[Owasp-codereview] [Owasp-leaders] Simple Beta code review tool

Eoin eoin.keary at owasp.org
Mon Feb 18 09:17:25 EST 2008


hey Jeffo
I tried to contect the LAPSE author over 6 months ago but got no response.
I was not willing to add documentation relating to tools without the
go-ahead of the author.
Obvously the offer is still open to contribute to the CRG.


On 18/02/2008, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
>
> Seems like the CRGuide should also mention OWASP LAPSE - which does data
> flow analysis (far beyond simple grep or AST analysis).
>
> --Jeff
>
> -----Original Message-----
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Eoin
> Sent: Monday, February 18, 2008 5:52 AM
> To: Paolo Perego
> Cc: owasp-ireland at lists.owasp.org; Owasp-codereview at lists.owasp.org;
> OWASP Leaders
> Subject: Re: [Owasp-leaders] Simple Beta code review tool
>
> Great,
> static code review tools just rock. "But remember a fool with a tool
> is still a fool :)"
> If you would like to add a chapter to the code review guide please
> feel free. (under automated code review section in the wiki).
>
> It should detail usage and setup.
> Thing with open source tools in general is they can be a pain to set
> up or they are unstable. People download them, spend 5 mins trying to
> get it working and then delete. So a configuration guide, usage guide
> and benefits so people will actaully use it!!!!
> The guide shall now have two tools, one a .NET assembly (Code Crawler)
> and this one (Orizon). Lets hope they can get along :)
>
>
>
> On 15/02/2008, Paolo Perego <thesp0nge at gmail.com> wrote:
> > Hi guys, just a note to announce that I just released a new version of
> > Owasp Orizon Framework with the source code crawling APIs available
> > for Java and CSharp.
> >
> > How can you use it?
> > Look at this example:
> >
> http://orizon.svn.sourceforge.net/viewvc/orizon/orizon_package/src/org/o
> wasp/orizon/demo/jCrawlerDemo.java?view=markup&pathrev=269
> > Orizon default library contains both all the java than the csharp
> > dangerous keywords as listed in the Code review Guide.
> > In your crawling code you can extract the XML file containing the
> > keywords from the library and then create a JavaCrawler object using
> > the XML filename as contructor parameter.
> > As you may see, you have just to call the crawl method that returns
> > true if some keywords were found or false otherwise.
> > If crawl() method will return true, a Report object will be available
> > via getReport() method and full of the matching keywords.
> > Is it very simple isn't it?
> >
> > Orizon v0.70 Jar file is available at this link:
> >
> http://sourceforge.net/project/platformdownload.php?group_id=177056&sel_
> platform=280
> >
> > I hope you can find it usefull, I'm planning to add to Owasp Orizon
> > framework all the checks  you guys suggested in the Code review Guide.
> > Eoin sorry if I was not able to write some notes about my framework
> > for the printing copy of the guide but I was full of work. Am I in
> > time for the RC3 of the guide?
> >
> > I'm waiting your feedback
> > Thanks
> > thesp0nge
> > On 12/02/2008, Eoin <eoin.keary at owasp.org> wrote:
> > > Hello,
> > >  The code review site now contains a link to a *very* simple beta
> code
> > >  rerview tool (CodeCrawler) which scans code for the API calls
> listed
> > >  in the code review guide ("Crawling code").
> > >
> > >  It can be found here:
> > >  https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
> > >
> > >  ek
> > >
> > >
> > >
> > >  --
> > >  Eoin Keary OWASP - Ireland
> > >  http://www.owasp.org/local/ireland.html
> > >  http://www.owasp.org/index.php/OWASP_Code_Review_Project
> > >  _______________________________________________
> > >  OWASP-Leaders mailing list
> > >  OWASP-Leaders at lists.owasp.org
> > >  https://lists.owasp.org/mailman/listinfo/owasp-leaders
> > >
> >
> >
> > --
> > Owasp Orizon leader
> > orizon.sourceforge.net
> >
>
>
> --
> Eoin Keary OWASP - Ireland
> http://www.owasp.org/local/ireland.html
> http://www.owasp.org/index.php/OWASP_Testing_Project
> http://www.owasp.org/index.php/OWASP_Code_Review_Project
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>



-- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Testing_Project
http://www.owasp.org/index.php/OWASP_Code_Review_Project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-codereview/attachments/20080218/928cee22/attachment.html 


More information about the Owasp-codereview mailing list