wzr / rough-auditing-tool-for-security Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/rough-auditing-tool-for-security
License: GNU General Public License v2.0
Automatically exported from code.google.com/p/rough-auditing-tool-for-security
License: GNU General Public License v2.0
RATS - Rough Auditing Tool for Security This is RATS, a rough auditing tool for security, developed by Secure Software Inc. It is a tool for scanning C, C++, Perl, PHP, Python and Ruby source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool. RATS is free software. You may copy, distribute, and modify it under the terms of the GNU Public License as contained in the file named COPYING that has been included with this distribution. Requirements ------------ RATS requires expat to be installed in order to build and run. Expat is often installed in /usr/local/lib and /usr/local/include. On some systems, you will need to specify --with-expat-lib and --with-expat-include options to configure so that it can find your installation of the library and header. Expat can be found at: http://expat.sourceforge.net/ Installation ------------ Building and installation of RATS is simple. To build, you simply need to run the configuration shell script in the distribution's top-level directory: ./configure The configuration script is a standard autoconf generation configuration script and accepts many options. Run configure with the --help option to see what options are available. Once the configuration script has completed successfully, simply run make in the distribution's top-level directory to build the program: make By default, RATS will be installed to /usr/local/bin and its vulnerability database will be installed to /usr/local/lib. You may change the installation directories of both with the --prefix option to configure. You may optionally use the --bindir and --datadir to specify more precise locations for the files that are installed. To install after building, simply run make with the install target: make install This will copy the built binary, rats, to the binary installation directory and the vulnerability database, rats.xml, to the data installation directory. Running RATS ------------ Once you have built and installed RATS, it's time to start auditing your software! RATS accepts a few command line options that will be described here and accepts a list of files to audit on the command line. If no files to audit are specified, stdin will be used. usage: rats [options] [file]... Options explained: -d <filename>, --db <filename>, --database <filename> Specifies a vulnerability database to be loaded. You may have multiple -d options and each database specified will be loaded. -h, --help Displays a brief usage summary -i, --input Causes a list of function calls that were used which accept external input to be produced at the end of the vulnerability report. -l <lang>, --language <lang> Force the specified language to be used regardless of filename extension. Currently valid language names are "c", "perl", "php", "python" and "ruby". -r, --references Causes references to vulnerable function calls that are not being used as calls themselves to be reported. -w <level>, --warning<level> Sets the warning level. Valid levels are 1, 2 or 3. Warning level 1 includes only default and high severity Level 2 includes medium severity. Level 2 is the default warning level 3 includes low severity vulnerabilities. -x Causes the default vulnerability databases (which are in the installation data directory, /usr/local/lib by default) to not be loaded. -R, --no-recursion Disable recursion into subdirectories. --xml Cause output to be in XML --html Cause output to be in HTML --follow-symlinks Evaluate and follow symlinks. When started, RATS will scan each file specified on the command line and produce a report when scanning is complete. What vulnerabilities are reported in the final report depend on the data contained in the vulnerability database or databases that are used and the warning level in use. For each vulnerability, the list of files and line numbers where it occured is given, followed by a brief description of the vulnerability and suggested action. Contact ------- RATS is authored, maintained and distributed by Secure Software, Inc. All bug reports, patches, database contributions, comments, etc. should be sent to [email protected]. Our website is http://www.securesoftware.com/ Acknowledgments --------------- Thanks to Mike Ellison for providing the legwork on the initial port of rats-1.3 to the Win32 platform. Special thanks to Ben Laurie for many significant contributions, including the OpenSSL-specific portions of the database. Thanks to Adam Lazur for originally authoring the man page
What steps will reproduce the problem?
1. I used the win32 file (tried the souce file also)
2. version 2.3 with windows XP.
3. I dont have admin rights to C drive.
4. libexpat.dll file is missing , how can i fix it?
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 17 Apr 2013 at 6:56
Attachments:
What steps will reproduce the problem?
1. Use warning level 3 on the attached file
What is the expected output? What do you see instead?
I expect this to run clean.
What version of the product are you using? On what operating system?
I'm using RATS 2.3 on Windows 7. The standard C++ library is provided by Visual
Studio 2012.
