Add atoi() and atol(). It's a little lame, but at least it's there.

git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@14 5c01084b-1f27-0410-9f85-80411afe95dc

correct-results.html

@@ -11,7 +11,7 @@
 Here are the security scan results from
 <a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.27</a>,
 (C) 2001-2004 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
-Number of dangerous functions in C/C++ ruleset: 158
+Number of dangerous functions in C/C++ ruleset: 160
 <p>
 Examining test.c <br>
 Examining test2.c <br>

correct-results.txt

@@ -1,5 +1,5 @@
 Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler.
-Number of dangerous functions in C/C++ ruleset: 158
+Number of dangerous functions in C/C++ ruleset: 160
 Examining test.c
 Examining test2.c
 test.c:32:  [5] (buffer) gets:

flawfinder

@@ -971,6 +971,14 @@ c_ruleset = {
         "or embedded spaces could allow an attacker to force a different program to run",
       "shell", "", {'check_for_null' : 1}),
 
+  "atoi|atol":
+     (normal, 2,
+      "Unless checked, the resulting number can exceed the expected range",
+      " If source untrusted, check both minimum and maximum, even if the" +
+      " input had no minus sign (large numbers can roll over into negative" +
+      " number; consider saving to an unsigned value if that is intended)",
+      "integer", "dangers-c", {}),
+
   # Random values.  Don't trigger on "initstate", it's too common a term.
   "drand48|erand48|jrand48|lcong48|lrand48|mrand48|nrand48|random|seed48|setstate|srand|strfry|srandom":
      (normal, 3,