Hello,
I would like to introduce my C Code Analyzer (CCA): It's a static analysis tool for detecting potential security problems in C source code.
This analyzer was built with the following principles in mind: - Unlike other analyzers with emphasis on security, the CCA tries to spot only the errors that can actually cause problems. Not every strcpy is a security problem.
- No code annotations or tweaking is required -- it's fully automatic.
- Seamless integration with existing development platforms. The Eclipse platform has been chosen as completion to the command line tool.
Current features are: - fully automatic user input tracer - potential bufferoverflow detection - memory leak detection - multiple/dangling free detection - array out of bound accesses - eclipse frontend plugin
If you are interested, visit http://www.drugphish.ch/~jonny/cca.html
More information, example sessions detecting bufferoverflows in real applications and screenshots of the plugin are available on the page.
It should run on all Unix systems, a Windows port should be fairly easy. The license of CCA is unclear at the moment. The source code was not released yet.
Thanks, jh -- Key fingerprint = 2A55 EB7C B7EA 6336 7767 4A47 910A 307B 1333 BD6C
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
