Re: Code analyzing with perl?

There are different approaches, and which one you want to use depends on your goals.

You'll get the fastest results by using an existing tool such as lint or one of the million other static souce code checkers.

If you want to invest much time, you could write your own tool like that, but the fact that you asked that question in the first place likely means that it's not the solution your are looking for. There has been quite some research in that area, it's worth looking at the results before writing your own tool.

Finally you can just use a bunch or regexes to search for potentially dangerous stuff (search for system for example).

But it all depends on what you want to achieve. If you tell us, we can help you better.

Comment on Re: Code analyzing with perl? Download Code

Replies are listed 'Best First'.
Re^2: Code analyzing with perl? by -=Mizo=- (Novice) on Jun 18, 2008 at 19:31 UTC
My goals is to make a project which detect vulnerabilities in c codes and php or one of them i am afraid that regular expressions would give many fault warnings,I mean about 60% of the results will be correct and the others will be fault i don't know if using AI will be a good choice or there is a simple and better way than using AI i really appreciate your reply	[reply]
Re^3: Code analyzing with perl? by moritz (Cardinal) on Jun 18, 2008 at 19:43 UTC
With that goal in mind I don't see how you can avoid parsing the files, and doing a "real" semantic analysis.	[reply]