Swap Detector: Open source tool for detecting API usage errors

2020-08-26 12:55

GrammaTech has released Swap Detector, an open source tool that enables developers and DevOps teams to identify errors due to swapped function arguments, which can also be present in deployed code.

API usage errors are a common source of security and reliability vulnerabilities.

"With Swap Detector we applied Big Data analysis techniques, what we call Big Code analysis, to the Fedora RPM open-source repository to baseline correct API usage. This allowed us to develop error-detection capabilities that far exceed the scalability and accuracy of conventional approaches to program analysis."

Swap Detector consumes input information about a call site, and optionally, function declaration information pertaining to that call site.

The Swap Detector interface integrates with a variety of static analysis tools, such as Clang Static Analyzer, Clang-Tidy, and PyLint.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/4-9gwIR2xKQ/

#API #opensource