Graudit imathandizira zilankhulo zingapo zamapulogalamu ndikukulolani kuti muphatikize kuyesa kwa chitetezo cha codebase mwachindunji pakupanga chitukuko.
Source: (Markus Spiske)
Kuyesa ndi gawo lofunikira kwambiri pakusintha kwadongosolo kwa pulogalamu. Pali mitundu yambiri yoyesera, iliyonse imathetsa vuto lake. Lero ndikufuna kunena za kupeza zovuta zachitetezo mu code.
Mwachiwonekere, muzochitika zamakono za chitukuko cha mapulogalamu, ndikofunika kuonetsetsa chitetezo cha ndondomeko. Panthawi ina, mawu apadera a DevSecOps adayambitsidwa. Mawuwa amatanthauza njira zingapo zozindikiritsa ndikuchotsa zofooka mu pulogalamu. Pali njira zapadera zowunikira zowunikira zomwe zili pachiwopsezo molingana ndi miyezo , zomwe zimalongosola mitundu yosiyanasiyana ndi machitidwe a zofooka mu code source.
Pali njira zosiyanasiyana zothetsera mavuto achitetezo, monga Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), Software Composition Analysis, ndi zina zotero.
Kuyesa kwachitetezo chokhazikika kumazindikiritsa zolakwika pamakhodi olembedwa kale. Njirayi sikutanthauza kuti pulogalamuyo igwire ntchito, chifukwa chake imatchedwa static analysis.
Ndimayang'ana pa kusanthula kwa code static ndikugwiritsa ntchito chida chosavuta chotsegula kuti ndiwonetse zonse zomwe zikuchitika.
Chifukwa chomwe ndidasankha chida chotseguka chowunikira chitetezo cha static code
Pali zifukwa zingapo za izi: choyamba, ndi chaulere chifukwa mukugwiritsa ntchito chida chopangidwa ndi gulu la anthu amalingaliro ofanana omwe akufuna kuthandiza ena opanga. Ngati muli ndi gulu laling'ono kapena oyambitsa, muli ndi mwayi waukulu wosunga ndalama pogwiritsa ntchito mapulogalamu otseguka kuti muyese chitetezo cha codebase yanu. Kachiwiri, zimathetsa kufunikira kolemba gulu lapadera la DevSecOps, ndikuchepetsanso ndalama zanu.
Zida zabwino zotsegulira zotseguka nthawi zonse zimapangidwa poganizira zofunikira zowonjezera kuti zitheke. Choncho, angagwiritsidwe ntchito pafupifupi malo aliwonse, kuphimba ntchito zosiyanasiyana. Zimakhala zosavuta kuti omanga agwirizanitse zida zoterezi ndi dongosolo lomwe adamanga kale pamene akugwira ntchito zawo.
Koma nthawi zina mungafunike chinthu chomwe sichipezeka mu chida chomwe mwasankha. Pankhaniyi, muli ndi mwayi wofokoka kachidindo kake ndikupanga chida chanu potengera zomwe mukufuna.
Popeza nthawi zambiri kupangidwa kwa mapulogalamu otseguka kumakhudzidwa kwambiri ndi anthu ammudzi, chisankho chosintha chimapangidwa mwachangu komanso mpaka: omwe amapanga pulojekiti yotseguka amadalira mayankho ndi malingaliro kuchokera kwa ogwiritsa ntchito, pa malipoti awo. zolakwika zopezeka ndi zovuta zina.
Kugwiritsa ntchito Graudit kwa Code Security Analysis
Mutha kugwiritsa ntchito zida zingapo zotseguka zowunikira ma static code; palibe chida chapadziko lonse lapansi pazilankhulo zonse zamapulogalamu. Opanga ena aiwo amatsatira malingaliro a OWASP ndikuyesera kufalitsa zilankhulo zambiri momwe angathere.
Apa tigwiritsa ntchito , chida chosavuta cha mzere wamalamulo chomwe chingatilole kuti tipeze zovuta mu codebase yathu. Imathandizira zilankhulo zosiyanasiyana, komabe mawonekedwe awo ndi ochepa. Graudit imapangidwa kutengera grep utility utility, yomwe idatulutsidwa kale pansi pa chilolezo cha GNU.
