Secure Code Review 7.x-1.x-dev
File ID: 100760
Secure Code Review 7.x-1.x-dev Description
Description: The long name for this project could be: Static Code Analysis for Security Vulnerabilities.
From the abstract to the related project in the 2010 Google Summer of Code:
The goal of this module is to develop automated tools to assist with security reviews of Drupal module code. The tools will be built atop the grammar parser library and its code manipulation API (CMAPI). The project may also involve extending and enhancing the CMAPI to support the security review tools. The code manipulation API provides tools for traversing, searching and modifying a code snippet. This foundation should prove useful to the development of a security review engine.
This module utilizes the Coder Upgrade framework and the Grammar Parser library to conduct a secure code review of a source code file based on its grammar. The review code is structured as custom routines fitting into the Coder Upgrade API. The routines are invoked by Coder Upgrade to review function calls and functions for secure code vulnerabilities. The module also utilizes the growing API for code searching, traversal and manipulation (e.g., getting, setting, inserting and deleting parameters to a function call) provided by the Grammar Parser library to review source code in a precise and programmatic fashion. Because Coder Upgrade utilizes the familiar Drupal hook system to invoke routines, other modules may enhance or modify the routines provided by this module. Contributed modules that define an API can develop vulnerability review routines that would enable other contributed modules relying on that API to review their code.
The module outputs a log file indicating the code file, item reviewed (function call or routine), line number and a description of the potential vulnerability.
This project was part of the 2010 Google Summer of Code.
This project is sponsored by Boombatower Development.
Related: Review, Module, Routines, Project, Upgrade, Coder, Tools, manipulation, Library, Security, utilizes, Modules, Function, Searching, cmapi, grammar, provided, Secure, Parser
O/S:BSD, Linux, Solaris, Mac OS X
File Size: 20.5 KB
|More Similar Code|
Crystal REVS has the best code review, edit and visualization tools. It provides Flowcharts, Tokens Panel, Comment Generator, Auto-Formatting in real time.
Pau Code Review is a light weight code review tool. The emphasis of this project is to create the artifacts required for a code review without forcing a specific code review process on the user.
Code Review Bundle contains two separate tools: Review Assistant and Code Compare. Code Compare adds value to Review Assistant when tools are used together. Review Assistant is a code review plugin for Visual Studio. This tool helps you to create...
Provides an abstracted client-server model and plugin API for performing distributed operations such as code review and testing. Currently the project focuses on supporting Drupal development, but due to the extent of the code abstraction it can...
Review Assistant is a code review plugin for Visual Studio. The code review tool allows creating review requests and responding to them without leaving Visual Studio. Review Assistant supports TFS, Subversion, Git, Mercurial, and Perforce.
Review Assistant is a code review plug-in for Visual Studio. The code review tool allows creating review requests and responding to them without leaving Visual Studio. Review Assistant supports TFS, Subversion, Git, Mercurial, and Perforce. Key...
AgileReview - A OneClick Code Review Eclipse Plugin
VCG is an automated code security review tool for C++, C#, Java and PL/SQL which is intended to drastically speed up the code review process by identifying bad/insecure code.
It has a few features that should make it useful. In addition...
svncr, abbreviated "subversion code review tool" uses svn to give you a blame, log and diff all in one report. It is a diff format report that can get split out by filter that matches to log messages and code.
Main goals of this library:
* light, understandable, ergonomic and fast;
* only usefull things for John Doe or Jane Doe C programmers;
* produce secure code...
|User Review for Secure Code Review