codecat v0.45 releases: open source tool to help you in static code analysis
CodeCat – Tool to help in static code analysis
CodeCat is an open-source tool to help you in static code analysis, to find/track sinks and bugs, these points follow regex rules.
Current rules for C, C++, Go, Python, javascript, Swift, PHP, Ruby, ASP, and Java. (you can create your rules)
Motivations
- Track untrusted user input
- Track dangerous functions
- Save sinks in the cache and show syntax highlight to study all codes.
- Options to save custom rule to search new sinks
Install
$ git clone https://github.com/CoolerVoid/codecat.git $ cd Front $ sudo python3 -m pip install -r requirements.txt $ cd .. $ cd Backend $ sudo python3 -m pip install -r requirements.txt
Run backend and frontend…
$ cd Codecat $ cd Frontend; python3 wsgi.py & $ cd .. $ cd Backend; python3 wsgi.py &
Next step you need to save your user to login:
$ curl -i -X POST -H “Content-Type: application/json” -d ‘{“email”:”admin2@test.com”,”username”:”admin”,”password”:”rubrik123″}’ https://127.0.0.1:5001/api/users -k
This endpoint /api/users, run only one time in the first deploy, if you try to send the request again to insert user, the endpoint return 404… is for security.
Go to this following “https://127.0.0.1:9093/front/auth/”. Now you can enter in this system-auth, use login “admin”, pass “rubrik123”.
Note About TLS: You can configure and load your TLS cert in “wsgi.py”.
Copyright (C) 2019 CoolerVoid
Source: https://github.com/CoolerVoid/
