Show cqual.html syntax highlighted
<html>
<head>
<title>Web-Based Cqual</title>
<style type"/text.css"><!--
.smallcap { font-variant: small-caps }
--></style>
<script>
function changeOptions() {
var filename = document.form.filename;
var value = filename.options[filename.selectedIndex].value;
if (value == "taint.c" || value == "taint2.c") {
document.form.elements["const"].checked = false;
document.form.tainted.checked = true;
document.form.locked.checked = false;
}
else if (value == "lock.c" || value == "lock2.c") {
document.form.elements["const"].checked = false;
document.form.tainted.checked = false;
document.form.locked.checked = true;
}
}
</script>
</head>
<body bgcolor="white" onload="changeOptions()">
<h1>Web-Based <span class=smallcap>Cqual</span></h1>
<p>
You can use this page to try <span class=smallcap>Cqual</span> over
the web. Our web interface lets you run <span
class=smallcap>Cqual</span> on several small examples illustrating the
security vulnerability analysis and the deadlock detection, or you can
supply your own pre-processed C code annotated with qualifiers. The
web version of <span class=smallcap>Cqual</span> mimics the
emacs-based browsing interface in the regular distribution.
<p>
You can read more about <span class=smallcap>Cqual</span> on the <a
href="http://www.cs.berkeley.edu/~jfoster/cqual">main <span
class=smallcap>Cqual</span> page</a>.
<p>
Our demonstration includes examples of two applications of <span
class=smallcap>Cqual</span>. The qualifiers <tt>$tainted</tt> and
<tt>$untainted</tt> can be used to detect potential security bugs,
specifically format-string vulnerabilities. The qualifiers
<tt>$locked</tt> and <tt>$unlocked</tt> can be used to detect
potential deadlocks.
<p>
<form action="/cgi-bin/cqual-cgi/cqual.pl" method="POST"
enctype="multipart/form-data" name="form">
<table border=1>
<tr>
<td valign=top>Step 0.
<td valign=top width=200 colspan=2>
Read <a href="cqual-html/tutorial.html">a short tutorial on web-based cqual</a>
<tr>
<td valign=top>Step 1.
<td valign=top width=200>Find out more about our examples
<td valign=top width=400>
<a href="cqual-html/taint.c.html">Tainting: Small Example</a><br>
<a href="cqual-html/taint2.c.html">Tainting: Function Calls</a><br>
<a href="cqual-html/lock.c.html">Locking: Small Example</a><br>
<tr>
<td valign=top>Step 2.
<td valign=top width=200>Select a source file
<td valign=top width=400>
Choose an example<br>
(Will automatically select qualifiers for step 3)<br>
<select name="filename" onchange="changeOptions()">
<option value="none">-Upload file-</option>
<option selected value="taint.c">Tainting: Small Example</option>
<option value="taint2.c">Tainting: Function calls</option>
<option value="lock.c">Locking: Small Example</option>
</select>
<br><br>
Or upload your own file<br>
<input type=file name="file">
<tr>
<td valign=top>Step 3.
<td valign=top width=200>Choose the qualifiers. In the regular
distribution you can name your own qualifiers and give relations
between them.
<td valign=top>
<table border=0>
<tr>
<td><input type=checkbox name="const">const</input></td>
<td><input type=checkbox name="tainted">$tainted/$untainted</input></td>
</tr>
<tr>
<td><input type=checkbox name="locked">$locked/$unlocked</input></td>
</tr>
</table>
<tr>
<td valign=top>Step 4.
<td valign=top width=200>Send in your request
<td valign=top><input type="submit" value="Submit">
</table>
</form>
<p><i>Notes</i>
<ul>
<li>You must enable javascript to use web-based <span
class=smallcap>Cqual</span>.</li>
<li>Mozilla 0.9.7 is currently not supported, due to <a
href="http://bugzilla.mozilla.org/show_bug.cgi?id=116210">problems
beyond our control</a>.</li>
<li>The web version of <span class=smallcap>Cqual</span> is slower
than running <span class=smallcap>Cqual</span> locally. For analyzing
large files, we suggest downloading the <a
href="http://www.cs.berkeley.edu/~jfoster/cqual/#download">source
code</a>.</li>
<li>This service is highly experimental and has undergone only limited
testing. Please let us know if you find a bug or a browser
incompatibility.</li>
</ul>
</body>
</html>
See more files for this project here