|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: static analysis
From: Chris Evans (chris
ferret.lmh.ox.ac.uk)Date: Wed Jun 28 2000 - 17:50:16 CDT
- Next message: Chris Evans: "INN: guilty of syslog() format string breakage?"
- Previous message: Jeff Uphoff: "Re: format bugs, in addition to the wuftpd bug"
- In reply to: Jonathan Leto: "Re: static analysis"
- Next in thread: Sean Hunter: "Re: static analysis"
- Next in thread: Antonomasia: "Re: static analysis"
- Reply: Chris Evans: "Re: static analysis"
- Reply: Sean Hunter: "Re: static analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 27 Jun 2000, Jonathan Leto wrote:
> It can be done without too much pain in perl:
>
> #!/usr/bin/perl -w
>
> while(<>){
> if ( /sprintf\s*\(\s*[A-z0-9_]+\s*,\s*(".*?"|[A-z0-9_]+)\s*\)/ ){
> print "Woohoo, stupid programming tricks!: $_\n";
> }
> }
Wahay the start of a static analysis tool ;-)
If I knew perl, I'd refine it to
1) Limit some of the noise (constant strings not containing % as the 2nd
arg)
2) Contain a list of violations;
syslog, 2 args => potential violation
snprintf, 3 args => potential violation
etc. etc.
But, as I said I don't know perl... hint hint...
Chris
- Next message: Chris Evans: "INN: guilty of syslog() format string breakage?"
- Previous message: Jeff Uphoff: "Re: format bugs, in addition to the wuftpd bug"
- In reply to: Jonathan Leto: "Re: static analysis"
- Next in thread: Sean Hunter: "Re: static analysis"
- Next in thread: Antonomasia: "Re: static analysis"
- Reply: Chris Evans: "Re: static analysis"
- Reply: Sean Hunter: "Re: static analysis"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]