diff options
-rw-r--r-- | development/rats/README | 22 | ||||
-rw-r--r-- | development/rats/rats.SlackBuild | 92 | ||||
-rw-r--r-- | development/rats/rats.info | 10 | ||||
-rw-r--r-- | development/rats/slack-desc | 19 |
4 files changed, 143 insertions, 0 deletions
diff --git a/development/rats/README b/development/rats/README new file mode 100644 index 0000000000000..e470ebed27fa1 --- /dev/null +++ b/development/rats/README @@ -0,0 +1,22 @@ +RATS - Rough Auditing Tool for Security + +RATS is an open source tool developed and maintained by Secure Software +security engineers. Secure Software was acquired by Fortify Software, Inc. +RATS is a tool for scanning C, C++, Perl, PHP and Python source code and +flagging common security related programming errors such as buffer overflows +and TOCTOU (Time Of Check, Time Of Use) race conditions. + +RATS scanning tool provides a security analyst with a list of potential +trouble spots on which to focus, along with describing the problem and +potentially suggest remedies. It also provides a relative assessment of the +potential severity of each problem, to better help an auditor prioritize. +This tool also performs some basic analysis to try to rule out conditions +that are obviously not problems. + +As its name implies, the tool performs only a rough analysis of source code. +It will not find every error and will also find things that are not errors. +Manual inspection of your code is still necessary, but greatly aided with +this tool. + +Example usage - to analyze "main.c": +rats --db /usr/share/rats-2.3/rats-c.xml main.c diff --git a/development/rats/rats.SlackBuild b/development/rats/rats.SlackBuild new file mode 100644 index 0000000000000..39ceca7aaf26a --- /dev/null +++ b/development/rats/rats.SlackBuild @@ -0,0 +1,92 @@ +#!/bin/sh + +# Slackware build script for RATS + +# Written by Andrzej Telszewski <atelszewski@gmail.com> + +PRGNAM=rats +VERSION=${VERSION:-2.3} +ARCH=${ARCH:-i486} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --includedir=/usr/include \ + --build=$ARCH-slackware-linux + +# it seems to be required to specify locations... +make \ + BINDIR=/usr/bin \ + LIBDIR=/usr/lib${LIBDIRSUFFIX} \ + MANDIR=/usr/man \ + SHAREDIR=/usr/share/$PRGNAM-$VERSION +make install \ + BINDIR=$PKG/usr/bin \ + LIBDIR=$PKG/usr/lib${LIBDIRSUFFIX} \ + MANDIR=$PKG/usr/man \ + SHAREDIR=$PKG/usr/share/$PRGNAM-$VERSION + +# this directory seems to be not used +rmdir $PKG/usr/lib${LIBDIRSUFFIX} + +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null || true + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | \ + xargs strip --strip-unneeded 2> /dev/null || true +) + +( cd $PKG/usr/man + find . -type f -exec gzip -9 {} \; + for i in $( find . -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done +) + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a \ + COPYING rats.dsp rats.dsw rats.spec README \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/development/rats/rats.info b/development/rats/rats.info new file mode 100644 index 0000000000000..b545afb1cee0d --- /dev/null +++ b/development/rats/rats.info @@ -0,0 +1,10 @@ +PRGNAM="rats" +VERSION="2.3" +HOMEPAGE="http://www.fortify.com/security-resources/rats.jsp" +DOWNLOAD="http://www.fortify.com/servlet/downloads/public/rats-2.3.tar.gz" +MD5SUM="339ebe60fc61789808a457f6f967d226" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="Andrzej Telszewski" +EMAIL="atelszewski@gmail.com" +APPROVED="rworkman" diff --git a/development/rats/slack-desc b/development/rats/slack-desc new file mode 100644 index 0000000000000..9f92c2b6c7b0c --- /dev/null +++ b/development/rats/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +rats: rats (Rough Auditing Tool for Security) +rats: +rats: RATS is a tool for scanning C, C++, Perl, PHP and Python source code +rats: and flagging common security related programming errors such as +rats: buffer overflows and TOCTOU (Time Of Check, Time Of Use) race +rats: conditions. +rats: +rats: Homepage: http://www.fortify.com/security-resources/rats.jsp +rats: +rats: +rats: |