RATS
The Rough Auditing Tool for Security is an open source tool developed by Secure Software Engineers. Since then it has been acquired by Fortify, which continues to distribute it free of charge (here). It scans various languages, including C, C++, Perl, PHP and Python.
It is very fast and can easily be integrated into a building process without causing noticeable overhead.
| C/C++ |
|
|---|---|
| Perl | In Perl code, it will mostly raise a flag when finding calls to risky built-in functions. |
| PHP | Unfortunately its utility is rather limited for PHP as it does not find Cross-Site Scripting or SQL Injection vulnerabilities. |
| Python | As far as python is concerned, RATS is fairly basic and will only check for risky built-in/library function calls. |
Installation
Linux
wget http://downloads.sourceforge.net/project/expat/expat/2.0.1/expat-2.0.1.tar.gz tar -xvf expat-2.0.1.tar.gz cd expat-2.0.1 ./configure && make && sudo make install
wget https://rough-auditing-tool-for-security.googlecode.com/files/rats-2.4.tgz tar -xzvf rats-2.4.tgz cd rats-2.4 ./configure && make && sudo make install ./rats
Usage
Basic run
rats --resultsonly <path_to_source_directory>
Advanced config
rats --quiet --xml -w 3 <path_to_source_directory>
- --xml, --html generate output in the specified format
- -w <1,[2],3> set the warning level:
- 1 will only include high level warnings (i.e. less false positives, but more false negatives)),
- 2 is the medium and default option,
- 3 will produce more output and miss less vulnerabilities, but might also report many false positives.