[Owasp-codereview] [Owasp-leaders] Simple Beta code review tool
eoin.keary at owasp.org
Mon Feb 18 09:17:25 EST 2008
I tried to contect the LAPSE author over 6 months ago but got no response.
I was not willing to add documentation relating to tools without the
go-ahead of the author.
Obvously the offer is still open to contribute to the CRG.
On 18/02/2008, Jeff Williams <jeff.williams at aspectsecurity.com> wrote:
> Seems like the CRGuide should also mention OWASP LAPSE - which does data
> flow analysis (far beyond simple grep or AST analysis).
> -----Original Message-----
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Eoin
> Sent: Monday, February 18, 2008 5:52 AM
> To: Paolo Perego
> Cc: owasp-ireland at lists.owasp.org; Owasp-codereview at lists.owasp.org;
> OWASP Leaders
> Subject: Re: [Owasp-leaders] Simple Beta code review tool
> static code review tools just rock. "But remember a fool with a tool
> is still a fool :)"
> If you would like to add a chapter to the code review guide please
> feel free. (under automated code review section in the wiki).
> It should detail usage and setup.
> Thing with open source tools in general is they can be a pain to set
> up or they are unstable. People download them, spend 5 mins trying to
> get it working and then delete. So a configuration guide, usage guide
> and benefits so people will actaully use it!!!!
> The guide shall now have two tools, one a .NET assembly (Code Crawler)
> and this one (Orizon). Lets hope they can get along :)
> On 15/02/2008, Paolo Perego <thesp0nge at gmail.com> wrote:
> > Hi guys, just a note to announce that I just released a new version of
> > Owasp Orizon Framework with the source code crawling APIs available
> > for Java and CSharp.
> > How can you use it?
> > Look at this example:
> > Orizon default library contains both all the java than the csharp
> > dangerous keywords as listed in the Code review Guide.
> > In your crawling code you can extract the XML file containing the
> > keywords from the library and then create a JavaCrawler object using
> > the XML filename as contructor parameter.
> > As you may see, you have just to call the crawl method that returns
> > true if some keywords were found or false otherwise.
> > If crawl() method will return true, a Report object will be available
> > via getReport() method and full of the matching keywords.
> > Is it very simple isn't it?
> > Orizon v0.70 Jar file is available at this link:
> > I hope you can find it usefull, I'm planning to add to Owasp Orizon
> > framework all the checks you guys suggested in the Code review Guide.
> > Eoin sorry if I was not able to write some notes about my framework
> > for the printing copy of the guide but I was full of work. Am I in
> > time for the RC3 of the guide?
> > I'm waiting your feedback
> > Thanks
> > thesp0nge
> > On 12/02/2008, Eoin <eoin.keary at owasp.org> wrote:
> > > Hello,
> > > The code review site now contains a link to a *very* simple beta
> > > rerview tool (CodeCrawler) which scans code for the API calls
> > > in the code review guide ("Crawling code").
> > >
> > > It can be found here:
> > > https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
> > >
> > > ek
> > >
> > >
> > >
> > > --
> > > Eoin Keary OWASP - Ireland
> > > http://www.owasp.org/local/ireland.html
> > > http://www.owasp.org/index.php/OWASP_Code_Review_Project
> > > _______________________________________________
> > > OWASP-Leaders mailing list
> > > OWASP-Leaders at lists.owasp.org
> > > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> > >
> > --
> > Owasp Orizon leader
> > orizon.sourceforge.net
> Eoin Keary OWASP - Ireland
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
Eoin Keary OWASP - Ireland
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-codereview