2017-07-29 19:24:25 +02:00
|
|
|
# Flawfinder.
|
|
|
|
# Released under the General Public License (GPL) version 2 or later.
|
|
|
|
# (C) 2001-2017 David A. Wheeler.
|
2007-01-16 03:44:45 +01:00
|
|
|
|
|
|
|
# To change version number, edit this here, the beginning of the
|
|
|
|
# "flawfinder" script, flawfinder.spec, setup.py, and index.html.
|
|
|
|
# Then "make test-is-correct" to get the updated version number.
|
|
|
|
# To distribute, "make distribute && su && make rpm".
|
|
|
|
# Then use make my_install to install to website image.
|
|
|
|
# Eventually switch to using DistUtils to autogenerate.
|
|
|
|
|
|
|
|
NAME=flawfinder
|
2017-09-03 02:03:44 +02:00
|
|
|
VERSION=2.0.3
|
2007-01-16 03:44:45 +01:00
|
|
|
RPM_VERSION=1
|
|
|
|
VERSIONEDNAME=$(NAME)-$(VERSION)
|
|
|
|
ARCH=noarch
|
|
|
|
|
|
|
|
SAMPLE_DIR=/usr/src/linux-2.2.16
|
2017-08-24 03:02:08 +02:00
|
|
|
PYTHON=python
|
2007-01-16 03:44:45 +01:00
|
|
|
|
2014-07-28 19:09:44 +02:00
|
|
|
# Flawfinder has traditionally used INSTALL_DIR, INSTALL_DIR_BIN, and
|
|
|
|
# INSTALL_DIR_MAN. Here we add support for GNU variables like prefix, etc.;
|
|
|
|
# users who override the older flawfinder-specific variable names will
|
|
|
|
# not notice any changes. We define exec_prefix oddly so we can
|
|
|
|
# quietly merge these 2 systems:
|
|
|
|
|
|
|
|
prefix=/usr/local
|
|
|
|
INSTALL_DIR=$(prefix)
|
|
|
|
exec_prefix=$(INSTALL_DIR)
|
|
|
|
bindir=$(exec_prefix)/bin
|
|
|
|
INSTALL_DIR_BIN=$(bindir)
|
|
|
|
|
|
|
|
datarootdir=$(INSTALL_DIR)/share
|
|
|
|
mandir=$(datarootdir)/man
|
|
|
|
man1dir=$(mandir)/man1
|
|
|
|
INSTALL_DIR_MAN=$(man1dir)
