Secure Code Review

The long name for this project could be: Static Code Analysis for Security Vulnerabilities.

Goal
From the abstract to the related project in the 2010 Google Summer of Code:
The goal of this module is to develop automated tools to assist with security reviews of Drupal module code. The tools will be built atop the grammar parser library and its code manipulation API (CMAPI). The project may also involve extending and enhancing the CMAPI to support the security review tools. The code manipulation API provides tools for traversing, searching and modifying a code snippet. This foundation should prove useful to the development of a security review engine.

Description
This module utilizes the Coder Upgrade framework and the Grammar Parser library to conduct a secure code review of a source code file based on its grammar. The review code is structured as custom routines fitting into the Coder Upgrade API. The routines are invoked by Coder Upgrade to review function calls and functions for secure code vulnerabilities. The module also utilizes the growing API for code searching, traversal and manipulation (e.g., getting, setting, inserting and deleting parameters to a function call) provided by the Grammar Parser library to review source code in a precise and programmatic fashion. Because Coder Upgrade utilizes the familiar Drupal hook system to invoke routines, other modules may enhance or modify the routines provided by this module. Contributed modules that define an API can develop vulnerability review routines that would enable other contributed modules relying on that API to review their code.

The module outputs a log file indicating the code file, item reviewed (function call or routine), line number and a description of the potential vulnerability.

This project was part of the 2010 Google Summer of Code.

This project is sponsored by Boombatower Development.