Bugle, Google Source Code Bug Finder
Check out this that I came across. Its named Bugle, and its a Google source code bug finder. Yes, I thought it was rather interesting as well.
“Bugle is a collection of search queries which can help to identify software security bugs in source code available on the web. The list at the moment is rather small (you get the idea though), hopefully people will start sending more queries. Source code review is not a straight forward operation , using the list you will get pinpoints and not definite results.”
Some of the bugs that Bugle notes are:
Buffer Overflows
Integer Overflows
Format String
Command Injection
Control Flow
SQL Injection
Cross Site Scripting
Bad Practices
Suspicious Comments
“Query Syntax: To specify language you need to use the “filetype” tag provided by google. For example to search within C files you use filetype:c for perl filetype:pl and so on. After that you specify what you want to look for , for example to look for a potential buffer overflow resulted by strcpy you can use as query : “strcpy(buffer|buf,str)” filetype:c . The rest is up to your imagination.”
Head over and check it out here: http://www.cipher.org.uk/index.php?p=projects/bugle.project
About Me
Jithen (J) Singh
Senior Technical Evangelist
GIS Technical Solutions Team
Eagle Technology Group Ltd (Esri, New Zealand Distributor)
Wellington, New Zealand
Content Usage
This Work Is Licensed Under a Creative Commons Attribution-ShareAlike 3.0 Unported License.