Flawfinder
From Wikipedia, the free encyclopedia
 |
This article does not cite any references or sources. (December 2006) Please help improve this article by adding citations to reliable sources. Unverifiable material may be challenged and removed. |
Flawfinder is a programming tool that examines C or C++ source code looking for security weaknesses. It examines the source code at a simple (lexical) level, primarily looking for function names, which it then compares to a rule database. It then uses the rule database, and the parameters provided to the function, to assign a risk level to that particular code structure. Typical rules involves issues such as string functions that may overflow buffers, format strings that may be controlled by users, and so on. Once it completes examining the source code, it reports the potential security flaws, sorted by risk level. Flawfinder is implemented in Python, and was developed by David A. Wheeler.
It is licensed under the GNU General Public License, and is thus both open source software and free software (in the libre sense).
The name FlawFinder and Flawfinder are also Trademarks of Flawfinder.com.
[edit] See also
- Rough Auditing Tool for Security (RATS)
- Static code analysis
- Software testing
- Internet security
- Advisor
[edit] External links
 |
This software-related article is a stub. You can help Wikipedia by expanding it. |
