淘宝商城(天猫)高级技术专家.3年研发+3年性能测试调优/系统测试+4年团队管理与测试架构、研发系统实践. 新舞台新气象, 深化测试基础架构及研发架构,希望能在某个技术领域成为真正的技术大牛。欢迎荐才http://bbs.51testing.com/viewthread.php?tid=120496&extra=&page=1 .邮件: jianzhao.liangjz@alibaba-inc.com,MSN:liangjianzhao@163.com.微博:http://t.sina.com.cn/1674816524

开源多语言代码分析插件框架YASCA

上一篇 / 下一篇  2009-11-09 00:53:34 / 个人分类:自动化测试框架实现与优化

 

参考http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis

 

本质上yasca是一个开源静态代码分析工具插件框架, 集成流行的多语言静态分析工具如findbugs/pmd/jlint/rats/cppcheck, 由于插件本身多样故可支持java ,c++等语言静态分析.

 

从 http://sourceforge.net/projects/yasca/files/ 下载yasca-2.1.zip以及其插件的压缩包.

 

解压yasca-2.1.zip放到 D:\tools\yasca-2.1,各个插件解压到当前目录.更详细的目录布局可见D:\tools\yasca-2.1\install.txt文件.

 

执行yasca自带的样例输出非php文件level=1的报告

 

D:\tools\yasca-2.1>yasca -i php -l 1  resources/test/

Yasca 2.1 - http://www.yasca.org/ - Michael V. Scovetta

Commercial support is now available for Yasca. Contact scovetta@users.sourceforge.net for more information.

 

Initializing components...

Using Static Analyzers located at [d:\tools\yasca-2.1\]

 

 

 Starting scan. This may take a few minutes to complete...

Forking external process (antiC)...

External process completed...

Plugin "ClamAV" not installed. Download it at yasca.org.

Plugin "cppcheck" not installed. Download it at yasca.org.

Forking external process (FindBugs)...

External process completed...

Forking external process (FxCop)...

[E_WARNING] [ D:\tools\yasca-2.1\plugins\FxCop.php:68 ] DOMDocument::loadXML(): Start tag expected, '<' not fo

und in Entity, line: 1

FxCop did not return a valid XML document. Ignoring.

Plugin "javascriptlint" not installed. Download it at yasca.org.

Forking external process (JLint)...

External process completed...

Forking external process (PMD) for ./plugins/default/pmd/yasca-rules.xml...

External process completed...

Forking external process (PMD) for ./plugins/default/pmd/yasca.xml...

External process completed...

Forking external process (RATS)...

[E_WARNING] [ D:\tools\yasca-2.1\plugins\Rats.php:51 ] DOMDocument::loadXML(): Empty string supplied as input

RATS did not return a valid XML document. Ignoring.

Creating report...

Results have been written to C:\DOCUME~1\JIANZH~1.LIA\LOCALS~1\Temp\Yasca-Report-20091108110623.html

 

以上可以看到采用JLint,PMD,RATS分析代码. 比较遗憾rats出现windows异常.

 

检查结果可看到检测到SQL Injection,Cross-Site Scripting,Code Quality: Functions, Authentication价值较高的建议

 


TAG: yasca cppcheck jlint pmd

sdjkx的个人空间 引用 删除 sdjkx   /   2010-02-25 14:42:21
你好,看你介绍了yasca,我下载了yasca,没有安装其他的插件,但在linux上无法运行,执行
./yasca ./resource/test/
提示如下:
-bash: ./yasca: /bin/sh^M: bad interpreter: No such file or directory
看不懂啥意思
可以帮解答下吗? 谢谢
zealot.name@gmail.com
 

评分:0

我来说两句

显示全部

:loveliness: :handshake :victory: :funk: :time: :kiss: :call: :hug: :lol :'( :Q :L ;P :$ :P :o :@ :D :( :)

Open Toolbar