Flawfinder este un program ce examnieaza un cod sursa si genereaza rapoarte.Acestea sunt categorisite dupa nivelul de risc.
Este usor de folosit, tot ce trebuie sa faci dupa instalare este:

flawfinder directorul_cu_codul_sursa

Cum functioneaza?

Flawfinder works by using a built-in database of C/C++ functions with well-known problems, such as buffer overflow risks (e.g., strcpy(), strcat(), gets(), sprintf(), and the scanf() family), format string problems ([v][f]printf(), [v]snprintf(), and syslog()), race conditions (such as access(), chown(), chgrp(), chmod(), tmpfile(), tmpnam(), tempnam(), and mktemp()), potential shell metacharacter dangers (most of the exec() family, system(), popen()), and poor random number acquisition (such as random()). The good thing is that you don’t have to create this database – it comes with the tool.
Flawfinder then takes the source code text, and matches the source code text against those names, while ignoring text inside comments and strings (except for flawfinder directives). Flawfinder also knows about gettext (a common library for internationalized programs), and will treat constant strings passed through gettext as though they were constant strings; this reduces the number of false hits in internationalized programs. .

Link-ul de download:
flawfinder-1.27.tar.gz

flawfinder

No comments yet.

<< Samhain v.2.5.9c – HIDS

Websecurify – Web Security Testing Framework >>