https://github.com/tenable/pedant

A static analysis framework for NASL.
https://github.com/tenable/pedant

Last synced: about 1 year ago
JSON representation

A static analysis framework for NASL.

• Host: GitHub
• URL: https://github.com/tenable/pedant
• Owner: tenable
• Created: 2011-09-23T03:52:16.000Z (over 14 years ago)
• Default Branch: master
• Last Pushed: 2022-11-30T17:28:18.000Z (over 3 years ago)
• Last Synced: 2025-03-28T13:44:51.224Z (about 1 year ago)
• Language: Ruby
• Homepage: http://www.tenable.com/products/nessus
• Size: 763 KB
• Stars: 14
• Watchers: 15
• Forks: 5
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          
Pedant, a static analysis tool for NASL

=======================================

[![Gem Version](http://img.shields.io/gem/v/nasl-pedant.svg?style=flat-square)](https://rubygems.org/gems/nasl-pedant)

Installing

----------

If you have Ruby 1.9.3+ and Rubygems installed, you can simply do:

`gem install nasl-pedant`

Using

-----

To check a script, run this: `pedant check scriptname.nasl`.  You can check

`.inc` files the same way. Multiple files can be checked at the same time.

See a `[WARN]` but there's no explanation of the problem? Try adding `-v`.

Development

-----------

This project uses [Bundler](http://bundler.io/).

If you have a brand-new Debian machine, do this as root:

    apt-get install ruby-dev rubygems git

    gem install bundler

As your regular user:

    git clone https://github.com/tenable/pedant

    cd pedant

    bundle install --path vendor/bundle

    bundle exec rake test

All the tests should pass!

To run the Pedant command line, do `bundle exec ./bin/pedant`, which should give

a help message.

If you get an error like this, try prefixing your command with `bundle exec`:

    /usr/lib/ruby/2.x.x/rubygems/core_ext/kernel_require.rb:NN:in `require': cannot load such file -- libname (LoadError)

Bugs

----

1. Only works for up to 5.2 code (will not fix, the `nasl`

   interpreter can now export an AST)

1. Some of the checks have inconsistent titles in terms of "truthiness"

Todo

----

1. Iron out some of the semantics:

   - Currently files are all checked independently: what should be done when

     we're given `.inc` and `.nasl` files in one invocation?

1. Add a control-flow graph?

1. Add some kind of taint tracking?