codecat v060 releases: open source tool to help you in static code analysis
CodeCat – Tool to help in static code analysis
CodeCat is an open-source tool to help you in static code analysis, to find/track sinks and bugs, these points follow regex rules.
Current rules for C, C++, Go, Python, javascript, Swift, PHP, Ruby, ASP, and Java. (you can create your rules)
Motivations
- Track untrusted user input
- Track dangerous functions
- Save sinks in the cache and show syntax highlight to study all codes.
- Options to save custom rule to search new sinks
Changelog v060
- Improve in password to use Argon2
- Improve in Regex to use google’s RE2
- Insert 200 rules
- Insert functions to use chacha20 in JWT, TODO to prevent unserialized bugs in the future and soon.
Install
$ git clone https://github.com/CoolerVoid/codecat.git $ cd Front $ sudo python3 -m pip install -r requirements.txt $ cd .. $ cd Backend $ sudo python3 -m pip install -r requirements.txt
Run backend and frontend…
$ cd Codecat $ cd Frontend; python3 wsgi.py & $ cd .. $ cd Backend; python3 wsgi.py &
Next step you need to save your user to login:
$ curl -i -X POST -H “Content-Type: application/json” -d ‘{“email”:”admin2@test.com”,”username”:”admin”,”password”:”rubrik123″}’ https://127.0.0.1:5001/api/users -k
This endpoint /api/users, run only one time in the first deploy, if you try to send the request again to insert user, the endpoint return 404… is for security.
Go to this following “https://127.0.0.1:9093/front/auth/”. Now you can enter in this system-auth, use login “admin”, pass “rubrik123”.
Note About TLS: You can configure and load your TLS cert in “wsgi.py”.
Copyright (C) 2022 CoolerVoid
Source: https://github.com/CoolerVoid/
