Consider security rules for static/dynamic code analysis

jQAssistant / Idea-Hub

Hub to propose and discuss new ideas, features, as well as general issues

0 stars 0 forks source link

Consider security rules for static/dynamic code analysis #11

Open javabeanz opened 8 years ago

javabeanz commented 8 years ago

Great project guys !

I was wondering if jqassistant is capable of making software more security by creating rules specifically for security analysis. Data flow, control flow, semantic -, structural -, configuration -, and buffer analysis are a lot easier once you have a full AST. As an example, PMD has a special rule set for security : https://github.com/GDSSecurity/GDS-PMD-Security-Rules.

obfischer commented 8 years ago

We consider to support such analyses. But it requires to collect much more information on the source code base then we do it now. One of the next releases will provide support for a much more detailed scan of classes. This would be the base for such analyses. We will take your issue as feature request to support such kind of analysis.

javabeanz commented 8 years ago

Thanks ! I am very interested and willing to help.