|
2007-01-16 03:44:45 +01:00
|
|
|
|
2014-07-20 01:21:23 +02:00
|
|
|
FLEX=flex
|
|
|
|
|
2007-01-16 03:44:45 +01:00
|
|
|
# For Cygwin on Windows, set PYTHONEXT=.py
|
|
|
|
# (EXE=.exe would be needed on some systems, but not for flawfinder)
|
|
|
|
EXE=
|
|
|
|
PYTHONEXT=
|
|
|
|
# EXE=.exe
|
|
|
|
# PYTHONEXT=.py
|
|
|
|
|
|
|
|
# The rpm build command. "rpmbuild" for rpm version 4.1+
|
|
|
|
# (e.g., in Red Hat Linux 8), "rpm" for older versions.
|
|
|
|
|
|
|
|
RPMBUILD=rpmbuild
|
|
|
|
|
2014-07-28 19:09:44 +02:00
|
|
|
DESTDIR=
|
|
|
|
|
2007-01-16 03:44:45 +01:00
|
|
|
all: flawfinder.pdf flawfinder.1.gz
|
|
|
|
chmod -R a+rX *
|
|
|
|
|
2014-07-12 18:28:58 +02:00
|
|
|
# We use the "-p" option of mkdir; some very old Unixes
|
|
|
|
# might not support this option, but it's a really common option
|
|
|
|
# and required by SUSv3 (and probably earlier, I haven't checked).
|
|
|
|
MKDIR_P=mkdir -p
|
2007-01-16 03:44:45 +01:00
|
|
|
|
2014-07-28 19:09:44 +02:00
|
|
|
INSTALL_PROGRAM=cp -p
|
|
|
|
INSTALL_DATA=cp -p
|
|
|
|
|
2007-01-16 03:44:45 +01:00
|
|
|
# This installer doesn't install the compiled Python bytecode.
|
|
|
|
# It doesn't take long to compile the short Python code, so
|
|
|
|
# it doesn't save much time, and having the source code available
|
|
|
|
# makes it easier to see what it does. It also avoids the
|
|
|
|
# (admittedly rare) problem of bad date/timestamps causing the
|
|
|
|
# compiled code to override later uncompiled Python code.
|
|
|
|
install:
|
2014-07-28 19:09:44 +02:00
|
|
|
-$(MKDIR_P) $(DESTDIR)$(INSTALL_DIR_BIN)
|
|
|
|
$(INSTALL_PROGRAM) flawfinder$(PYTHONEXT) $(DESTDIR)$(INSTALL_DIR_BIN)/flawfinder$(PYTHONEXT)
|
|
|
|
-$(MKDIR_P) $(DESTDIR)$(INSTALL_DIR_MAN)
|
|
|
|
$(INSTALL_DATA) flawfinder.1 $(DESTDIR)$(INSTALL_DIR_MAN)/flawfinder.1
|
2007-01-16 03:44:45 +01:00
|
|
|
|
|
|
|
uninstall:
|
2014-07-28 19:09:44 +02:00
|
|
|
rm -f $(DESTDIR)$(INSTALL_DIR_BIN)/flawfinder$(PYTHONEXT)
|
|
|
|
rm -f $(DESTDIR)$(INSTALL_DIR_MAN)/flawfinder.1
|
2007-01-16 03:44:45 +01:00
|
|
|
|
|
|
|
flawfinder.1.gz: flawfinder.1
|
|
|
|
gzip -c9 < flawfinder.1 > flawfinder.1.gz
|
|
|
|
|
|
|
|
flawfinder.ps: flawfinder.1
|
|
|
|
man -t ./flawfinder.1 > flawfinder.ps
|
|
|
|
|
|
|
|
flawfinder.pdf: flawfinder.ps
|
|
|
|
ps2pdf flawfinder.ps flawfinder.pdf
|
|
|
|
|
2014-08-03 22:19:55 +02:00
|
|
|
# Not built by default, since man2html is not widely available
|
|
|
|
# and the PDF is prettier.
|
|
|
|
flawfinder.html: flawfinder.1
|
|
|
|
man2html flawfinder.1 | tail -n +3 > flawfinder.html
|
2007-01-16 03:44:45 +01:00
|
|
|
|
|
|
|
clean:
|
|
|
|
rm -f *.pyc
|
|
|
|
rm -f flawfinder-$(VERSION).tar.gz
|
2014-07-27 23:23:35 +02:00
|
|
|
rm -f cwe.c cwe
|
2014-07-13 21:11:32 +02:00
|
|
|
rm -f *.tar *.exe ./cwe
|
2007-01-16 03:44:45 +01:00
|
|
|
|
|
|
|
distribute: clean flawfinder.pdf flawfinder.ps
|
|
|
|
chmod -R a+rX *
|
2014-08-03 04:39:03 +02:00
|
|
|
mkdir ,tempdir
|
|
|
|
cp -p [a-zA-Z]* ,tempdir
|
|
|
|
rm -f ,tempdir/*.tar.gz
|
|
|
|
rm -f ,tempdir/*.rpm
|
2007-01-16 03:44:45 +01:00
|
|
|
# We don't need both "flawfinder" and "flawfinder.py":
|
2014-08-03 04:39:03 +02:00
|
|
|
rm -f ,tempdir/flawfinder.py
|
|
|
|
mv ,tempdir flawfinder-$(VERSION)
|
2007-01-16 03:44:45 +01:00
|
|
|
# Nobody else needs "update" either.
|
2014-08-03 04:39:03 +02:00
|
|
|
rm -f ,tempdir/update
|
|
|
|
# Don't need compressed version of document.
|
|
|
|
rm -f ,tempdir/flawfinder.1.gz
|
2007-01-16 03:44:45 +01:00
|
|
|
# Don't include (out of date) index.html
|
2014-08-03 04:39:03 +02:00
|
|
|
rm -f ,tempdir/index.html
|
2007-01-16 03:44:45 +01:00
|
|
|
tar cvfz flawfinder-$(VERSION).tar.gz flawfinder-$(VERSION)
|
|
|
|
chown --reference=. flawfinder-$(VERSION).tar.gz
|
|
|
|
rm -fr flawfinder-$(VERSION)
|
|
|
|
|
2014-07-13 02:58:32 +02:00
|
|
|
dist: distribute
|
2007-01-16 03:44:45 +01:00
|
|
|
|
|
|
|
time:
|
|
|
|
echo "Timing the program. First, time taken:"
|
|
|
|
time ./flawfinder $(SAMPLE_DIR)/*/*.[ch] > /dev/null
|
|
|
|
echo "Lines examined:"
|
|
|
|
wc -l $(SAMPLE_DIR)/*/*.[ch] | tail -2
|
|
|
|
|
2017-08-26 17:15:51 +02:00
|
|
|
test_001: flawfinder test.c test2.c
|
|
|
|
@echo 'test_001 (text output)'
|
2017-08-24 03:12:23 +02:00
|
|
|
@# Omit time report so that results are always the same textually.
