Add Sanitizers examples

README.md

@@ -29,3 +29,5 @@ Sources for the [examples section](https://docs.conan.io/2/examples.html) of the
 ### [Libraries examples](examples/libraries)
 
 ### [Graph examples](examples/graph)
+
+### [Security examples](examples/security)

examples/security/README.md

@@ -0,0 +1,3 @@
+# Conan security examples
+
+### [Using Compiler Sanitizers with Conan](sanitizers)

examples/security/sanitizers/README.md

@@ -0,0 +1,5 @@
+# Using Compiler Sanitizers with Conan
+
+This example follows the documented page https://docs.conan.io/2/examples/security/sanitizers.html about using compiler sanitizers with Conan.
+
+For more information, please refer to the [C, C++ Compiler Sanitizers¶](https://docs.conan.io/2/security/sanitizers.html) documentation page.

examples/security/sanitizers/ci_test_example.bat

@@ -0,0 +1,22 @@
+@echo off
+setlocal enabledelayedexpansion
+
+echo Setup settings user
+for /f "usebackq delims=" %%H in (conan config home) do set "CONAN_HOME=%%H"
+copy /Y settings_user.yml "%CONAN_HOME%"
+
+echo Conan Examples 2: Compiler Sanitizers - Index Out of Bounds
+
+CD index_out_of_bounds/
+CALL conan build . -pr ../profiles/msvc_asan -c tools.compilation:verbosity=verbose
+CALL build/Debug/index_out_of_bounds 2>nul || echo Process completed with errors (expected for sanitizer demo)
+CD ..
+
+echo Conan Examples 2: Compiler Sanitizers - Signed Integer Overflow
+
+CD signed_integer_overflow/
+CALL conan build . -pr ../profiles/msvc_asan -c tools.compilation:verbosity=verbose
+CALL build/Debug/signed_integer_overflow 2>nul || echo Process completed with errors (expected for sanitizer demo)
+CD ..
+
+exit /b 0

examples/security/sanitizers/ci_test_example.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -e
+set -x
+
+echo "Setup settings user"
+cp -f settings_user.yml $(conan config home)
+
+echo "Conan Examples 2: Compiler Sanitizers - Index Out of Bounds"
+
+pushd index_out_of_bounds/
+conan build . -pr ../profiles/clang_asan -c tools.compilation:verbosity=verbose
+build/Debug/index_out_of_bounds || true
+popd
+
+echo "Conan Examples 2: Compiler Sanitizers - Signed Integer Overflow"
+
+pushd signed_integer_overflow/
+conan build . -pr ../profiles/clang_asan_ubsan -c tools.compilation:verbosity=verbose
+build/Debug/signed_integer_overflow || true
+popd

examples/security/sanitizers/index_out_of_bounds/CMakeLists.txt

@@ -0,0 +1,9 @@
+cmake_minimum_required(VERSION 3.15)
+project(index_out_of_bounds LANGUAGES CXX)
+
+add_executable(index_out_of_bounds main.cpp)
+target_compile_features(index_out_of_bounds PUBLIC cxx_std_11)
+
+include(GNUInstallDirs)
+install(TARGETS index_out_of_bounds
+        RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})

examples/security/sanitizers/index_out_of_bounds/conanfile.py

@@ -0,0 +1,28 @@
+from conan import ConanFile
+from conan.tools.cmake import CMake, cmake_layout, CMakeToolchain
+
+required_conan_version = ">=2.1.0"
+
+class IndexOutOfBoundsConan(ConanFile):
+    name = "index_out_of_bounds"
+    version = "0.1.0"
+    settings = "os", "arch", "compiler", "build_type"
+    exports_sources = "CMakeLists.txt", "main.cpp"
+    package_type = "application"
+    languages = ["C++"]
+
+    def layout(self):
+        cmake_layout(self)
+
+    def generate(self):
+        tc = CMakeToolchain(self)
+        tc.generate()
+
+    def build(self):
+        cmake = CMake(self)
+        cmake.configure()
+        cmake.build()
+
+    def package(self):
+        cmake = CMake(self)
+        cmake.install()

