OWASP Code Crawler 2.5
During the last two months we have been hardworking on the new upcoming release of OWASP Code Crawler 2.5. In this release, we have been busy making Code Crawler even more stable and fast.
What follows it’s a list of all the new features of Code Crawler.
The source screen has been improved and now supports threat colouring. This means that all threats found in the source code will be highlighted depending on their threat level. (See the screenshot below)
As you can also see the threat analysis box has been moved into the Source Tab. Clicking on any highlighted threat will also show details of the corresponding threat.
The reports feature has also been improved, the code is less prone to throw exceptions and we are confident marking it as “releasable”.
The loading process of a single file is now 80% faster than any previous releases (1.0 to 2.4) this because we have moved the colouring tasks to another thread and have had changed the whole loading’s logic. Just to give you an idea of how much code crawler is fast, loading a source code file of one thousand lines in Code Crawler will take less than half a second (analysis included).
Sasikumar, new developer who has joined the team, is working on the new code crawler’s engine. He has made a powerpoint presentation, available on slideshare.com, which illustrates the details of the new architecture as well as the advantages gained using it. Sasikumar is also responsible for the new code colouring feature.
Code Crawler still supports the OWASP Code Review project providing the Key Pointers scan, but no major updates will be released in the future.
The Visual Studio Integration will also replace the Remote Server Scan in this release. The application is capable of scanning an entire Visual Solution starting from a single csproj file (Visual Studio C# Project file). Code Crawler commence the process analysing the provided project file and digging in for all the source code files which are part of the project. At this stage, the engine will process all the relevant source files and will end up providing all the details while using the new engine.
Code Crawler 2.5 was supposed to be released at the end of September but, because the amount of the new features, it has been postponed to end of October.
