cIFrex Project

Static Code Analysis Tool

 cIFrex is a web application written in PHP, which supports search for mistakes in the analysis of the source code. Using the database of filters based on regular expressions, you can quickly locating the code, in which the probability of failure is high. You will just need to have the source code on a computer with the access to cIFrex in order to be able to fully benefit from the possibilities of the new methodology.

 Each filter is based on maximum of nine patterns.

Regular expressions can be divided in three groups:

(V) Value: Regular expression enabling retrieval of the sequences of signs and the attribution of retrieved values to the variable <v1>, <v2> lub <v3> for example the name of array:

char name[128] => char.* (?<v1>\w+)\[(\d+)\] 

There is a possibility of using variables <v1>, <v2> and <v3> to search for sequences that are interesting to us. 
It allows us to use found values in the patterns of type T (Truth) and F (False).

(T) Truth: Regular expression, which must be present in the code. for example:


(F) False: Regular expression, which cannot be present in the code. for example: 


Each expression fulfils given roles. The expressions of type (V) are used mainly to assign the variable names while the expression of type (T) and (F) are mainly used to precise their usage. To put it simply, patterns of type V are used to catch names of variables, used in the unsuitable manner, for example all arrays (<V1>) of type CHAR used in the function strcpy()(<T1>) without controlling the length through strlen()(<F1>). 


CVE Support



CWE Support



CVE Support



cIFrex Version 3

cIFrex Version 3

cIFrex Version 3


CXSECURITY Bugtraq Support

Bugtraq Support



Last edited Feb 12, 2015 at 10:05 PM by cxib, version 53