Update für das SAST-Tool Coverity

Statisches Security Testing besser skalierbar

| Redakteur: Stephan Augsten

Das Tool für statische Application Security Tests Coverity ist in einer neuen Version erschienen. Mehr Skalierbarkeit, der Support weiterer Programmiersprachen und Frameworks sowie eine bessere Schwachstellenanalyse waren die Gründe für die Aktualisierung.

Als Werkzeug fürs Static Application Security Testing soll Coverity von Synopsys das Erstellen sicherer Anwendungen komfortabel gestalten. Laut Andreas Kuehlmann, Co-General Manager der Synopsys Software Integrity Group, wolle man die „Analysetechnologie auf ein breiteres Anwendungsspektrum ausdehnen und die Implementierung und Skalierung über große Anwendungsportfolios so einfach wie nie zuvor gestalten.“

Dank der neuen Funktion „Analyse ohne Build“ sollen sich tausende von Anwendungen schnell und einfach einbinden und analysieren lassen. Coverity untersucht Quellcode-Projekte dabei auf Schwachstellen, ohne dass vorher ein vollständiger Build für jede Anwendung erstellt werden muss, Projekttypen und Abhängigkeiten werden automatisch erkannt.

Für eine erweiterte Unterstützung von Programmiersprachen und Frameworks hat Synopsys ebenfalls gesorgt. Die neue Coverity-Version unterstützt TypeScript, .NET Core, Swift 4.1 und Ruby on Rails sowie über 50 verschiedene Frameworks für Java, JavaScript und C#, einschließlich Angular, React und Vue.

Um der zunehmenden Popularität von Frameworks gerecht zu werden, enthält die neue Coverity-Version eine verbesserte Framework-Analyse. Diese soll es Kunden ermöglichen, Schwachstellen auf Client-Seite sowie Backend-Webservices genauer zu erkennen. Auch dynamisch generierte Inhalte aus Das aus JavaScript-Framework-Templates lassen sich nun scannen, um zusätzliche Cross-Site-Scripting-Schwachstellen zu finden.

Weitere Informationen über Coverity auf der Synopsys-Website.


‘);
commentHtml.find(‘a’).each(function(){
$(this).prop(“target”,’_blank’);
self.comment(commentHtml.html());
});
/* Like Funktion */
self.like = function (obj) {
if (!obj.hasClass(“inactive”)) {
$.ajax({
type: “PUT”,
cache: false,
url: “/api/comments/” + self.id() + “/like/up/”,
data: JSON.stringify({ token: config.STR_token }),
dataType: “json”,
success: function (data) {
self.likes(data.likes);
obj.closest(“.comment-actions”).find(“.like”).addClass(“inactive”);
},
failure: function (errMsg) {
console.log(errMsg);
}
});
}
};
/* DisLike Funktion */
self.dislike = function (obj) {
if (!obj.hasClass(“inactive”)) {
$.ajax({
type: “PUT”,
cache: false,
url: “/api/comments/” + self.id() + “/like/down/”,
data: JSON.stringify({ token: config.STR_token }),
dataType: “json”,
success: function (data) {
self.dislikes(data.dislikes);
obj.closest(“.comment-actions”).find(“.like”).addClass(“inactive”);
},
failure: function (errMsg) {
console.log(errMsg);
}
});
}
};
/* Bearbeiten Funktion Editor öffnen und mit Content befüllen */
self.showEdit = function (obj) {
if (obj.hasClass(“active”)) {
$(“#commentform-edit”).hide();
$(“.kommentare button”).removeClass(“active”);
}
else {
$(“.kommentare button”).removeClass(“active”);
obj.addClass(“active”);
$(“#commentform-answer”).hide();
if (typeof (CKEDITOR.instances.commentedittext) !== ‘undefined’) {
CKEDITOR.instances.commentedittext.destroy();
};
CKEDITOR.on(‘instanceReady’, function () {
getUsers(CKEDITOR.instances.commentedittext);
});
obj.closest(“.comment-actions”).after($(“#commentform-edit”));
$(“#commentform-edit”).show();
CKEDITOR.replace(‘commentedittext’, ckeditorConfig);
CKEDITOR.instances.commentedittext.setData(self.comment());
CKEDITOR.instances.commentedittext.on(‘focus’, function () {
$(“#cke_commentedittext”).removeClass(“invalid”);
});
/**/
$(“#postbutton-edit”).off(“click”);
$(“#postbutton-edit”).click(function () {
var STR_comment = CKEDITOR.instances.commentedittext.getData();
if ($.trim(STR_comment).length == 0) {
$(“#cke_commentedittext”).addClass(“invalid”);
}
if ($.trim(STR_comment).length > 0) {
$(“.kommentare button”).removeClass(“active”);
$(“#commentform-edit”).hide();
self.update();
}
});
}
};
self.update = function () {
$(“#commentform-edit”).find(“.formoverlay”).show();
self.comment(CKEDITOR.instances.commentedittext.getData());
var parsedComment = “

