× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2008

Re: Source code review package?

David,

I follow, in a passive sort of way, the secure coding mailing list
<http://securecoding.org/list/>. I have seen much discussion of tools
to examine source code for vulnerabilities, but I remember nothing that
struck me as useful for the system i.

It is sad that the system allows a program to construct names of
programs and commands a run-time. Necessary, perhaps, but still sad.
The ability to split a token across source lines also confounds scanning
source code.

DSPPGMREF does show you when the called name of a program is variable,
which helps a bit. But I, fer shur, cannot list all the ways of
executing something.

Sigh!

Terry.


On Fri, 2008-10-10 at 14:28 -0500, David Gibbs wrote:
Folks:

I've got a customer that's looking for some kind of 'code review' tools that might exist.

Basically, they're looking to scan their source code and look for things like specific commands the developers potentially shouldn't be using, like GRTOBJAUT, or maybe a hard-coded account number. This would probably be some type of scan utility where they could fill in some variables that the tool would scan for.

Has anyone run across anything like that? I don't know if such a thing even exists.

Thanks!

david

--
IBM i on Power - For when you can't afford to be out of business

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.