summaryrefslogtreecommitdiff
path: root/development/rats/README
blob: e470ebed27fa1332fb19bcf53babdf74cb230f9e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
RATS - Rough Auditing Tool for Security

RATS is an open source tool developed and maintained by Secure Software 
security engineers.  Secure Software was acquired by Fortify Software, Inc.
RATS is a tool for scanning C, C++, Perl, PHP and Python source code and 
flagging common security related programming errors such as buffer overflows 
and TOCTOU (Time Of Check, Time Of Use) race conditions.

RATS scanning tool provides a security analyst with a list of potential 
trouble spots on which to focus, along with describing the problem and 
potentially suggest remedies.  It also provides a relative assessment of the 
potential severity of each problem, to better help an auditor prioritize.  
This tool also performs some basic analysis to try to rule out conditions 
that are obviously not problems.

As its name implies, the tool performs only a rough analysis of source code. 
It will not find every error and will also find things that are not errors. 
Manual inspection of your code is still necessary, but greatly aided with 
this tool.

Example usage - to analyze "main.c":
rats --db /usr/share/rats-2.3/rats-c.xml main.c