Google Source Code Bug Finder

Google is such a powerful tool and people are finding new ways to exploit its capabilities.  The newest use is to find security bugs in open source code, since much of this code is published in code repositories indexed by Google.  Google searches can look for specific file extensions (like c, pls, sql, or ora).

Much has been written about finding vulnerable websites and other exploitable information (try "allinurl: tnsnames filetype:ora" to find tnsnames.ora files).  Finding software bugs is a little different spin and can search for vulnerable lines of code across thousands of applications.  Finding SQL injection and other Oracle specific vulnerabilities may be
a little more difficult since Google does not index punctuation
characters (i.e., single quotes).

Some sample query strings, mostly for C, are available at --

http://www.cipher.org.uk/index.php?p=projects/bugle.project

 Share this post