” + self.comment + “

“;
var ARR_mentions = [];
$(parsedComment).find(“a.mention”).each(function () {
ARR_mentions.push($(this).prop(“rel”));
});
$.ajax({
type: “PUT”,
cache: false,
url: “/api/comments/” + self.id() + “/”,
data: JSON.stringify({
data: ko.mapping.toJS(self),
token: config.STR_token,
mentions: ARR_mentions,
sort: config.sort,
sortorder: config.sortorder,
check: config.check,
mod: false,
usermodified: true
}),
dataType: “text”,
contentType: “application/json; charset=utf-8”,
success: function (data) {
data = jQuery.parseJSON(data);
$(“#commentform-edit”).find(“.formoverlay”).hide();
if (data.id !== null && typeof (data.id) !== ‘undefined’) {
if (config.BOO_approveByAdmin) {
var $content = $(“.comment-alert”);
$.colorbox({
inline: true,
href:$content,
width: “40%”,
overlayClose: true,
opacity: 0.9
});
setTimeout(function () {
$.colorbox.close();
}, 10000);
}
else {
self.usermodified(data.usermodified);
}
}
else {
alert(“Kommentar wurde nicht aktualisiert!”);
}
},
failure: function (errMsg) {
alert(“Fehler beim aktualisieren!”);
console.log(errMsg);
}
});
};
/**/
self.showAnswer = function (obj) {
if (obj.hasClass(“active”)) {
$(“#commentform-answer”).hide();
$(“.kommentare button”).removeClass(“active”);
}
else {
$(“.kommentare button”).removeClass(“active”);
obj.addClass(“active”);
if (typeof (CKEDITOR.instances.commentanswertext) !== ‘undefined’) {
CKEDITOR.instances.commentanswertext.destroy();
};
CKEDITOR.on(‘instanceReady’, function () {
getUsers(CKEDITOR.instances.commentanswertext);
});
$(“#commentform-edit”).hide();
obj.closest(“.comment-actions”).after($(“#commentform-answer”));
$(“#relatedPost”).val(self.id());
$(“#commentform-answer”).show();
CKEDITOR.replace(‘commentanswertext’, ckeditorConfig);
CKEDITOR.instances.commentanswertext.setData(“”);
CKEDITOR.instances.commentanswertext.on(‘focus’, function () {
$(“#cke_commentanswertext”).removeClass(“invalid”);
});
$(“#username-answer”).on(“focus”, function () {
$(“#username-answer”).removeClass(“invalid”);
});
}
};
self.report = function () {
/**/
$(“#comment-report-id”).val(self.id());
/**/
$.colorbox({
inline: true, href: “#comment-report-dialog”, width: “450px”, overlayClose: false, onClosed: function () {
$(“#comment-report-id”).val(“”);
$(“#comment-report-text”).val(“”);
}
});
/**/
$(“#comment-report-send”).off(“click”);
$(“#comment-report-send”).click(function () {
var STR_message = $(“#comment-report-text”).val();
$.ajax({
type: “POST”,
cache: false,
url: “/api/comments/” + self.id() + “/report/”,
data: JSON.stringify({
data: ko.mapping.toJS(self),
message: STR_message,
token: config.STR_token
}),
dataType: “json”,
success: function (data) {
$.colorbox.close();
},
failure: function (errMsg) {
alert(“Fehler beim Senden!”);
console.log(errMsg);
}
});
});
};
self.approve = function () {
var txt = “Hallo ” + self.userinfo.username() + “,

” + “Ihr Kommentar zum Artikel ” + self.articleinfo.articletitle() + “ wurde freigegeben!

