Yasca v1.0 Released - New Static Analysis Tool

[michael scovetta]

Hello,

Yasca is a new static analysis tool designed to scan Java, C/C++,
JavaScript, .NET, and other source code for security and code-quality
issues. Yasca is easily extensible via a plugin-based architecture, so
scanning PHP, Ruby, or other languages is as simple as coming up with
rules or integrating external tools.

Yasca includes plugins for the following open-source projects:
* FindBugs (http://findbugs.sourceforge.net/)
* PMD (http://pmd.sourceforge.net/)
* Jlint / antiC (http://artho.com/jlint/)

Yasca also features a simple regular-expression plugin that allows new
rules to be written in less than a minute. It includes many custom
rules created specifically for Yasca, and additional rule-packs will
be released soon.

Yasca is hosted on SourceForge (http://sourceforge.net/projects/yasca)
with additional information at http://yasca.org.

Thank you,

Mike Scovetta

 

[Sigfried]

michael scovetta a écrit :

Hello,

Yasca is a new static analysis tool designed to scan Java, C/C++,
JavaScript, .NET, and other source code for security and code-quality
issues. Yasca is easily extensible via a plugin-based architecture, so
scanning PHP, Ruby, or other languages is as simple as coming up with
rules or integrating external tools.

Yasca includes plugins for the following open-source projects:
* FindBugs (http://findbugs.sourceforge.net/)
* PMD (http://pmd.sourceforge.net/)
* Jlint / antiC (http://artho.com/jlint/)

Yasca also features a simple regular-expression plugin that allows new
rules to be written in less than a minute. It includes many custom
rules created specifically for Yasca, and additional rule-packs will
be released soon.

Yasca is hosted on SourceForge (http://sourceforge.net/projects/yasca)
with additional information at http://yasca.org.

I'm sorry but Yasca sounds like another loss of time. The only advantage
i see is that i get one big HTML output instead of 3...

 

[michael scovetta]

michael scovetta a écrit :








I'm sorry but Yasca sounds like another loss of time. The only advantage
i see is that i get one big HTML output instead of 3...

I appreciate your feedback, and I certainly wouldn't have wasted a
few
months of my time to write something that just combined output. I
perform
a fair amount of pentesting and (manual) source code reviews, and I
often
come across certain bugs/vulnerabilities that are very easy to find
with
a regular expression, but aren't in any tools. The tools that do allow
new
rules to be written (i.e. PMD, FindBugs) make doing so rather
difficult --
definitely not something that you want to do every 15 minutes. In the
simplest case, a new rule consists of just a rule name and a regular
expression in a text file.

As an example, think about something in a JSP like:
<%=request.getParameter("foo")%>
somewhere in the source code. It's easy to find with a regular
expression,
and having such a rule in Yasca raises the security "bar".

Yasca doesn't solve all your problems. It isn't a language parser,
state
machine, fuzzer, path analyzer, or anything like that. It's meant to
find
the easy stuff - the same stuff you can find, but you don't have to
worry
about it.

Thank you,

Michael