Currently this is a place holder for my new project. It's a plugin for the latest GCC (4.5.0) and it tests in compile time correctness of memory management defined by CORBA C++ mapping.
Tool to detect and correct vulnerabilities in PHP web applications
WAP automatic detects and corrects input validation vulnerabilities in web applications written in PHP Language (version 4.0 or higher) and with a low rate of false positives. WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. It has a low rate of false positives because has implemented a data mining module to predict false positives when detects vulnerabilities. The output of the tool is: - shows the vulnerabilities found and how they are corrected - new files with the corrections
Moved to github
Moved to Git Hub, https://github.com/SaikiranDaripelli/WsdlAuditor
XRay is an analysis tool built upon your SCMs, aimed to consolidade project statistics from many repositories in a single tool, generating code reports and development statistics obtained from log data and file versions.
XJML 1.0 is a platform for Verification and Validation of Java classes
XJML 1.0 actually can reads one Java class and its contract (written in XML) and then executes the next verification techniques: 1. Runtime Assertion Checking (RAC). Using JML4c and JML4rt tools. 2. Extended Static Checking (ESC). Using ESC/Java2. 3. Full Static Program Verification (FSPV). Using the Why platform (tested with Why 2.30 and Why3 0.71)
Yryie is a small but effective class to include several debugging features into your PHP application. Track event types (info, debug, trace, timer, sql), timer category avg., handle errors, generate HTML (custom css+js), export to file
A desktop app to review code scans
AboutCode Manager provides a UI to help you quickly evaluate license and other notices identified by ScanCode and record your conclusion about the effective license(s) for a software component.
An advanced cross platform fuzzing framework suited to find code bugs.
ansvif, or A Not So Very Intelligent Fuzzer, suited to find bugs in code by throwing garbage arguments, files, and environment variables at the target program, that you may or may not have the source code to. It supports many features, such as buffer size, randomization of the buffer size, random data injection, templates, and much more. The purpose of this project is to identify bugs in software, specifically bugs that can induce a segmentation fault under various conditions. This aids security researchers in writing buffer overflows, input validation vulnerabilities, as well as helping one audit code for general logic mistakes.
antillesXML is an extensive and in its form unique compilation of XML tools. Now the new version 2.0 is available as a free download. Various functions on all aspects of XML documents are available.
A quick and simple way to create a source code report. Counts lines of code and compares two directories for line changes, line adds, and line deletes.
ccglue is a complementary tool to cscope and ctags. The tool builds a cross-reference symbol database from cscope [and ctags] databases that can be used to display dependency-graphs (aka call-trees, code flow). Visualization can be done with the Vim CCTree plugin (http://www.vim.org/scripts/script.php?script_id=2368), or the built-in stand-alone command-line tracer.
Performs basic checks on shell scripts for the presence of non portable syntax.
Command line tool for counting source code lines
cline is a command line tool that counts code lines in your project folder. It is designed to recursively find any source file matching specific rules and count the line breaks within that file. You may specify file suffixes to include or exclude as well as regular expressions for code lines that shall be excluded (e.g. to exclude comments). By default a heuristic algorithm skips binary files. You may configure the restrictiveness of this algorithm with command line options.
"The C preprocessor chainsaw"
Coan is a software engineering tool for analysing preprocessor-based configurations of C or C++ source code. Its principal use is to simplify a body of source code by eliminating any parts that are redundant with respect to a specified configuration.
Please go to the GitHub page for more information
A code-understanding tool based on cscope and ctags. Please go to the GitHub page for more information. Homepage: http://ruben2020.github.io/codequery GitHub: https://github.com/ruben2020/codequery
Describe and watch component structure of java programs
"Component-Watch" is a tool discovering, showing and assessing the structure of (big) java programs from their classes. It finds what are the components composing a program, analyse what are the relations between those components and compare those the the permitted relations between components. The tool helps to easily define and display UML-like diagrams showing components and their relationship.
Manage and execute Linux testing and reporting programs
These bash shell scripts are intended to iteratively load executable files via symbolic links and echo output to a log file for later review. These bash shell scripts rely on a directory structure intended to group testing and reporting executable files by project, target platform, and version.
Code Coverage Tool For Oracle PL/SQL
CPIP is a C/C++ preprocessor implemented in Python. CPIP exposes all aspects of preprocessing for inspection. NOTE: This project has now moved to https://github.com/paulross/cpip. This is no reflection on Sourceforge, indeed I am very grateful for them hosting CPIP for may years. It is merely because I can't manage two workflows!
A tool to convert C++ definitions into XML
cpp2xml is a tool to convert C/C++ definitions into XML. The main goal is to use the XML as input to code generation tools, but any other usage may be imagined.
Static source code analysis tool for C and C++ code
Static analysis of C/C++ code. Checks for: memory leaks, mismatching allocation-deallocation, buffer overrun, and many more. The goal is 0% false positives. See http://cppcheck.sourceforge.net for more information.
Declude helps to decrease the number of includes in your C or C++ source code.
Java to C++ porting framework
Patch file shows difference in files in whole lines. Sometimes those lines are very similar, only one or two words changed. This script compares changed lines by characters and highlights actual differences in them - very helpful with long lines.