| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jonny at drugphish.ch (Jonathan Heusser) Subject: C Code Analyzer Hello, I would like to introduce my C Code Analyzer (CCA): It's a static analysis tool for detecting potential security problems in C source code. This analyzer was built with the following principles in mind: - Unlike other analyzers with emphasis on security, the CCA tries to spot only the errors that can actually cause problems. Not every strcpy is a security problem. - No code annotations or tweaking is required -- it's fully automatic. - Seamless integration with existing development platforms. The Eclipse platform has been chosen as completion to the command line tool. Current features are: - fully automatic user input tracer - potential bufferoverflow detection - memory leak detection - multiple/dangling free detection - array out of bound accesses - eclipse frontend plugin If you are interested, visit http://www.drugphish.ch/~jonny/cca.html More information, example sessions detecting bufferoverflows in real applications and screenshots of the plugin are available on the page. It should run on all Unix systems, a Windows port should be fairly easy. The license of CCA is unclear at the moment. The source code was not released yet. Thanks, jh -- Key fingerprint = 2A55 EB7C B7EA 6336 7767 4A47 910A 307B 1333 BD6C
Powered by blists - more mailing lists