mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-25 10:03:03 +01:00
22 lines
1.1 KiB
Text
22 lines
1.1 KiB
Text
RATS - Rough Auditing Tool for Security
|
|
|
|
RATS is an open source tool developed and maintained by Secure Software
|
|
security engineers. Secure Software was acquired by Fortify Software, Inc.
|
|
RATS is a tool for scanning C, C++, Perl, PHP and Python source code and
|
|
flagging common security related programming errors such as buffer overflows
|
|
and TOCTOU (Time Of Check, Time Of Use) race conditions.
|
|
|
|
RATS scanning tool provides a security analyst with a list of potential
|
|
trouble spots on which to focus, along with describing the problem and
|
|
potentially suggest remedies. It also provides a relative assessment of the
|
|
potential severity of each problem, to better help an auditor prioritize.
|
|
This tool also performs some basic analysis to try to rule out conditions
|
|
that are obviously not problems.
|
|
|
|
As its name implies, the tool performs only a rough analysis of source code.
|
|
It will not find every error and will also find things that are not errors.
|
|
Manual inspection of your code is still necessary, but greatly aided with
|
|
this tool.
|
|
|
|
Example usage - to analyze "main.c":
|
|
rats --db /usr/share/rats-2.3/rats-c.xml main.c
|