DEEEP is a open source static analysis tool to detect, in C programs, integer vulnerabilities caused by the bad adaption of aplications from ILP32 to LP64. It uses the tools Lint and Splint, and runs over Open Solaris and Linux operating systems.

This tool semantically analyses source code. More precisely, it does type checking, data-flow analysis, and it automatically correlates the results of these two types of analysis. Type checking is used for finding bugs on the way integers are handled, and data-flow analysis is used to see if hazardous functions (eg. memcpy, strcpy) are accessible from outside the program.

After this two analyses, the tool correlates the results from the previous phases to attain if the data that comes from the inputs are affected by vulnerabilities from porting to LP64, and if these are handled by dangerous functions (memcpy, strcpy,...). In resume, identify if the found bugs

Features

  • Integer Vulnerabilities
  • Static Analysis
  • Portability from 32 bits to 64 bits

Project Activity

See All Activity >

License

GNU General Public License version 2.0 (GPLv2)

Follow DEEEP

DEEEP Web Site

Other Useful Business Software
AI-powered service management for IT and enterprise teams Icon
AI-powered service management for IT and enterprise teams

Enterprise-grade ITSM, for every business

Give your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
Try it Free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of DEEEP!

Additional Project Details

Operating Systems

Linux, Solaris

Intended Audience

Security Professionals

User Interface

Console/Terminal

Programming Language

C, Perl

Related Categories

Perl Security Software, Perl Source Code Analysis Tool, C Security Software, C Source Code Analysis Tool

Registered

2014-03-02