|
|
|
|
@$(PYTHON) ./flawfinder --omittime test.c test2.c > test-results.txt
|
|
|
|
@echo >> test-results.txt
|
|
|
|
@echo "Testing for no ending newline:" >> test-results.txt
|
|
|
|
@$(PYTHON) ./flawfinder --omittime no-ending-newline.c | \
|
2014-07-12 13:01:23 +02:00
|
|
|
grep 'Lines analyzed' >> test-results.txt
|
|
|
|
@diff -u correct-results.txt test-results.txt
|
2017-08-24 03:12:23 +02:00
|
|
|
|
2017-08-26 17:15:51 +02:00
|
|
|
test_002: flawfinder test.c test2.c
|
|
|
|
@echo 'test_002 (HTML output)'
|
2017-08-24 03:12:23 +02:00
|
|
|
@$(PYTHON) ./flawfinder --omittime --html --context test.c test2.c > test-results.html
|
2014-07-20 01:10:12 +02:00
|
|
|
@diff -u correct-results.html test-results.html
|
2017-08-24 03:12:23 +02:00
|
|
|
|
2017-08-26 17:15:51 +02:00
|
|
|
test_003: flawfinder test.c test2.c
|
|
|
|
@echo 'test_003 (CSV output)'
|
2017-08-24 03:12:23 +02:00
|
|
|
@$(PYTHON) ./flawfinder --csv test.c test2.c > test-results.csv
|
2017-07-29 22:21:00 +02:00
|
|
|
@diff -u correct-results.csv test-results.csv
|
2007-01-16 03:44:45 +01:00
|
|
|
|
2017-08-26 17:15:51 +02:00
|
|
|
test_004: flawfinder test.c
|
|
|
|
@echo 'test_004 (single-line)'
|
|
|
|
@$(PYTHON) ./flawfinder -m 5 -S -DC --quiet test.c > \
|
|
|
|
test-results-004.txt
|
|
|
|
@diff -u correct-results-004.txt test-results-004.txt
|
|
|
|
|
2017-09-02 21:45:08 +02:00
|
|
|
test_005: flawfinder test-diff-005.patch test-patched.c
|
2017-08-26 21:42:35 +02:00
|
|
|
@echo 'test_005 (diff)'
|
2017-09-02 21:45:08 +02:00
|
|
|
@$(PYTHON) ./flawfinder -SQDC -P test-diff-005.patch \
|
2017-08-26 21:42:35 +02:00
|
|
|
test-patched.c > test-results-005.txt
|
|
|
|
@diff -u correct-results-005.txt test-results-005.txt
|
|
|
|
|
2017-08-26 22:15:17 +02:00
|
|
|
test_006: flawfinder test.c
|
|
|
|
@echo 'test_006 (save/load hitlist)'
|
|
|
|
@$(PYTHON) ./flawfinder -m 5 -S -DC --quiet \
|
|
|
|
--savehitlist test-saved-hitlist-006.txt \
|
|
|
|
test.c > test-junk-006.txt
|
|
|
|
@$(PYTHON) ./flawfinder -SQDC \
|
|
|
|
--loadhitlist test-saved-hitlist-006.txt > \
|
|
|
|
test-results-006.txt
|
|
|
|
@diff -u correct-results-006.txt test-results-006.txt
|
|
|
|
|
2017-08-24 03:12:23 +02:00
|
|
|
# Run all tests; output shows differences from expected results.
|
|
|
|
# If everything works as expected, it just prints test numbers.
|
|
|
|
# Set PYTHON as needed, including to ""
|
2017-08-26 22:15:17 +02:00
|
|
|
test: test_001 test_002 test_003 test_004 test_005 test_006
|
2017-08-26 17:21:03 +02:00
|
|
|
@echo 'All tests pass!'
