LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Some tools for code security checking

Some tools for code security checking

Posted Nov 13, 2003 7:59 UTC (Thu) by eru (subscriber, #2753)
In reply to: The upcoming security fight by ken
Parent article: The upcoming security fight

Some free code analysis tools I have seen and evaluated:

Flawfinder: http://www.dwheeler.com/flawfinder/

RATS: http://www.securesoftware.com/download_form_rats.htm

These are both somewhat conceptually similar code scanners, about equal in power, but one may catch things the other misses. Paranoid people might want to run both. These are very easy to use.

Splint: http://splint.org/

Splint is quite a bit more complex tool, and for maximum benefit you need to add some annotations to your code to describe expectations about what functions do. Handles C only (Flawfinder and RATS do both C and C++.)

Jlint: http://artho.com/jlint/

This one is for Java.

(Log in to post comments)

Some tools for code security checking

Posted Nov 13, 2003 8:36 UTC (Thu) by proski (subscriber, #104) [Link]

Valgrind can also be used to find security holes. Many errors in memory usage are exploitable. Valgrind 2.0.0 was released two days ago.

Some tools for code security checking

Posted Nov 13, 2003 14:31 UTC (Thu) by stijn (subscriber, #570) [Link]

I use valgrind and like it a lot. It is incredibly easy to use and quite powerful. Anyone know how valgrind, RATS, and flawfinder compare to each other?

Some tools for code security checking

Posted Nov 13, 2003 15:55 UTC (Thu) by eru (subscriber, #2753) [Link]

Comparing Valgrind to Flawfinder and RATS is a bit of an apples-and-oranges comparison, because Valgrind tries to spot errors at run-time, but the others try to analyze the source code. Both approaches have advantages and disadvantages. A run-time checker like Valgrind can see a problem only if your test case performs a sequence that involves it. A statical checker can potentially spot errors in places your test cases forget to visit. On the other hand, a statical checker may not be able to detect more complicated data-dependent errors. This is especially true of Flawfinder and RATS that do rather simple analysis. Splint is more powerful.

I would recommend that both kinds of tools be used.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds