OWASP Orizon实现

Question

我正在开发一个高效的源代码安全测试工具，我已经研究了OWASP的Orizon项目。它看起来很有趣。但我无法获得相同的适当示例实现和文档。有人能帮我做这件事吗？

Answer 1

OWASP Orizon的最新版本(目前是1.39)的源代码可以在github上找到，但是您需要调整ant build.xml来构建它。您也可以在sourceforge上下载二进制版本(1.19)。然后，您只需提取tar.gz并运行将给出命令提示符的orizon.sh即可。

可用的命令如下：

* open directory_name: opens directory_name for scanning.
* model: creates an application model from the opened directory.
* stat: prints out some statistics coming from orizon engines
* crawl: performs a code crawling
* set option [value]: sets the option telling orizon how to behave
    valid option are:
        + mirage [trace|notrace]: trace and notrace to put the engine in 
        trace or in no trace mode.
        + quiet: says orizon to run quietly
        + store_output: says orizon not to use standard output to 
        print informations (valuable only for development team)
        + orl_root directory: specifies an alternative root for security 
        library overriding lib/orizon-library-1.19.jar
        + report_format [txt|html|xml|console]: specifies the output 
        format. Using console, output onto disk 
        will be disabled.
        + report_name filename: write report in filename, stored in the 
        directory you launch osh from.
* report: prints out the findings report
* version: prints the version number
* info: prints the version number and the available engines signature