RATS - Rough Auditing Tool for Security
RATS is an open source tool developed and maintained by Secure Software
security engineers. Secure Software was acquired by Fortify Software, Inc.
RATS is a tool for scanning C, C++, Perl, PHP and Python source code and
flagging common security related programming errors such as buffer overflows
and TOCTOU (Time Of Check, Time Of Use) race conditions.
RATS scanning tool provides a security analyst with a list of potential
trouble spots on which to focus, along with describing the problem and
potentially suggest remedies. It also provides a relative assessment of the
potential severity of each problem, to better help an auditor prioritize.
This tool also performs some basic analysis to try to rule out conditions
that are obviously not problems.
As its name implies, the tool performs only a rough analysis of source code.
It will not find every error and will also find things that are not errors.
Manual inspection of your code is still necessary, but greatly aided with
Example usage - to analyze "main.c":
rats --db /usr/share/rats-2.3/rats-c.xml main.c
Maintained by: Andrzej Telszewski
Approved by: rworkman
Keywords: audit,software security
(the SlackBuild does not include the source)