Integrates Checkstye into the Eclipse IDE
The Eclipse Checkstyle plug-in integrates the Checkstyle Java code auditor into the Eclipse IDE. The plug-in provides real-time feedback to the user about violations of rules that check for coding style and possible error prone code constructs.
A source code analyzer
Doxygen is a JavaDoc like documentation system for C++, C, Java and IDL.
Static source code analysis tool for C and C++ code
Static analysis of C/C++ code. Checks for: memory leaks, mismatching allocation-deallocation, buffer overrun, and many more. The goal is 0% false positives. See http://cppcheck.sourceforge.net for more information.
Code coverage tool for .NET 2 and above
OpenCover is a free and open source code coverage tool for .NET 2 and above (Windows OSs only - no MONO), with support for 32 and 64 processes and covers both branch and sequence points. It uses the profiler API that is currently only available to .NET Frameworks running on the Windows platform. OpenCover is an attempt at building a code coverage utility that addresses certain issues in maintaining PartCover support for 64-bit processes.
ILSpy is a portable version of ILSpy
ILSpy Portable is the ILSpy packaged with a PortableApps.com launcher as a portable app, so you can browse in privacy on your iPod, USB flash drive, portable hard drive, etc. It has all the same features as ILSpy, plus, it leaves no personal information behind on the machine you run it on, so you can take it with you wherever you go.
Source Navigator NG is a source code analysis tool. With it, you can edit your source code, display relationships between classes and functions and members, and display call trees. You can navigate your source code and easily get to declarations or implementations of functions, variables and macros (commonly called "symbols") which helps you discovering and mapping unknown source code for enhancement or maintenance tasks.
Code security review tool for C/C++, C#, VB, PHP, Java and PL/SQL.
VCG is an automated code security review tool for C++, C#, VB, PHP, Java and PL/SQL which is intended to drastically speed up the code review process by identifying bad/insecure code. It has a few features that should make it useful. In addition to performing some more complex checks it also has a config file for each language that basically allows you to add any bad functions (or other text) that you want to search for. It attempts to find phrases within comments that can indicate broken code and it provides stats and a pie chart (for the entire codebase and for individual files) showing relative proportions of code, whitespace, comments, 'ToDo' style comments and bad code. I've tried to produce something which searches intelligently for buffer overflows and signed/unsigned comparison in C, violations of OWASP recommendations in Java code, etc. Current version: 2.1.0
Eclipse Plugin to find unused Java code
UCDetector (Unnecessary Code Detector) is a Open Source Eclipse Plugin Tool. UCDetector finds unnecessary (dead) public Java code. It suggests to make code final, protected or private.
A general purpose source code indexer and cross-referencer that provides web-based browsing of source code with links to the definition and usage of any identifier. Supports multiple languages. Up-to-date information in http://lxr.sourceforge.net
A drop-in replacement for the src.zip shipped with Oracle Java 7, that contains sources to all Java classes that are shipped or generated by the OpenJDK project (the official src.zip only covers public classes), plus tools to generate it.
CodeConics is a C# lexer/parser/syntax tree generatior
CodeConics is simple, intuitive, easy to use and debug code-manipulation solution, that is grammar independent and recursion based, as opposed to other DFA(Deterministic Finite-state Automata) based solutions.
QtCreator plugin for some command line tools over a Qt (.pro) project.
qpt (Qt Project Tool) understands Qt C++ projects (.pro) and allows to pass this information to command line tools as "Code Counters" and "Static Analysis tools". It also can used inside QtCreator to act as a plugin for "Static Analysis tools" putting reported issues into QtCreator issues pane.
Qt Creator Cppcheck integration plugin
Allows to use Cppcheck static analyzer tool in Qt Creator IDE. Sources can be obtained here: https://github.com/OneMoreGres/qtc-cppcheck IMPORTANT: plugin's version must match Qt Creator's version (difference in last digit is acceptable) Then plugin must be enabled in Help->Modules menu.
Tool to detect and correct vulnerabilities in PHP web applications
WAP automatic detects and corrects input validation vulnerabilities in web applications written in PHP Language (version 4.0 or higher) and with a low rate of false positives. WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. It has a low rate of false positives because has implemented a data mining module to predict false positives when detects vulnerabilities. The output of the tool is: - shows the vulnerabilities found and how they are corrected - new files with the corrections
A web application that assists users in evaluating OS software.
This tool helps you to reverse engineer UML Sequence Diagram for your java program at runtime. It works well with both complex java programs (that have multiple threads) and J2EE applications deployed on Application Servers.
State Dependency deconstructor and mapper for C source code.
Flowcharts not telling you what you want to know about some C source code? Try a State Dependency map! Every C source file is an implemention of a state machine. Implicit in the definition of a state machine is a network of dependencies between the states. The Automalator * deconstructs the C code into the core state machine * collates the transactions into the dependency net * generates a diagram-format file with the states and dependencies as the nodes and edges. Pre-requisites * Perl - tested with versions 5.12.3, 5.14.2 and 5.20.2, Windows, Linux and MAC * Get the Automalator by downloading the zip, or checking out or exporting the SVN trunk * copy the source code of interest into "project.c" * windows - double-click "src2map.bat" * linux & MAC - navigate the command line to the "project" folder, then run "src2map.sh" * open "project.gml" file with diagramming software.
"The C preprocessor chainsaw"
Coan is a software engineering tool for analysing preprocessor-based configurations of C or C++ source code. Its principal use is to simplify a body of source code by eliminating any parts that are redundant with respect to a specified configuration.
A very powerful java bytecode viewer and decompiler which makes use of the javassist open source library.
Hexjector is an Opensource,Cross Platform PHP script to automate Site Pentest for SQL Injection Vulnerabilties.
Koopa is a parser generator, made for Cobol. It can handle source files in isolation (no preprocessing required) and doesn't mind the presence of CICS/SQL fragments. The grammar is easily extensible in a way which minimizes the impact on the overall code.
Diff-ext is an extension for filemanagers such as Windows Explorer and Nautilus that allows to launch diff/merge tools on selected files.