2014-01-12
Google Code Archive - Long-term storage for Google Code Project Hosting.
Rough Auditing Tool for Security (RATS)
https://code.google.com/archive/p/rough-auditing-tool-for-security/
CERN Computer Security Information
https://security.web.cern.ch/recommendations/en/codetools/rats.shtml
RATS (Rough Auditing Tool for Security)是用來評估程式原始碼潛在弱點的開放原始碼工具。它可以掃描C、C++、Perl、PHP還有Python的原始碼,並標記可能有弱點的程式碼位置,供程式人員之後進一步的檢查。RATS不但可以找出一些特定的弱點,更可以針對這些發現的弱點提出建議以及改進方式。
CentOS 6.5 x64 的 yum 沒有 rats
就算安裝了 EPEL 也是沒有
[root@server1 ~]# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Retrieving http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Preparing... ########################################### [100%]
package epel-release-6-8.noarch is already installed
[root@server1 ~]# yum list | grep rats
[root@server1 ~]#
Fedora 20 的 rats 是從 Fedora 18 提供的
[root@localhost ~]# yum list | grep rats
rats.x86_64 2.1-10.fc18 fedora
[root@localhost ~]#
安裝步驟
yum -y install rats
或
yum -y install bison flex
wget http://www.fortify.com/servlet/downloads/public/rats-2.1.tar.gz
tar -zxvf rats-2.1.tar.gz;
cd rats-2.1.tar.gz
./configure
make
make install
測試
把 httpd 套件原始碼解開,掃描測試該目錄
wget http://archive.apache.org/dist/httpd/httpd-2.2.9.tar.gz
tar zxvf httpd-2.2.9.tar.gz
rats httpd-2.2.9 >> httpd-2.2.9.txt
httpd-2.2.9.txt 中的片斷
...(略)
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:107: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:135: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:229: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:230: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:275: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:610: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:649: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:780: High: fixed size local buffer
...(略)
(完)
相關
[研究] RATS 2.1 (靜態程式原始碼掃描工具)(Fedora 10 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?f=25&t=16051
RATS (Rough Auditing Tool for Security)是用來評估程式原始碼潛在弱點的開放原始碼工具。它可以掃描C、C++、Perl、PHP還有Python的原始碼,並標記可能有弱點的程式碼位置,供程式人員之後進一步的檢查。RATS不但可以找出一些特定的弱點,更可以針對這些發現的弱點提出建議以及改進方式。
CentOS 6.5 x64 的 yum 沒有 rats
就算安裝了 EPEL 也是沒有
[root@server1 ~]# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Retrieving http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Preparing... ########################################### [100%]
package epel-release-6-8.noarch is already installed
[root@server1 ~]# yum list | grep rats
[root@server1 ~]#
Fedora 20 的 rats 是從 Fedora 18 提供的
[root@localhost ~]# yum list | grep rats
rats.x86_64 2.1-10.fc18 fedora
[root@localhost ~]#
安裝步驟
yum -y install rats
或
yum -y install bison flex
wget http://www.fortify.com/servlet/downloads/public/rats-2.1.tar.gz
tar -zxvf rats-2.1.tar.gz;
cd rats-2.1.tar.gz
./configure
make
make install
測試
把 httpd 套件原始碼解開,掃描測試該目錄
wget http://archive.apache.org/dist/httpd/httpd-2.2.9.tar.gz
tar zxvf httpd-2.2.9.tar.gz
rats httpd-2.2.9 >> httpd-2.2.9.txt
httpd-2.2.9.txt 中的片斷
...(略)
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:107: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:135: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:229: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:230: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:275: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:610: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:649: High: fixed size local buffer
httpd-2.2.9/modules/proxy/mod_proxy_ftp.c:780: High: fixed size local buffer
...(略)
(完)
相關
[研究] RATS 2.1 (靜態程式原始碼掃描工具)(Fedora 10 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?f=25&t=16051
沒有留言:
張貼留言