Please provide any additional information below.
I don't know if this is actually a defect of the inline implementation of
std::remove in the algorithms header from visual studio or a defect of RATS.
Original issue reported on code.google.com by [email protected]
on 14 Oct 2013 at 9:33
Attachments:
What steps will reproduce the problem?
1. $ rats -w 3
2. seg fault
What is the expected output? What do you see instead?
Should not seg fault
What version of the product are you using? On what operating system?
2.3 cygwin windows 7
Please provide any additional information below.
also segfaults on "rats --version". Looks like it's a problem parsing command
line options.
Original issue reported on code.google.com by [email protected]
on 20 May 2013 at 11:43
What steps will reproduce the problem?
1. write "static char gParseBuffer [MAX_SIZE];" in a file test.cpp
2. run rats -w3 --xml test.cpp
What is the expected output? What do you see instead?
Expected to see the xml report of the Low warning: "fixed size global buffer".
Got a segmentation fault just after <severity>Low</severity>
$rats -w3 --xml test.cpp
<?xml version="1.0"?><rats_output>
<stats>
<dbcount lang="perl">33</dbcount>
<dbcount lang="ruby">46</dbcount>
<dbcount lang="python">62</dbcount>
<dbcount lang="c">334</dbcount>
<dbcount lang="php">55</dbcount>
</stats>
<analyzed>test.cpp</analyzed>
<vulnerability>
<severity>Low</severity>
Segmentation fault (core dumped)
What version of the product are you using? On what operating system?
RATS v2.3 on FreeBSD 10.0 amd64
If the report is exported to an xml file, this file end unexpectedly. This
cause trouble to other tool exploiting this report.
Original issue reported on code.google.com by [email protected]
on 23 Jan 2014 at 1:35
Attachments:
What steps will reproduce the problem?
1. cd some-src/
2. mkdir -p '</analysed><vulnerability/></rats_output>'
3. mv vulnerable-file.c '</analysed><vulnerability/></rats_output>'
4. rats --xml .
What is the expected output? What do you see instead?
What I see is:
<?xml version="1.0"?><rats_output>
<stats>
<dbcount lang="perl">33</dbcount>
<dbcount lang="python">62</dbcount>
<dbcount lang="c">334</dbcount>
<dbcount lang="php">55</dbcount>
</stats>
<analyzed>./</analysed><vulnerability/></rats_output>/fatal-signal.c</analyzed>
<analyzed>./aes128.c</analyzed>
...
I.e, the file name argument is not xml_escape'd:
https://code.google.com/p/rough-auditing-tool-for-security/source/browse/trunk/e
ngine.c#1146
Same goes for the <file><name>...</name> part of <vulnerability>:
https://code.google.com/p/rough-auditing-tool-for-security/source/browse/trunk/r
eport.c#814
Please provide any additional information below.
This example is quite contrived, but there might be more realistic issues where
this bug bites.
Original issue reported on code.google.com by [email protected]
on 4 Jun 2014 at 11:39
What steps will reproduce the problem?
1. Run RATS under Linux on a large directory structure (40000 directories)
2. The analysis will start skipping directory after a while stating "There was
a problem opening the directory"
This is because the directory descriptor is never released in the code
See line 1062 in patched engine.c file
Original issue reported on code.google.com by [email protected]
on 3 May 2012 at 9:25
Attachments:
Hello,
Just a little fix in Rats 2.3 :
Bug description :
Sometime ptr->data is NULL (sorry I can't be more precise).
In report.c lign 558 update :
- printf(" <type>%s</type>\n",
- ptr->data->Name);
with :
+ if( !ptr->data )
+ printf(" <type>None</type>\n");
+ else
+ printf(" <type>%s</type>\n",
+ ptr->data->Name);
Best regards
Original issue reported on code.google.com by [email protected]
on 28 Jun 2011 at 7:48
What steps will reproduce the problem?
1. Generate a vulnerability which only concerns a buffer overflow (strncpy)
2. The type tag is not serialized at all in the output
Suggested fix in method build_xml_vulnerability of file report.c
Original issue reported on code.google.com by [email protected]
on 3 May 2012 at 9:19
Attachments:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.