” + “Vielen Dank für Ihr Engagement auf ” + self.clientinfo.clientname() + “

” + “Liebe Grüße,
” + “das ‘” + self.clientinfo.clientname() + “‘ Team”;
$(“#textdiv_approve”).html(txt);
/**/
$.colorbox({
inline: true, href: “#comment-approve-dialog”, width: “450px”, transition: “elastic”, overlayClose: false, onClosed: function () {
$(“#textdiv_approve”).html(“”);
}
});
if(self.userinfo.useruuid().length > 0){
$(“#warning-unregistered-approve”).hide();
$(“#mailform_approve”).show();
$.colorbox.resize();
}
else{
$(“#warning-unregistered-approve”).show();
$(“#mailform_approve”).hide();
$.colorbox.resize();
}
/**/
$(“#comment-approve-send”).off(“click”);
$(“#comment-approve-send”).click(function () {
var STR_message = $(“#textdiv_approve”).html();
var STR_subject = $(“#comment-approve-subject”).val();
$.ajax({
type: “POST”,
cache: false,
url: “/api/comments/” + self.id() + “/approve/”,
data: JSON.stringify({
message: STR_message,
subject: STR_subject
}),
dataType: “json”,
success: function (data) {
$.colorbox.close();
location.reload();
},
failure: function (errMsg) {
alert(“Fehler beim Senden!”);
console.log(errMsg);
}
});
});
};
self.unapprove = function () {
var txt = ‘Hallo ‘ + self.userinfo.username() + ‘,

Ihr Kommentar zum Artikel ‘ +
self.articleinfo.articletitle() + ‘
hat leider nicht unseren Richtlinien entsprochen und wurde von unserem Team aktualisiert!

‘ + ‘Falls Sie Fragen zu unseren Kommentar-Richtlinien haben, schreiben Sie uns einfach eine Mail

‘ + ‘Liebe Grüße,
das ‘ + self.clientinfo.clientname() + ‘ Team’;
$(“#textdiv_unapprove”).html(txt);
/**/
$.colorbox({
inline: true, href: “#comment-unapprove-dialog”, width: “450px”, transition: “elastic”, overlayClose: false, onClosed: function () {
$(“#textdiv_unapprove”).html(“”);
}
});
if(self.userinfo.useruuid().length > 0){
$(“#warning-unregistered-unapprove”).hide();
$(“#mailform_unapprove”).show();
$.colorbox.resize();
}
else{
$(“#warning-unregistered-unapprove”).show();
$(“#mailform_unapprove”).hide();
$.colorbox.resize();
}
/**/
$(“#comment-unapprove-send”).off(“click”);
$(“#comment-unapprove-send”).click(function () {
var STR_message = $(“#textdiv_unapprove”).html();
var STR_subject = $(“#comment-unapprove-subject”).val();
$.ajax({
type: “POST”,
cache: false,
url: “/api/comments/” + self.id() + “/unapprove/”,
data: JSON.stringify({
message: STR_message,
subject: STR_subject
}),
dataType: “json”,
success: function (data) {
$.colorbox.close();
location.reload();
},
failure: function (errMsg) {
alert(“Fehler beim Senden!”);
console.log(errMsg);
}
});
});
};
}
/* View Model KOMMENTARMODUL */
var ViewModel = function () {
var self = this;
self.initialized = ko.observable(false);
self.commentsLoading = ko.observable(false);
self.cutoff = config.BOO_cutoff;
self.commentUsers = null;
self.commentLikes = config.LST_commentlikes;
self.loggedUserId = ko.observable(config.useruuid);
self.from = ko.observable(0);
self.count = ko.observable(config.number);
self.totalHits = ko.observable(0);
self.comments = ko.observableArray([]);
self.hasMore = ko.observable(false);
self.hasSubscription = ko.observable(false);
/* Check ob ein Overflow innerhalb des Contents vorliegt*/
self.checkOverflow = function (element, index, data) {
var content = $(element).find(“.comment-content”).first();
if (content.prop(‘scrollHeight’) > content.height()) {
content.addClass(“expandable”);
}
else {
content.addClass(“complete”);
$(element).find(“.comment-actions .expander”).hide();
$(element).find(“.comment-expand”).hide();
}
};
self.addComment = function (STR_id, OBJ_comment) {
if (STR_id !== null && STR_id.length > 0) {
/* Subkommentar */
for (x = 0; x -1 || config.sortsetting.indexOf(‘top’) > -1) {
this.comments.push(OBJ_comment);
}
else {
this.comments.unshift(OBJ_comment);
}
if (this.comments().length > 0) {
$(“#comments”).fadeIn();
}
}
};
self.getComments = function () {
self.commentsLoading(true);
$.ajax({
type: “GET”,
cache: false,
url: “/api/comments/article/” + config.articleid + “/”,
data: { token: config.STR_token, sort: config.sort, sortorder: config.sortorder, count: self.count(), from: self.from(), uid: config.useruuid, approved: config.approved },
dataType: “json”,
success: function (commentsfromserver) {
/*Ladebilder ausblenden*/
self.commentsLoading(false);
self.initialized(true);
if (commentsfromserver.data.length > 0) {
for (x = 0; x ” + comment.comment + “

