Editing Free Static Source analysis

Knowledge of the masses static software analysis. 


While the idea isn't new, http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code-search/ , but taking it to the next level.

Phase 0: 
 Find best secure programmatic practices for major languages and discover public code repository search engines.

Phase 1: 
 Use queries to file bugs against found culprits.
 Create queries for google code search
 Store the results of the query in the following form
 Project url
 Url to offending file
 Language
 Offending lines of code
 Date proposed vulnerability was discovered
 Database entities required for review
 Manual review required
 Which OWASP Top 10 offender
 Which OWASP secure programming practice not followed
 Reviewer
 Project URL
 Project contact information
 Create queries for github
 Create queries for koders

Phase 2: 
 Write up simple automation code to product daily/weekly/annum metrics.
 Create site to input vulnerabilities 
 Create input forms and db backend
 Create pages which show vulnerability
 Create cute little pie charts summarizing overall data trends from manual entry vs. search engine automation

Phase 2.5:
 Steal underwear

Phase 3:
 ?

Phase 4: 
Profit




== Queries which need to be refined ==
PHP
 http://google.com/codesearch?hl=en&lr=&q=echo.*\$_(GET|POST).*
 http://www.google.com/codesearch?hl=en&lr=&q=SELECT+\*+FROM+'\.\$_GET

Python
 http://www.google.com/codesearch?hl=en&lr=&q=eval+lang:python&sbtn=Search

Java
 http://www.google.com/codesearch?hl=en&lr=&q=.*executeQuery.*getParameter.*
 http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter*
 http://www.google.com/codesearch?hl=en&lr=&q=%22%3C%3D+65553%22&btnG=Search

Perl
 http://www.google.com/codesearch?hl=en&lr=&q=0xfffffff[^0-9a-f]&btnG=Search

C
 http://google.com/codesearch?hl=en&num=0&sa=N&filter=0&q=%22strcpy(%22&ct=rr&cs_r=broken_re
 http://google.com/codesearch?hl=en&num=1953392943&sa=N&filter=0&q=%22strcpy(buf%22&ct=rr&cs_r=broken_re
 http://www.google.com/codesearch?hl=en&lr=&q=\[sizeof\(.*\)\]\+*%3D\+*'%3F\\%3F0'%3F;$&btnG=Search
 http://www.google.com/codesearch?hl=en&lr=&q=^[\+\t]*printf\(getenv&btnG=Search
 http://www.google.com/codesearch?hl=en&lr=&q=%22if+(errno+%3D+E%22&btnG=Search
 http://www.google.com/codesearch?hl=en&lr=&q=getopt%20+%20%20%20argc%20%20+%20argv%20%20+%20%20%22%20%20%20%22%20%20;&btnG=Search#8402756288336228965

Javascript
 http://www.google.com/codesearch?q=lang:javascript++%22alert(%22

Generic
 http://www.google.com/codesearch?q=%22Response.Write(%22
 http://www.google.com/codesearch?q=%22getRequest().getParameter(%22
 http://www.google.com/codesearch?q=%22getRequest().getRequestURI();%22
 http://www.google.com/codesearch?q=this.getID()
 http://www.google.com/codesearch?q=%22.GetHtml(%22
 http://www.google.com/codesearch?q=%22.getParameterMap()%22

== Sources of information: == 
http://en.wikipedia.org/wiki/Rice's_theorem

http://en.wikipedia.org/wiki/Static_code_analysis

http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

http://www.fortify.com/vulncat/en/vulncat/

http://www.irccrew.org/~cras/security/c-guide.html
http://www.gratisoft.us/todd/papers/strlcpy.html
http://pintday.org/whitepapers/bugme1.shtml
http://www.google.com/search?hl=en&safe=off&q=secure+programming+strcpy&aq=f&aqi=&aql=&oq=&gs_rfai=
http://stackoverflow.com/questions/1149447/perl-code-security-scanner-other-than-rats-must-be-static
http://docs.google.com/viewer?a=v&q=cache:WCXJlohndwEJ:www.gnucitizen.org/static/blog/2008/04/php-code-analysis-real-world-examples.pdf+static+analysis+sql+xss+fopen&hl=en&gl=us&pid=bl&srcid=ADGEESh9Sk1GchoTY5ck6SWzVswn5ATUPk33aHh7H7cGIXclbqjle-95xWqU36Zt8jXhQucTFeDc-EXi7y3X3RFaFmV8aRIikbTsCxANDUg8D-kt90f0rt73PBqmxvxtcGdMn4gEVw9t&sig=AHIEtbQ8DPTd8JLr7LY2_mmiCqgYA1Yijg
http://www.arcert.gov.ar/webs/textos/secure_webdev-3.0.pdf