Comments on: Static Code Analysis Using Google Code Search

By: Google Code Search for Fun & Profit « 0×0e | a pentester’s view

Mon, 01 Sep 2008 04:40:33 +0000

[...] Dug Song: http://asert.arbornetworks.com/2006/10/static-code-analysis-using-google-code-search/ [...]

By: jugar poquer internet

jugar poquer internet — Fri, 20 Jun 2008 16:51:39 +0000

poker en internet…

Will casino bonus code poker flash game regle du poker ringtones for nextel phone roulette paginas internet…

By: google code search at 不断往后看

google code search at 不断往后看 — Mon, 28 Apr 2008 06:16:01 +0000

[...] 如果你是一个程序员，却没有好好利用互联网带给我们的一切，那实在是暴殄天物了。 Google code search可以看作是google送给我们程序员最好的礼物，不用下载，在任何地方都可以阅读mysql源代码的感觉实在是很好。当然，要最大程度地发挥这个工具的作用，你需要一点技巧和学习。今天找到了一篇文章，可以作为入门指导，供大家参考。 Static Code Analysis Using Google Code Search [...]

By: Patrick Smacchia

Patrick Smacchia — Thu, 03 May 2007 09:56:22 +0000

You might be ineterested by the tool NDepend:
http://www.NDepend.com

NDepend analyses source code and .NET assemblies. It allows controlling the complexity, the internal dependencies and the quality of .NET code. NDepend provides a language (CQL Code Query Language) dedicated to query and constraint a codebase. It also comes from with advanced code visualization (Dependencies Matrix, Metric treemap, Box and Arrows graph…), more than 60 metrics, facilities to generate reports and to be integrated with mainstream build technologies and development tools. NDepend also allows to compare precisely different versions of your codebase.

By: Harald Korneliussen

Harald Korneliussen — Thu, 09 Nov 2006 13:12:59 +0000

This was brilliant, I’ll definitively remember (or rather, bookmark) these regexps to use myself when maintaining large, old c apps… There should be a collection of such expressions.

On a side note, I found this site by searching reddit for “static”, because I was looking for articles on static analysis.

By: Digital Bond » Fun with Google Code Search

Digital Bond » Fun with Google Code Search — Wed, 08 Nov 2006 13:22:31 +0000

[...] Last week, on many security mailing lists, folks were talking about using Google Code Search to look for various sorts of vulnerabilities in publicly-accessible source code repositories. Given the tool’s robust support for regular expressions, it is not inconceivable for static analysis tools (aka source code scanners) to be quickly google-ified to search repositories instead of a local filesystem. [...]

By: lzh

lzh — Thu, 02 Nov 2006 18:28:26 +0000

er… I meant \s+ isn’t as readable as \ *. Remind me not to do this stuff when short of sleep. :/

By: lzh

lzh — Thu, 02 Nov 2006 18:07:55 +0000

hmm… that comes of as quite the jerk comment. Sorry. I just wanted to recommend something that will likely find stuff a little more correctly. I suppose \ * isn’t as readable as \s+. But since source code often has tabs \ * will likely miss stuff that you probably don’t want to miss.

Yes \s also matches newline, carriage return, and form feed. I don’t think that aspect matters much here. I have yet to get a regex to match across a line boundary using Google’s code search.

By: lzh

lzh — Thu, 02 Nov 2006 17:26:16 +0000

your \ * should be either \s*, or \s+. \ * will match zero or more spaces. \s* will match zero or more spaces or tabs. + is 1 or more of the preceding. You may realize this. But why not use the correct thing.

By: CMoi

CMoi — Wed, 11 Oct 2006 19:42:08 +0000

Some PHP ones are also nice :
http://www.google.com/codesearch?hl=en&lr=&q=include%5C%28%5C%24_GET
http://www.google.com/codesearch?hl=en&lr=&q=SELECT+%5C*+FROM+%27%5C.%5C%24_GET