Palinso zida zofananira zowunikira ma code static - Chida Choyang'ana Choyipa cha Chitetezo (RATS), Chida Chakuwunika kwa Webusaiti ya Securitycompass (SWAAT), flawfinder ndi zina zotero. Koma Graudit ndi yosinthika kwambiri ndipo ili ndi zofunikira zochepa zaukadaulo. Komabe, mutha kukhala ndi mavuto omwe Graudit sangathe kuwathetsa. Ndiye mukhoza kuyang'ana njira zina apa .
Titha kuphatikizira chida ichi muntchito inayake, kapena kuchipereka kwa wogwiritsa ntchito yemwe wasankhidwa, kapena kuchigwiritsa ntchito nthawi imodzi m'mapulojekiti athu onse. Apanso ndipamene kusinthika kwa Graudit kumayambira. Chifukwa chake tiyeni tiyesere repo poyamba:
$ git clone https://github.com/wireghoul/grauditTsopano tiyeni tipange ulalo wophiphiritsa wa Graudit kuti agwiritse ntchito mumtundu wamalamulo
$ cd ~/bin && mkdir graudit
$ ln --symbolic ~/graudit/graudit ~/bin/grauditTiyeni tiwonjezere dzina ku .bashrc (kapena fayilo yosinthira yomwe mukugwiritsa ntchito):
#------ .bashrc ------
alias graudit="~/bin/graudit"Yambitsaninso:
$ source ~/.bashrc # OR
$ exex $SHELL
Tiyeni tiwone ngati kukhazikitsa kwachita bwino:
$ graudit -hNgati muwona zofanana, ndiye kuti zonse zili bwino.
Ndikhala ndikuyesa imodzi mwamapulojekiti anga omwe alipo. Musanagwiritse ntchito chidacho, chiyenera kuperekedwa ndi database yogwirizana ndi chinenero chomwe polojekiti yanga inalembedwa. Ma database ali mu ~/gradit/signatures foda:
$ graudit -d ~/gradit/signatures/js.dbChifukwa chake, ndidayesa mafayilo awiri a js kuchokera ku projekiti yanga, ndipo Graudit adawonetsa zidziwitso zowopsa mu code yanga ku console:
Mukhoza kuyesa mapulojekiti anu mofanana. Mutha kuwona mndandanda wama database azilankhulo zosiyanasiyana zamapulogalamu .
Ubwino ndi Kuipa kwa Graudit
Graudit imathandizira zilankhulo zambiri zamapulogalamu. Choncho, ndi oyenera osiyanasiyana owerenga. Ikhoza kupikisana mokwanira ndi ma analogi aliwonse aulere kapena olipidwa. Ndipo ndizofunika kwambiri kuti zowonjezera zipitirire ku polojekitiyi, ndipo anthu ammudzi samangothandiza omanga, komanso ogwiritsa ntchito ena omwe akuyesera kupeza chida.
Ichi ndi chida chothandiza, koma mpaka pano sichingatchule ndendende chomwe vuto ndi kachidutswa kokayikitsa. Madivelopa akupitiliza kukonza Graudit.
Koma mulimonse momwe zingakhalire, ndizothandiza kulabadira zovuta zomwe zingayambitse chitetezo mu code mukamagwiritsa ntchito zida ngati izi.
Kuyambiraβ¦
M'nkhaniyi, ndinayang'ana njira imodzi yokha yopezera zofooka - kuyesa kwa chitetezo cha static application. Kupanga static code analysis ndikosavuta, koma ndi chiyambi chabe. Kuti mudziwe zambiri zachitetezo cha codebase yanu, muyenera kuphatikiza mitundu ina yoyesera muzochita zanu zopanga mapulogalamu.
Pa Ufulu Wotsatsa
ndipo kusankha koyenera kwa dongosolo la msonkho kudzakuthandizani kuti musasokonezedwe ndi chitukuko ndi mavuto osasangalatsa - chirichonse chidzagwira ntchito popanda zolephera komanso ndi nthawi yokwera kwambiri!
Source: www.habr.com