“;
var ARR_mentions = [];
$(parsedComment).find(“a.mention”).each(function () {
ARR_mentions.push($(this).prop(“rel”));
});
$.ajax({
type: “POST”,
url: “/api/comments/”,
cache: false,
data: JSON.stringify({
data: comment,
mentions: ARR_mentions,
token: config.STR_token,
sort: config.sort,
sortorder: config.sortorder,
check: config.check
}),
dataType: “text”,
contentType: “application/json; charset=utf-8”,
success: function (data) {
data = jQuery.parseJSON(data);
overlay.hide();
$(“.kommentare button”).removeClass(“active”);
if (data.id !== null && typeof (data.id) !== ‘undefined’) {
if (config.BOO_approveByAdmin) {
var $content = $(“.comment-alert”);
$.colorbox({
inline: true,
href:$content,
width: “40%”,
overlayClose: true,
opacity: 0.9
});
setTimeout(function () {
$.colorbox.close();
}, 10000);
}
else {
self.addComment(data.relatedComment, new CommentViewModel(data));
/*Subscribers benachrichtigen über neue Nachricht */
self.notifySubscribers();
}
/* Subscribe */
if (subscribe && !self.hasSubscription()) {
self.subscribe(comment);
}
}
else {
alert(“Kommentar wurde nicht angelegt!”);
}
},
failure: function (errMsg) {
alert(“Fehler beim anlegen!”);
console.log(errMsg);
}
});
};
self.expandContent = function (obj) {
if (obj.closest(‘.comment-item’).find(‘.comment-content’).hasClass(“expandable”)) {
var content = obj.closest(‘.comment-item’).find(‘.comment-content’).first();
content.toggleClass(‘expanded’);
if (content.hasClass(“expanded”)) {
obj.text(lang.collapse);
} else {
obj.text(lang.expand);
}
}
return true;
};
self.subscribe = function () {
$.ajax({
type: “POST”,
url: “/api/comments/article/” + config.articleid + “/subscribe/”,
cache: false,
data: JSON.stringify({
useruuid: config.useruuid,
token: config.STR_token,
articleinfo: comment.articleinfo,
clientinfo: comment.clientinfo
}),
dataType: “json”,
success: function (data) {
if (data.result) {
self.hasSubscription(true);
}
},
failure: function (errMsg) {
alert(“Fehler beim Abonnnieren!”);
console.log(errMsg);
}
});
}
self.unsubscribe = function () {
$.ajax({
type: “POST”,
url: “/api/comments/article/” + config.articleid + “/unsubscribe/”,
cache: false,
data: JSON.stringify({
useruuid: config.useruuid,
token: config.STR_token
}),
dataType: “json”,
success: function (data) {
if (data.result) {
self.hasSubscription(false);
}
},
failure: function (errMsg) {
alert(“Fehler beim Senden!”);
console.log(errMsg);
}
});
}
self.checkSubscription = function () {
$.ajax({
type: “GET”,
url: “/api/comments/article/” + config.articleid + “/checksubscription/”,
cache: false,
data: { useruuid: config.useruuid, token: config.STR_token },
dataType: “json”,
success: function (data) {
self.hasSubscription(data.result);
},
failure: function (errMsg) {
alert(“Fehler beim Senden!”);
console.log(errMsg);
}
});
};
self.notifySubscribers = function () {
$.ajax({
type: “POST”,
url: “/api/comments/article/” + config.articleid + “/notifysubscribers/”,
cache: false,
data: JSON.stringify({ token: config.STR_token }),
dataType: “json”,
success: function () { },
failure: function (errMsg) {
console.log(errMsg);
}
});
}
}
