Open Source Source Code Analysis Tools

WAP automatic detects and corrects input validation vulnerabilities in web applications written in PHP Language (version 4.0 or higher) and with a low rate of false positives. WAP detects the following vulnerabilities: - SQL injection using MySQL, PostgreSQL and DB2 DBMS - Reflected cross-site scripting (XSS) - Stored XSS - Remote file inclusion - Local file inclusion - Directory traversal - Source code disclosure - OS command injection - PHP code injection WAP is a static analysis tool that performs taint analysis to detect vulnerabilities, tracking malicious users inputs and checking if they reach calls of sensitive functions. It has a low rate of false positives because has implemented a data mining module to predict false positives when detects vulnerabilities. The output of the tool is: - shows the vulnerabilities found and how they are corrected - new files with the corrections

Diff-ext is an extension for filemanagers such as Windows Explorer and Nautilus that allows to launch diff/merge tools on selected files.

qpt (Qt Project Tool) understands Qt C++ projects (.pro) and allows to pass this information to command line tools as "Code Counters" and "Static Analysis tools". It also can used inside QtCreator to act as a plugin for "Static Analysis tools" putting reported issues into QtCreator issues pane.

Unique finds patterns in source code. It helps you build better software by finding pieces of code that could benefit from a refactoring.

CvsChangelogBuilder is an utility to generate advanced, differential and/or graphical changelogs, for a project hosted on a CVS server (CVS change log). It provides a better output than the 'cvs log' command, and accept a lot of options.

This plugin adds info string to the Qt Creator Editor toolbar that counts lines in the current file and whole project if pro-file opened. Required Qt Creator 3.4.0. If you use Qt Creator above 3.4.0 version - download source files and follow the instructions in README (Part 1: MAKING FROM SOURCE). Check README for installation and building instructions. v.0.9.4 2015-04-09 * Ported to Qt5 and QtCreator 3.4.0 rc1. * Internationalization added. * Russian translation added. * Fixed zero project lines count at the begining Qt Creator session. * Minor tests improvements.

This is a simple, modular PHP class designed to record execution time benchmarks throughout different parts of a script. Compatible with virtually any PHP script, the code can be added/removed quickly and with ease. Accurate to the microsecond.

This anonymous emailer script written in PHP is a free, opensource project designed to send EMails from anyone to anyone, with additional details such as Reply-To ,an anti-spam CAPTCHA and a WYSIWYG.

Flowcharts not telling you what you want to know about some C source code? Try a State Dependency map! Every C source file is an implemention of a state machine. Implicit in the definition of a state machine is a network of dependencies between the states. The Automalator * deconstructs the C code into the core state machine * collates the transactions into the dependency net * generates a diagram-format file with the states and dependencies as the nodes and edges. Pre-requisites * Perl - tested with versions 5.12.3, 5.14.2 and 5.20.2, Windows, Linux and MAC * Get the Automalator by downloading the zip, or checking out or exporting the SVN trunk * copy the source code of interest into "project.c" * windows - double-click "src2map.bat" * linux & MAC - navigate the command line to the "project" folder, then run "src2map.sh" * open "project.gml" file with diagramming software.

BPUtils is a Sterling Integrator BP file manipulation program. It features : - XPath expressions control : BPUtils checks that the XPath expressions defined in the BP file are correct - Consistency control : Controls that the sequences and the on faults are named in a correct way - Auto layout formatting : Formats automatically your BP layouts ! - BP tree printing : BPUtils is able to print to the console standard output the BP tree - BP dependencies analysis : Get the list of service configurations used by the BP And, implements your own functionality by using the Java BPUtils library ! BP loading from : - single BP file - XML resource export file - Automatic BP check out from server

A query language for code browsing. You query your database-- why don't you query your code? Write queries to provide custom views of your Java or C#/CLR code base. Integrates with popular IDEs or standalone.

An easy to use API for documenting PHP (>= 5.3) projects. It follows a strict structure and originally, it was only written for the Buxa Framework. The documentor mainly uses reflection and yes... of course, it supports the namespace stuff.

CesTa (Code Enhancing Security Transformation and Analysis) is a tool for enhancing security by program transformations. Focused on Smart Cards (Java Card in particular), powered by Ant, ANTLR and StringTemplates.

ChkSem is a static Fortran 90 and C++ source code analyser. Fortran codes are analysed to find potential problems and dead code. This project allows ( for the moment ) to find useless includes and to find missing direct includes for helping programmers to clean C++ codes. This can potentially reduce building time from small programs to huge solutions. This tool is not finalized and new versions will follow, with a GUI with even more features. The project is written in Java to ensure cross-platform compatibility.

Code Search and Replace is a tool for finding and replacing code blocks within a group of files. Avoid tediously changing each page and modify all pages in a selected folder at a time. Quickly and efficiently modify your files and get back to work.

A static checker that model checks the implementation of equality for an Eclipse Java Project.

ExplorViz is a web-based software visualization for large software landscapes. It features two different perspectives: the landscape-level perspective and the application-level perspective. The former visualizes the systems, nodes, and application existing in the software landscape. The latter one utilizes the city metaphor to visualize the entities and communication happening in one application. For installation instructions and downloads see http://www.explorviz.net

Java library to parse GNU Makefiles. The source code is available from SVN. The latest revision should be in trunk, the latest "stable" release should be in branch.

Java reverse-engineering plug-in for Eclipse Modelling project. Depends on JDK and UML2 eclipse projects. Supports JKD5, including enums and generics.

This project has moved to GitHub ! The version here at SourceForge will remain for historic purpose. Koopa is a parser generator, made for COBOL. It can handle source files in isolation (no preprocessing required) and doesn't mind the presence of CICS/SQL fragments. The grammar is easily extensible in a way which minimizes the impact on the overall code.

Ohcount is the source code line counter that powers Ohloh. Ohcount supports over 70 programming languages. Ohcount can also detect popular open source licenses such as GPL determine if code targets a particular programming API, such as Win32 or KDE.

PHP Parser analyses PHP scripts including all included files and checks whether variables, constants, functions and classes are both used and defined. The script displays either only errors, a complete data list or the fully annotated script.

PatternDetect is an Eclipse plugin that extracts the design patterns used in an Eclipse Java project. PatternDetect can be extended with new design patterns.

progstat: Used to view current download statistics for posted programs on various sites.

This package will allow people to check, change, update the license of their projects. It will conform to all new licenses available.