Pedant, a static analysis tool for NASL
If you have Ruby 1.9.3+ and Rubygems installed, you can simply do:
gem install nasl-pedant
To check a script, run this:
pedant check scriptname.nasl. You can check
.inc files the same way. Multiple files can be checked at the same time.
[WARN] but there's no explanation of the problem? Try adding
- Only works for up to 5.2 code (will not fix, the
naslinterpreter can now export an AST)
- Some of the checks have inconsistent titles in terms of "truthiness"
- Iron out some of the semantics:
- Currently files are all checked independently: what should be done when
.naslfiles in one invocation?
- Currently files are all checked independently: what should be done when we're given
- Add a control-flow graph?
- Add some kind of taint tracking?