/*Users mit Null initialisieren, um in getUsers darauf prüfen zu können*/
var commentUsers = null;
var getUsers = function (OBJ_ckeditor) {
/**/
if (commentUsers != null) {
OBJ_ckeditor.execCommand(‘reloadSuggestionBox’, commentUsers);
}
else {
$.ajax({
type: “GET”,
cache: false,
url: “/api/comments/article/” + config.articleid + “/users/”,
data: { token: config.STR_token },
dataType: “json”,
success: function (users) {
commentUsers = users.data;
OBJ_ckeditor.execCommand(‘reloadSuggestionBox’, commentUsers);
},
failure: function (errMsg) {
console.log(errMsg);
}
});
}
};
$(document).ready(function () {
/* ViewModel initialisieren */
var viewModel = new ViewModel();
if (config.BOO_commentsAllowed) {
/* CKEditor initialisieren */
/* TriggerKey == @ */
CKEDITOR.replace(‘comment’, ckeditorConfig);
CKEDITOR.instances.comment.on(‘focus’, function () {
$(“#cke_comment”).removeClass(“invalid”);
/* Users laden*/
getUsers(CKEDITOR.instances.comment);
});
CKEDITOR.disableAutoInline = true;
$(“#username”).on(“focus”, function () {
$(“#username”).removeClass(“invalid”);
});
$(“#comment-report-text”).on(“focus”, function () {
$(“#comment-report-text”).removeClass(“invalid”);
});
$(“#postbutton”).click(function () {
comment[“comment”] = CKEDITOR.instances.comment.getData();
comment[“userinfo”][“username”] = $(“#username”).val();
comment[“relatedComment”] = “”;
var subscribe = $(“#subscribe”).prop(“checked”);
var valid = true;
if ($.trim(comment[“comment”]).length == 0) {
$(“#cke_comment”).addClass(“invalid”);
valid = false;
}
if ($.trim(comment[“userinfo”][“username”]).length == 0) {
$(“#username”).addClass(“invalid”);
valid = false;
}
if (valid) {
var form = $(“#commentform”);
CKEDITOR.instances.comment.setData(“”);
var overlay = $(“#commentform”).find(“.formoverlay”);
viewModel.postComment(comment, subscribe, overlay);
}
});
$(“#postbutton-answer”).click(function () {
comment[“comment”] = CKEDITOR.instances.commentanswertext.getData();
comment[“userinfo”][“username”] = $(“#username-answer”).val();
comment[“relatedComment”] = $(“#relatedPost”).val();
var subscribe = $(“#subscribe-answer”).prop(“checked”);
var valid = true;
if ($.trim(comment[“comment”]).length == 0) {
$(“#cke_commentanswertext”).addClass(“invalid”);
valid = false;
}
if ($.trim(comment[“userinfo”][“username”]).length == 0) {
$(“#username-answer”).addClass(“invalid”);
valid = false;
}
if (valid) {
$(“#commentform-answer”).hide();
CKEDITOR.instances.commentanswertext.setData(“”);
var overlay = $(“#commentform-answer”).find(“.formoverlay”);
viewModel.postComment(comment, subscribe, overlay);
}
});
}
/*Data-Binding herstellen*/
ko.applyBindings(viewModel);
/*Kommentare laden*/
viewModel.getComments();
if (config.useruuid.length > 0) {
/*Prüfen ob Thread abonniert wurde*/
viewModel.checkSubscription();
}
});

copyright

Dieser Beitrag ist urheberrechtlich geschützt. Sie wollen ihn für Ihre Zwecke verwenden? Infos finden Sie unter
www.mycontentfactory.de (ID: 45708915 / Softwareentwicklung)

https://www.Security-Insider.de/themenbereiche/applikationssicherheit/sichere-software-entwicklung/articles/793527

Related posts

Leave a Comment