How to Use CodeWarrior for SAST – Step-by-step Guide

CodeWarrior is a SAST tool supporting multiple languages such as C, C#, PHP, Java, Ruby, ASP, and JavaScript for a variety of security vulnerabilities.This tool is available for Linux OX, BSD, and MacOS systems. You do not need to install it on a machine, simply compiling it using “make” is sufficient to run this tool after the downloading is completed.
In addition, even though it is a web application, Apache is not required. After starting the canner, it will prompt you to select the source code to be scanned by opening up the web browser. As compared to other tools, this tool has a relatively low rate of false positives.

Setup & Usage

You can download this tool from GitHub. Or, you can also clone the Git repository using the following command –
git clone https://github.com/CoolerVoid/codewarrior.git
cd CodeWarrior
$ make

Figure 1 Cloning the repository

CodeWarrior runs at HTTPd with TLS and uses the KISS principle. The KISS principle is a design principle which states that the systems work best if kept simple, rather than making them complicated.
For compilation, CodeWarrior needs “gcc” preinstalled. If it’s not installed, then simply enter this command:
sudo apt-get install gcc  (This command works with Debian-based Linux Distros.)

Figure 2 Compiling CodeWarrior using make command

After downloading the repository, you will need to compile it using the “make” command. Execute the downloaded file as “bin/warrior”.

Figure 3 Executing CodeWarrior

• Now, open the browser at https://127.0.0.1:1345/index.html.

Figure 4 CodeWarrior

Now, let’s get started with a demo.
We tested this tool on a repository that contains incomplete and vulnerable code. The link for this repository is

• https://github.com/joostvanveen/php-security-pitfalls.git
• Use the git clone command to clone this repository in your system
• After cloning the repository, go to your browser and enter the path where the repository is saved into your system.
• The repository contains PHP code. Select “PHP Common fails” in the module and “.php” in the extension.
• Click on Start. You will see possible vulnerabilities with specific descriptions for every finding.

Figure 5 Vulnerabilities listed with a complete description

Directories

1. web/ = local of JavaScript, html and CSS sources
2. src/ = C source code (web socket)
3. eggs/ = external modules to search codes using regex
4. conf/whitelist.conf = list of IPs that have access in the HTTPd server
5. bin/ = file to execute
6. doc/ = at construction
7. lib/ = external libraries
8. cert/ = loads your certificates for TLS here

Create a certificate

If there is a requirement to create your own certificate, then follow these steps –

1. cd cert
2. openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout certkey.key -out certificate.crt
3. cat certificate.crt certkey.key > certkey.pem
4. cd ..

Concluding Notes

If there is a return error, it means that the port is in use, close it using –
$ fuser -k n tcp 4444
Use the Chrome browser to run the application.
Use 127.0.0.1, do not use the localhost name.
If you face an issue during the compilation process, then look for an error that’s being generated.
In most cases, some required libraries are not pre-installed due to which problems occur during compilation. We also faced this issue during compilation.

Figure 6 Troubleshooting an error raised due to unmet dependency.

Here, the development package for OpenSSL is not installed. So, simply enter the following command: 

sudo apt-get install libssl-dev 

(Read about the differences between DAST & SAST here.)