VCG is a handy and reliable tool especially designed to help programmers verify their code. It supports C++, C#, Java and PL/SQL and can detect insecure code.
For each programming language, a config file is available, enabling you to freely add broken functions or other text that the application should search for. Once the code is analyzed, the results are displayed in a pie chart, allowing you to view the proportions of whitespace, comments and bad code.
What's New in This Release: [ read full changelog ]
· New facility to scan VB code (including ASP.NET code).
Additional checks in Java scan:
· a) Unsafe usage of doPrivileged blocks.
· b) Unsafe use of RequestDispatcher.
· c) Entity Expansion deliberately enabled.
· d) Mathematical operations on primitive data types, use of user-controlled variables in mathematical operations on primitive data types (Risk of overflow)
· e) Checking that filestream resources are released correctly in try ... catch blocks.
· Additional checks for default error messages and .NET debugging in the web.config file for C# and VB code.
· Improvements to the check for insecure use of Response.Redirect in ASP code.
· Fixes to the check for case-insensitive password matching in ASP C# code.
Some improvements to the GUI:
· a) Menu items for scanning the code only enabled when target files are loaded.
· b) Colour coding added to 'Standard Level' issues to aid readability and to stop this section appearing as a block of black text.
· Fix to broken regex in Java sc...