|
|
ÄÚµå Á¡°Ë/°ËÁõºÎÅÍ ½Ã½ºÅÛ Å×½ºÆ®±îÁö Áö¿øÇÏ´Â Á¤Àû/µ¿Àû ÅëÇÕ µµ±¸
(no False Positive) ½ÇÇà °æ·Î ±â¹Ý ÀÚ·á È帧 ºÐ¼®À¸·Î ÄÚµå °áÇÔ Á¡°Ë/°ËÁõ
(no Rule Option) ÇÔ¼ö °£ Cross FunctionÀÇ ¿Ã¹Ù¸¥ ½ÇÇà ¼ø¼·Î Á¤È®ÇÑ ÀÚ·á È帧 ºÐ¼®
Áö¿ø ¾ð¾î
(Procedural Language) C
(OO Language) C++, C#, Java
(Web Language) JavaScript, JSP, Flex
(Big Data Language) Python, R
(Mobile Language) iOS(Objective-C, Swift), Android(Android-Java, Kotlin)
(SAP Language) ABAP
±¹³»¿Ü ÀÎÁõ
ISO 26262, IEC 62279, IEC 61508, EN 50128 ÀÎÁõ
CWE Compatibility (º¸¾È ÀûÇÕ¼º ÀÎÁõ)
GS(1µî±Þ), NEP(½ÅÁ¦Ç° ÀÎÁõ¼), ¿ì¼öÁ¦Ç°ÁöÁ¤Áõ¼
MISRA C, MISRA C++ Copyright License Çù¾à (MIRA LIMITED)
ABAP ±¹³»¿Ü ƯÇã µî·Ï: Çѱ¹, ¹Ì±¹, È£ÁÖ, ÀϺ», Áß±¹
ÄÚµå Á¡°Ë Ç¥ÁØ Áؼö
ÄÚµù °¡À̵å Á¡°Ë
- (¹æ»çû ¹«±âü°è SW Á¤Àû ½ÃÇè) C, C++, C#, Java ÄÚµù ÄÚµù °¡À̵å
- (ISO 26262) MISRA C, MISRA C++, AUTOSAR C++
- (DO 178B) JPL C & Java, BSSC Java, JSF++
- (IEC 62304) HealthCare C++, (ISO 61508/62279) Railway C
- (Oracle) Java Code Conventions, (Microsoft) C# Code Conventions
Run-time Error Á¡°Ë
- CWE-658(for C), CWE-659(for C++), CWE-660(for Java)
- Â÷·®¿ë ÀÓº£µðµå Run-time Error Á¡°Ë(for C, C++)
º¸¾È Ãë¾àÁ¡ Á¡°Ë
- (¹æ»çû ¹«±âü°è SW Á¤Àû ½ÃÇè) C, C++, C#, Java Ãë¾àÁ¡ ¹× º¸¾È¾àÁ¡
- CWE(v 4.13), OWASP(2021), CERT(C, C++, Java)
- Çà¾ÈºÎ ¼ÒÇÁÆ®¿þ¾î °³¹ßº¸¾È °¡À̵å(2021): C, C++, Java
- Çà¾ÈºÎ ¸ð¹ÙÀÏ º¸¾È Ãë¾àÁ¡ Á¡°Ë °¡À̵å(2021): iOS, Android
- ±ÝÀ¶È¸»ç ITºÎ¹® Ãë¾àÁ¡: C, C++, Java, iOS, Android
- ÀüÀÚ±ÝÀ¶°¨µ¶±ÔÁ¤: C, C++, Java
- ±¹Á¤¿ø Ãë¾àÁ¡: C, C++, Java
- Â÷·®¿ë ÀÓº£µðµå º¸¾È ÄÚµù °¡À̵å: C, C++, Java
- SAP ABAP Backdoor
ÄÚµå Ç°Áú ÃøÁ¤/Æò°¡
- (¹æ»çû ¹«±âü°è SW Á¤Àû ½ÃÇè) ¼Ò½ºÄÚµå ¸ÞÆ®¸¯
- (Â÷·®¿ë ÀÓº£µðµå ÄÚµå Ç°Áú Æò°¡) MISRA Software Metrics, HIS Source Code Metrics
|
|
C, C++, C# Á¤ÀûºÐ¼®µµ±¸ - »ê¾÷º° Ç¥ÁØ Áö¿ø
C, C++, C# Á¤ÀûºÐ¼®µµ±¸´Â ÄÄÆÄÀÏ·¯ ºôµå °úÁ¤ ¾øÀÌ ÃÖ»óÀ§ ÄÚµå °áÇÔ °ËÁõ ±â¼úÀÎ Inter-procedural Path Analysis·Î ÄÚµå °áÇÔ°ú º¸¾È ÇãÁ¡À» Á¡°Ë/°ËÁõÇÏ¿© ÄÚµåÀÇ ½Å·Ú¼º(reliability), ¾ÈÀü¼º(safety), º¸¾È¼º(security), ÄÚµå Ç°Áú(code metrics)À» ¸ðµÎ Á¡°ËÇÏ´Â ÅëÇÕ Á¤ÀûºÐ¼®µµ±¸ÀÔ´Ï´Ù.
|
|
|
Java(JSP)Á¤ÀûºÐ¼®µµ±¸ - »ê¾÷º° Ç¥ÁØ Áö¿ø
Java(JSP) Á¤ÀûºÐ¼®µµ±¸´Â ÄÄÆÄÀÏ·¯ ºôµå °úÁ¤ ¾øÀÌ ÃÖ»óÀ§ ÄÚµå °áÇÔ °ËÁõ ±â¼úÀÎ Inter-procedural Path Analysis·Î ÄÚµå °áÇÔ°ú º¸¾È ÇãÁ¡À» Á¡°Ë/°ËÁõÇÏ¿© ÄÚµåÀÇ ½Å·Ú¼º(reliability), ¾ÈÀü¼º(safety), º¸¾È¼º(security), ÄÚµå Ç°Áú(code metrics)À» ¸ðµÎ Á¡°ËÇÏ´Â ÅëÇÕ Á¤ÀûºÐ¼®µµ±¸ÀÔ´Ï´Ù.
|
|
|
ABAP Á¤ÀûºÐ¼®µµ±¸ – SAP °¡À̵å Ç¥ÁØ Áö¿ø
SAP ABAPÀÇ Á¤ÀûºÐ¼®µµ±¸´Â ÄÄÆÄÀÏ °úÁ¤ ¾øÀÌ ¿ø½Ã ¼Ò½ºÄڵ带 ºÐ¼®ÇÏ°í, Inter-procedural Analysis ±â¼ú ±â¹ÝÀ¸·Î SAPÀÇ ½Å·Ú¼º(ÄÚµù Ç¥ÁØ), ¾ÈÀü¼º(Run-time Error), º¸¾È¼º(º¸¾È Ãë¾àÁ¡)ÀÇ Ç¥ÁصéÀ» ÅëÇÕÁ¡°ËÇÏ´Â Á¤ÀûºÐ¼®µµ±¸ÀÔ´Ï´Ù.
|
|
|
|