×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
From: Jon Paris
I'm trying to locate a product (or open source tool, or ...) that does
source scanning for RPG.
Like the FNDSTRPDM command?
In particular something that scans source for vulnerabilities
(calls to system() or QCMDEXC)
Why would calls to system() or QCMDEXC be a vulnerability? Personally, I prefer
calling CL programs from RPG rather than QCMDEXC, but I never considered the
latter a vulnerability, and I see it used a lot, by others.
poor coding techniques (GOTO etc), etc.
What are poor coding techniques? I tend to not critique the conscientious and
creative work of others even though it may be different than the conventions
that I use. On the other hand, I understand that the GOTO op code may be
contrary to a particular shop's standard. But how would one define what might
be against shop standards, if that's what you mean?
Basically the same thing the web app
scanners do but for RPG.
By web app scanners, are you referring to the ones that scan for malformed HTML?
If so, the RPG compiler scans for those types of errors. What point am I
missing?
Anything that incorporates complexity analysis would be an added bonus.
What would you define as complex?
Sorry to ask more questions than answering. My initial thought after reading
your query was to use the FNDSTRPDM command. Then I began considering what it
might take to write a version of FNDSTRPDM that scanned for x,y, or z (multiple
search parameters).
But when it comes to "complexity analysis", and "vulnerable code", I'm pretty
much lost.
-Nathan.
midrange.com
