From aldeid
Jump to: navigation, search
This article needs to be translated
This article has been copied from the old wiki and is in french. It needs to be translated into english. If you wish to participate, please send a mail to (click to reveal email)

RATS (Rough Auditing Tool for Security)


RATS (Rough Auditing Tool for Security) est un scanner de vulnérabilités développé par Secure Software security engineers. Il permet de détecter des vulnérabilités dans le code source de vos applications C, C++, Perl, PHP et Python. L'outil appuie son analyse sur une base de données interne qui permet d'identifier des erreurs de développement ainsi que l'utilisation de fonctions dangereuses.


RATS est disponible ici. Le site officiel est le suivant :


L'installation s'effectue simplement :

# cd /usr/local/src/
# wget
# tar xzvf rats-2.1.tar.gz
# cd rats-2.1
# ./configure
# make && make install


RATS peut s'utiliser comme suit afin d'exporter un rapport HTML.

rats -w 1 --html www > export-rats.htm 

Les paramètres sont les suivants :

usage: rats [-adhilrwxR] [--help] [--database|--db]  name1 name2 ... namen

  -a <fun>
                 report any occurence of function 'fun' in the source file(s)
  -d, --db, --database <filename>
                 specify an alternate vulnerability database.
  -h, --help
                 display usage information (what you're reading)
  -i, --input
                 report functions that accept external input
  -l <language>, --language <language>
                 force the specified language to be used
  -r, --references
                 include references that are not function calls
  -w <1,2,3>, --warning <1,2,3>
                 set warning level (default 2)
                 do not load default databases
  -R, --no-recursion
                 don't recurse subdirectories scanning for matching files
                 Output in XML.
                 Output in HTML.
                 Follow symlinks and process files found.

Don't print initial header in output 

                 Don't show timing information footer at end of analysis
                 Don't print status information regarding what file is being analyzed
                 No header, footer, or status information
                 Show column number of the line where the problem occured.
                 Display the line of code that caused the problem report