where the divisor is obtained from an untrusted external source and not checked for certain problem values. This by itself might not be a problem since the source has to actually pass those problem values to trigger an issue. In other words, your program is not robust against malicious data from sources.
If you do not have requirements for this kind of robustness against malicious data (or malicious code injection through data), you can disable the security defects. They should not have an impact on other types of defect checkers.

추가 답변 (0개)

카테고리

Help CenterFile Exchange에서 Bug Finder Analysis에 대해 자세히 알아보기

태그

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by