-
Notifications
You must be signed in to change notification settings - Fork 30
/
rats.1
94 lines (93 loc) · 3.46 KB
/
rats.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH RATS 1 "September 17, 2001"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
rats \- Rough Auditing Tool for Security
.SH SYNOPSIS
.B rats
.RI [ options ] " [file]" ...
.SH DESCRIPTION
.B rats
is a rough auditing tool for security developed by Secure Software, Inc.
It is a tool for scanning C, Perl, PHP, and Python source code and
flagging common security related programming errors such as buffer overflows
and TOCTOU (Time Of Check, Time Of Use) race conditions. As its name implies,
the tool performs only a rough analysis of source code. It will not find every
error and will also find things that are not errors. Manual inspection of your
code is still necessary, but greatly aided with this tool.
.PP
When started, RATS will scan each file or each file in the directory specified
on the command line and produce a report when scanning is complete. What
vulnerabilities are reported in the final report depend on the data
contained in the vulnerability database or databases that are used and the
warning level in use.
.PP
For each vulnerability, the list of files and line numbers where it occured is
given, followed by a brief description of the vulnerability and suggested
action.
.SH OPTIONS
.TP
.B \-h, --help
Displays a brief usage summary and exit.
.TP
.B \-a <fun>
Report any occurence of function 'fun' in the source file(s)
.TP
.B \-d <filename>, --database <filename>, --db <filename>
Specifies a vulnerability database to be loaded. You may have multiple -d
options and each database specified will be loaded.
.TP
.B \-i, --input
Causes a list of function calls that were used which accept external input to
be produced at the end of the vulnerability report.
.TP
.B \-l <lang>, --language <language>
Force the specified language to be used regardless of filename extension.
Currently valid language names are "c", "perl", "php" and "python".
.TP
.B \-r, --references
Causes references to vulnerable function calls that are not being used as calls
themselves to be reported.
.TP
.B \-w <level>, --warning <level>
Sets the warning level. Valid levels are 1, 2 or 3.
.IP
1 includes only default and high severity.
.IP
2 includes medium severity (default).
.IP
3 includes low severity vulnerabilities.
.TP
.B \-x
Causes the default vulnerability databases (which are in the installation data
directory, /usr/share/rats by default) to not be loaded.
.TP
.B \-R, --no-recurssion
Do not recurse subdirectories when encountered.
.TP
.B \--xml
Output in XML
.TP
.B \--html
Output in HTML
.TP
.B \--follow-symlinks
Follow symlinks and treat them like whatever they are pointing to. If the symlink points to a directory it will be descended into unless -R is specified, if a pointing to a file, it will be treated as a file.
.SH AUTHOR
This manual page was orginally written by Adam Lazur <adam@lazur.org>,
for the Debian GNU/Linux system (but may be used by others).
Modified by Secure Software, Inc.