Getting straight to the point, An automated source code scanner looks at program source from various points of view. Code review tools will have separate customizable engines/modules to inspect source code.
Each of these scanning engines tries to identify different types of security problems in different aspects of the source code:
Data flow: The data flow analyzer discovers prospective vulnerabilities that involve tainted data (user-controlled input) put to potentially dangerous use, for example, buffer overflow and SQL injections.
Control flow: The control flow analyzer discovers potentially unsafe sequences of procedures, for example, time of check/time of use (TOCTOU, TOCTTOU, or TOC/TOU) issues and uninitialized variables.
Semantic: The semantic analyzer spots potentially dangerous uses, features, and APIs at the intra-procedural level, for example, deprecated features and risky features.
Structural: The structural analyzer discovers possibly unsafe problems in the structure or definition of the program, for example, dead code.
Configuration: The configuration analyzer looks for errors, weak points, and policy violations in an application's implementation configuration files.
Automated source code scanning can be divided into a few phases. The technique may vary from scanner to scanner. Here we are referring to the scanning methods used by one of the most popular source code scanning tools called fortify.
On a very high level, these phases are as follows.
- Build integration: The first phase of source code evaluation entails choosing whether to integrate Static Code Analyzer (SCA) right into the build compiler system. Translation: In this phase, source code is collected and using a series of commands, it is converted into an intermediate style that is related to a build ID. The build ID is typically the name of the task being scanned.
- Analysis: In this phase, source files identified during the translation phase are scanned and an analysis results file is prepared. Typically, for fortify scanner, Fortify Project (FPR) format is created.
- Verification of the translation and analysis: This phase ensures that the source files were checked using the right rule packs and that no significant errors were reported.
Hope this was helpful.