1 |
On Fri, 2003-09-05 at 16:25, Jan Krueger wrote: |
2 |
|
3 |
I don't think the idea is bad in anyway at all, yes it will be very time |
4 |
consuming and yes a few of us would actually like to use such a thing. |
5 |
flawfinder would of been ideal for such a thing as its python based and |
6 |
all, but would need some major testing. I'm attaching a small patch for |
7 |
your ebuild.sh that should do exactly what your looking for. Note: |
8 |
flawfinder must be located in /usr/bin and "flawfinder" must be found in |
9 |
your features. |
10 |
|
11 |
Perhaps you would like to begin/finish coding this feature. :) |
12 |
|
13 |
Also just letting ya know I just updated splint in portage tree to |
14 |
version 3.1.1 but from what I gather about splint is that all src code |
15 |
still has to be written to take advantage of it in the first place thus |
16 |
nearly defeating the purpose. |
17 |
|
18 |
What I make of all this is sounds like we need need some portage hooks |
19 |
for users. |
20 |
|
21 |
Anyway happy bug hunting. |
22 |
|
23 |
> I know about the following source code scanners, almost restricted to c and |
24 |
> c++: |
25 |
> flawfinder, http://www.dwheeler.com/flawfinder/ |
26 |
> splint, http://www.splint.org/ |
27 |
> its4, http://www.cigital.com/its4/ |
28 |
> rats, http://www.securesw.com/download_form_rats.htm |
29 |
> |
30 |
> Anyway, is there a policy like http://www.openbsd.org/porting.html#Security? |
31 |
> |
32 |
> Jan |
33 |
> |
34 |
> |
35 |
> -- |
36 |
> gentoo-hardened@g.o mailing list |
37 |
-- |
38 |
RSA key ID 2BC75196 http://keyserver.net |
39 |
Gentoo Linux Developer (Hardened) http://dev.gentoo.org/~solar |