2 Replies Latest reply on Jan 24, 2008 11:01 AM by mallik141

    Help please .. Automatic code analysis tool

    mallik141
      Hi,

      I have written some action script for my project and i am required to do a static code analysis on it.
      I do not know any source code analyzers that support actionscript particularly like fortify and ounce labs which
      support Java script but not action script.Please suggest me an tool that can do analysis for me.

      Regards
      Mallik.
        • 1. Re: Help please .. Automatic code analysis tool
          dr_ross Level 1
          For security theres no point in testing it on flash as you should always assume its insecure.

          If you're checking more for holes then closest sort of thing is to perform unit tests on your code instead. There's a couple out there, do a google search for "actionscript unit tests", or write your own.
          • 2. Re: Help please .. Automatic code analysis tool
            mallik141 Level 1
            Hi Ross,

            Thank you very much for your reply, i think i should rephrase my question to make it even clear.
            I am looking for a tool to detect Buffer overflows, memory leaks, security vulnerabilities, string vulnerabilities, Race conditions. I am sorry i think by mentioning security i gave the impression of protection my application from external intrusion. But this is what i meant. For example, My project also includes C# usage and i have options like fortifysoftware, ouncelabs ,parasoft's .TEST, FxCop (microsoft) to help me do static analysis on my C# code. I need some tool like these for action scripts.Please let me know if you need more explanation.

            Regards
            Mallik