|
2017-08-24 03:12:23 +02:00
|
|
|
|
2014-07-12 13:01:23 +02:00
|
|
|
check: test
|
2007-01-16 03:44:45 +01:00
|
|
|
|
2014-07-12 13:01:23 +02:00
|
|
|
# Run "make test-is-correct" if the results are as expected.
|
2007-01-16 03:44:45 +01:00
|
|
|
test-is-correct: test-results.txt
|
2017-08-26 23:56:29 +02:00
|
|
|
cp -p test-results.txt correct-results.txt
|
|
|
|
cp -p test-results.html correct-results.html
|
|
|
|
cp -p test-results.csv correct-results.csv
|
|
|
|
cp -p test-results-004.txt correct-results-004.txt
|
|
|
|
cp -p test-results-005.txt correct-results-005.txt
|
|
|
|
cp -p test-results-006.txt correct-results-006.txt
|
2007-01-16 03:44:45 +01:00
|
|
|
|
|
|
|
profile:
|
|
|
|
/usr/lib/python1.5/profile.py ./flawfinder > profile-results $(SAMPLE_DIR)/*/*.[ch] > profile-results
|
|
|
|
|
|
|
|
|
|
|
|
rpm: distribute
|
|
|
|
chmod -R a+rX *
|
|
|
|
cp $(VERSIONEDNAME).tar.gz /usr/src/redhat/SOURCES
|
|
|
|
cp flawfinder.spec /usr/src/redhat/SPECS
|
|
|
|
cd /usr/src/redhat/SPECS
|
|
|
|
$(RPMBUILD) -ba flawfinder.spec
|
|
|
|
chmod a+r /usr/src/redhat/RPMS/$(ARCH)/$(VERSIONEDNAME)-$(RPM_VERSION)*.rpm
|
|
|
|
chmod a+r /usr/src/redhat/SRPMS/$(VERSIONEDNAME)-$(RPM_VERSION)*.src.rpm
|
|
|
|
# cp -p /usr/src/redhat/RPMS/$(ARCH)/$(VERSIONEDNAME)-$(RPM_VERSION)*.rpm .
|
|
|
|
# cp -p /usr/src/redhat/RPMS/$(ARCH)/$(VERSIONEDNAME)-$(RPM_VERSION)*.rpm $(VERSIONEDNAME)-$(RPM_VERSION).noarch.rpm
|
|
|
|
cp -p /usr/src/redhat/RPMS/$(ARCH)/$(VERSIONEDNAME)-$(RPM_VERSION)*.rpm .
|
|
|
|
cp -p /usr/src/redhat/SRPMS/$(VERSIONEDNAME)-$(RPM_VERSION)*.src.rpm .
|
|
|
|
chown --reference=README *.rpm
|
|
|
|
# Install, for testing. Ignore the "not installed" message here,
|
|
|
|
# unless you already installed it; we're just removing any old copies:
|
|
|
|
-rpm -e flawfinder
|
|
|
|
rpm -ivh /usr/src/redhat/RPMS/$(ARCH)/$(VERSIONEDNAME)-$(RPM_VERSION)*.rpm
|
|
|
|
echo "Use rpm -e $(NAME) to remove the package"
|
|
|
|
chown --reference=. *.rpm
|
|
|
|
|
2014-07-29 04:09:49 +02:00
|
|
|
# This is a developer convenience target, not intended for general use.
|
|
|
|
my-install: flawfinder.pdf flawfinder.ps test
|
|
|
|
cp -p $(VERSIONEDNAME).tar.gz \
|
|
|
|
flawfinder flawfinder.1 makefile \
|
2007-01-16 03:44:45 +01:00
|
|
|
flawfinder.pdf flawfinder.ps ChangeLog \
|
|
|
|
test.c test2.c test-results.txt test-results.html \
|
2014-07-29 04:09:49 +02:00
|
|
|
/home/dwheeler/dwheeler.com/flawfinder/
|
2007-01-16 03:44:45 +01:00
|
|
|
|
2014-07-13 15:44:34 +02:00
|
|
|
# This is intended to be a local capability to list CWEs
|
2014-07-27 23:23:35 +02:00
|
|
|
cwe.c: cwe.l
|
2014-07-20 01:21:23 +02:00
|
|
|
$(FLEX) -o cwe.c cwe.l
|
2014-07-27 23:23:35 +02:00
|
|
|
|
|
|
|
cwe: cwe.c
|
2014-07-20 01:21:23 +02:00
|
|
|
$(CC) -o cwe cwe.c -lfl
|
2014-07-27 23:23:35 +02:00
|
|
|
|
|
|
|
show-cwes: cwe
|
2014-07-13 15:53:15 +02:00
|
|
|
./cwe < flawfinder | sort -u -V
|
2014-07-13 15:44:34 +02:00
|
|
|
|
2017-07-31 02:47:28 +02:00
|
|
|
pylint:
|
|
|
|
pylint flawfinder
|
2014-07-13 15:44:34 +02:00
|
|
|
|
2017-07-31 02:47:28 +02:00
|
|
|
.PHONY: install clean test check profile test-is-correct rpm \
|
|
|
|
uninstall distribute my-install show-cwes pylint
|
2007-01-16 03:44:45 +01:00
|
|
|
|
|
|
|
# When I switch to using "DistUtils", I may need to move the MANIFEST.in
|
|
|
|
# file into a subdirectory (named flawfinder-versionnumber).
|
|
|
|
# I can then create all the distribution files by just typing:
|
|
|
|
# python setup.py bdist_rpm
|
|
|
|
|