[Owasp-ireland] [Owasp-leaders] Simple Beta code review tool

Eoin eoin.keary at owasp.org
Mon Feb 18 05:52:24 EST 2008

static code review tools just rock. "But remember a fool with a tool
is still a fool :)"
If you would like to add a chapter to the code review guide please
feel free. (under automated code review section in the wiki).

It should detail usage and setup.
Thing with open source tools in general is they can be a pain to set
up or they are unstable. People download them, spend 5 mins trying to
get it working and then delete. So a configuration guide, usage guide
and benefits so people will actaully use it!!!!
The guide shall now have two tools, one a .NET assembly (Code Crawler)
and this one (Orizon). Lets hope they can get along :)

On 15/02/2008, Paolo Perego <thesp0nge at gmail.com> wrote:
> Hi guys, just a note to announce that I just released a new version of
> Owasp Orizon Framework with the source code crawling APIs available
> for Java and CSharp.
> How can you use it?
> Look at this example:
> http://orizon.svn.sourceforge.net/viewvc/orizon/orizon_package/src/org/owasp/orizon/demo/jCrawlerDemo.java?view=markup&pathrev=269
> Orizon default library contains both all the java than the csharp
> dangerous keywords as listed in the Code review Guide.
> In your crawling code you can extract the XML file containing the
> keywords from the library and then create a JavaCrawler object using
> the XML filename as contructor parameter.
> As you may see, you have just to call the crawl method that returns
> true if some keywords were found or false otherwise.
> If crawl() method will return true, a Report object will be available
> via getReport() method and full of the matching keywords.
> Is it very simple isn't it?
> Orizon v0.70 Jar file is available at this link:
> http://sourceforge.net/project/platformdownload.php?group_id=177056&sel_platform=280
> I hope you can find it usefull, I'm planning to add to Owasp Orizon
> framework all the checks  you guys suggested in the Code review Guide.
> Eoin sorry if I was not able to write some notes about my framework
> for the printing copy of the guide but I was full of work. Am I in
> time for the RC3 of the guide?
> I'm waiting your feedback
> Thanks
> thesp0nge
> On 12/02/2008, Eoin <eoin.keary at owasp.org> wrote:
> > Hello,
> >  The code review site now contains a link to a *very* simple beta code
> >  rerview tool (CodeCrawler) which scans code for the API calls listed
> >  in the code review guide ("Crawling code").
> >
> >  It can be found here:
> >  https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
> >
> >  ek
> >
> >
> >
> >  --
> >  Eoin Keary OWASP - Ireland
> >  http://www.owasp.org/local/ireland.html
> >  http://www.owasp.org/index.php/OWASP_Code_Review_Project
> >  _______________________________________________
> >  OWASP-Leaders mailing list
> >  OWASP-Leaders at lists.owasp.org
> >  https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> --
> Owasp Orizon leader
> orizon.sourceforge.net

Eoin Keary OWASP - Ireland

More information about the Owasp-ireland mailing list