This link has been bookmarked by 17 people . It was first bookmarked on 07 Aug 2006, by Richard.
A Python tool for finding buffer overflow mistakes in common C/C++ APIs. It examines C/C++ source code and reports possible security weaknesses (“flaws”) sorted by risk level. Flawfinder works by using a built-in database of C/C++ functions with well-known problems, such as buffer overflow risks (e.g., strcpy(), strcat(), gets(), sprintf(), and the scanf() family), format string problems ([v][f]printf(), [v]snprintf(), and syslog()), race conditions (such as access(), chown(), chgrp(), chmod(), tmpfile(), tmpnam(), tempnam(), and mktemp()), potential shell metacharacter dangers (most of the exec() family, system(), popen()), and poor random number acquisition (such as random()). Also see their list of alternative code-checking analyzers for all languages! This one seems old and relatively basic now.
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.