examples/security/sanitizers/index_out_of_bounds/main.cpp

@@ -0,0 +1,15 @@
+#include <iostream>
+#include <cstdlib>
+
+int main() {
+    #ifdef __SANITIZE_ADDRESS__
+        std::cout << "Address sanitizer enabled\n";
+    #else
+        std::cout << "Address sanitizer not enabled\n";
+    #endif
+
+    int foo[100];
+    foo[100] = 42; // Out-of-bounds write
+
+    return EXIT_SUCCESS;
+}

examples/security/sanitizers/profiles/clang_asan

@@ -0,0 +1,14 @@
+include(default)
+
+[settings]
+build_type=Debug
+compiler.sanitizer=Address
+
+[conf]
+tools.build:cflags=['-fsanitize=address']
+tools.build:cxxflags=['-fsanitize=address']
+tools.build:exelinkflags=['-fsanitize=address']
+tools.build:sharedlinkflags+=["-fsanitize=address"]
+
+[runenv]
+ASAN_OPTIONS="halt_on_error=1:detect_leaks=1"

examples/security/sanitizers/profiles/clang_asan_ubsan

@@ -0,0 +1,11 @@
+include(default)
+
+[settings]
+build_type=Debug
+compiler.sanitizer=AddressUndefinedBehavior
+
+[conf]
+tools.build:cflags=['-fsanitize=address,undefined']
+tools.build:cxxflags=['-fsanitize=address,undefined']
+tools.build:exelinkflags=['-fsanitize=address,undefined']
+tools.build:sharedlinkflags+=["-fsanitize=address"]

examples/security/sanitizers/settings_user.yml

@@ -0,0 +1,9 @@
+compiler:
+  gcc:
+    sanitizer: [null, Address, Leak, Thread, UndefinedBehavior, HardwareAssistanceAddress, KernelAddress, AddressUndefinedBehavior, ThreadUndefinedBehavior]
+  clang:
+    sanitizer: [null, Address, Leak, Thread, Memory, UndefinedBehavior, HardwareAssistanceAddress, KernelAddress, AddressUndefinedBehavior, ThreadUndefinedBehavior]
+  apple-clang:
+    sanitizer: [null, Address, Leak, Thread, Memory, UndefinedBehavior, HardwareAssistanceAddress, KernelAddress, AddressUndefinedBehavior, ThreadUndefinedBehavior]
+  msvc:
+    sanitizer: [null, Address, KernelAddress]

examples/security/sanitizers/signed_integer_overflow/CMakeLists.txt

@@ -0,0 +1,9 @@
+cmake_minimum_required(VERSION 3.15)
+project(signed_integer_overflow LANGUAGES CXX)
+
+add_executable(signed_integer_overflow main.cpp)
+target_compile_features(signed_integer_overflow PUBLIC cxx_std_11)
+
+include(GNUInstallDirs)
+install(TARGETS signed_integer_overflow
+        RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})

examples/security/sanitizers/signed_integer_overflow/conanfile.py

@@ -0,0 +1,28 @@
+from conan import ConanFile
+from conan.tools.cmake import CMake, cmake_layout, CMakeToolchain
+
+required_conan_version = ">=2.1.0"
+
+class SignedIntegerOverflowConan(ConanFile):
+    name = "signed_integer_overflow"
+    version = "0.1.0"
+    settings = "os", "arch", "compiler", "build_type"
+    exports_sources = "CMakeLists.txt", "main.cpp"
+    package_type = "application"
+    languages = ["C++"]
+
+    def layout(self):
+        cmake_layout(self)
+
+    def generate(self):
+        tc = CMakeToolchain(self)
+        tc.generate()
+
+    def build(self):
+        cmake = CMake(self)
+        cmake.configure()
+        cmake.build()
+
+    def package(self):
+        cmake = CMake(self)
+        cmake.install()

examples/security/sanitizers/signed_integer_overflow/main.cpp

@@ -0,0 +1,16 @@
+#include <iostream>
+#include <cstdlib>
+#include <cstdint>
+
+int main(int argc, char* argv[]) {
+    #ifdef __SANITIZE_ADDRESS__
+        std::cout << "Address sanitizer enabled\n";
+    #else
+        std::cout << "Address sanitizer not enabled\n";
+    #endif
+
+    int foo = 0x7fffffff;
+    foo += argc; // Signed integer overflow
+
+    return EXIT_SUCCESS;
+}