Choosing higher level technology for source code searches? about flawfinder HOT 13 CLOSED

The tool would be generally be more effective if it generated and used a data flow and control flow graph, though perhaps that should be a different project (it's not clear how much overlap the two would have).

from flawfinder.

Have you heard about variants for computation tree logic?

from flawfinder.

Yes. I expect it's a big effort to build on, though to be fair I haven't recently looked at the libraries to do that. Perhaps a lot is now available.

from flawfinder.

How do you think about corresponding source code analysis possibilities based on the semantic patch language (Coccinelle software)?

from flawfinder.

Can the following example of a small script for the semantic patch language give you an useful impression for the possible source code analysis capabilities?

@b9219fafb2784ece9f554dfb5e692d96_find_call@
expression e;
identifier an_interesting_function;
position p;
@@
 e = an_interesting_function@p(...);

@script:python@
p << b9219fafb2784ece9f554dfb5e692d96_find_call.p;
@@
coccilib.report.print_report(p[0],
                             "WARNING: Reconsider this function call.")

from flawfinder.

There are a number of tools that try to analyze C/C++ code more deeply. Compilers (such as GCC and clang) have to do this (clang generates LLVM; LLVM unforunately is not stable). Cppcheck delves in further, as does the clang static analyzer. They have more information... but writing the system to properly USE that information is non-trivial.

from flawfinder.

• How manageable do you find software development efforts between the mentioned approaches?
• Have you got any known concerns for the involved software complexity in mind?

from flawfinder.

I'm quite aware of many of these things. I have a web page about these kinds of tools: https://dwheeler.com/essays/static-analysis-tools.html

The sophistication of a tool is not necessarily related to the difficulty of using that tool. A tool that spends a lot of effort to reduce false positives can be more complex, yet easier for users. Of course, a more complex tool takes more work to develop & probably to maintain. I'm a big fan of using tools to analyze software to find its vulnerabilities ahead-of-time. In some ways flawfinder is a way to encourage use of these kinds of tools in general; it's a freely-available tool that does some analysis & reporting. If others want to create more sophisticated tools, great!

from flawfinder.

• I find your tool overview impressive.
• 🔮 Can any more improvements be exchanged between involved software components?

from flawfinder.

I'm sure anything can be improved :-).

from flawfinder.

I plan to close this. I think that "higher level" technology is great, but basically it's a wholly different tool & better implemented as a separate program.

from flawfinder.

🔮 Will the software development discussion become more constructive under other circumstances (also for this issue)?

from flawfinder.

If you have a specific recommendation, or even better a pull request, please propose it! Pull requests preferred.

from flawfinder.