Added amiga makefile for creating the releases
This commit is contained in:
parent
0387fab1c7
commit
248c4449fb
|
|
@ -0,0 +1,20 @@
|
|||
#
|
||||
# Project: flawfinder
|
||||
# Created by George "walkero" Sokianos
|
||||
# 2022-07-25
|
||||
#
|
||||
|
||||
release: clean
|
||||
mkdir -p release/flawfinder
|
||||
cp -r release_files/* release/flawfinder/
|
||||
cp flawfinder.py release/flawfinder/flawfinder
|
||||
protect release/flawfinder/flawfinder srwed
|
||||
cp -r simplejson release/flawfinder
|
||||
cp ChangeLog release/flawfinder/
|
||||
cp README.md release/flawfinder/
|
||||
cp COPYING release/flawfinder/
|
||||
lha -aeqr3 a flawfinder.lha release/
|
||||
|
||||
clean:
|
||||
rm -f simplejson/#?.pyc
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/env python
|
||||
#!python
|
||||
|
||||
"""flawfinder: Find potential security flaws ("hits") in source code.
|
||||
Usage:
|
||||
|
|
@ -40,7 +40,7 @@
|
|||
# That *finally* makes it possible to semi-gracefully transition.
|
||||
|
||||
from __future__ import division
|
||||
from __future__ import print_function
|
||||
# from __future__ import print_function
|
||||
import functools
|
||||
import sys
|
||||
import re
|
||||
|
|
@ -53,7 +53,7 @@ import operator # To support filename expansion on Windows
|
|||
import time
|
||||
import csv # To support generating CSV format
|
||||
import hashlib
|
||||
import json
|
||||
import simplejson as json
|
||||
|
||||
version = "2.0.19"
|
||||
|
||||
|
|
@ -488,16 +488,16 @@ def print_multi_line(text):
|
|||
prefix = " "
|
||||
starting_position = len(prefix) + 1
|
||||
#
|
||||
print(prefix, end='')
|
||||
print(prefix),
|
||||
position = starting_position
|
||||
#
|
||||
for w in text.split():
|
||||
if len(w) + position >= width:
|
||||
print()
|
||||
print(prefix, end='')
|
||||
print '\n',
|
||||
print(prefix),
|
||||
position = starting_position
|
||||
print(' ', end='')
|
||||
print(w, end='')
|
||||
# print(' '),
|
||||
print(w),
|
||||
position += len(w) + 1
|
||||
|
||||
|
||||
|
|
@ -608,44 +608,44 @@ class Hit(object):
|
|||
if sarif_output:
|
||||
return
|
||||
if output_format:
|
||||
print("<li>", end='')
|
||||
print("<li>"),
|
||||
sys.stdout.write(h(self.filename))
|
||||
|
||||
if show_columns:
|
||||
print(":%(line)s:%(column)s:" % self, end='')
|
||||
print(":%(line)s:%(column)s:" % self),
|
||||
else:
|
||||
print(":%(line)s:" % self, end='')
|
||||
print(":%(line)s:" % self),
|
||||
|
||||
if output_format:
|
||||
print(" <b>", end='')
|
||||
print(" <b>"),
|
||||
# Extra space before risk level in text, makes it easier to find:
|
||||
print(" [%(level)s]" % self, end=' ')
|
||||
print(" [%(level)s] " % self),
|
||||
if output_format:
|
||||
print("</b> ", end='')
|
||||
print("(%(category)s)" % self, end=' ')
|
||||
print("</b> "),
|
||||
print("(%(category)s) " % self),
|
||||
if output_format:
|
||||
print("<i> ", end='')
|
||||
print(h("%(name)s:" % self), end='')
|
||||
print("<i> "),
|
||||
print(h("%(name)s:" % self)),
|
||||
main_text = h("%(warning)s. " % self)
|
||||
if output_format: # Create HTML link to CWE definitions
|
||||
main_text = link_cwe_pattern.sub(
|
||||
r'<a href="https://cwe.mitre.org/data/definitions/\2.html">\1</a>\3',
|
||||
main_text)
|
||||
if single_line:
|
||||
print(main_text, end='')
|
||||
print(main_text),
|
||||
if self.suggestion:
|
||||
print(" " + h(self.suggestion) + ".", end='')
|
||||
print(' ' + h(self.note), end='')
|
||||
print(" " + h(self.suggestion) + "."),
|
||||
print(' ' + h(self.note)),
|
||||
else:
|
||||
if self.suggestion:
|
||||
main_text += h(self.suggestion) + ". "
|
||||
main_text += h(self.note)
|
||||
print()
|
||||
print '\n',
|
||||
print_multi_line(main_text)
|
||||
if output_format:
|
||||
print(" </i>", end='')
|
||||
print("</li>", end='')
|
||||
print()
|
||||
print(" </i>"),
|
||||
print("</li>"),
|
||||
print '\n',
|
||||
if show_context:
|
||||
if output_format:
|
||||
print("<pre>")
|
||||
|
|
@ -676,7 +676,8 @@ def add_warning(hit):
|
|||
|
||||
|
||||
def internal_warn(message):
|
||||
print(h(message), file=sys.stderr)
|
||||
# print(h(message), file=sys.stderr)
|
||||
print h(message)
|
||||
|
||||
|
||||
# C Language Specific
|
||||
|
|
@ -1756,9 +1757,9 @@ def process_c_file(f, patch_infos):
|
|||
|
||||
if not quiet:
|
||||
if output_format:
|
||||
print("Examining", h(f), "<br>")
|
||||
print 'Examining %s<br>' % (h(f))
|
||||
else:
|
||||
print("Examining", f)
|
||||
print 'Examining %s' % (h(f))
|
||||
sys.stdout.flush()
|
||||
|
||||
# Python3 is often configured to use only UTF-8, and presumes
|
||||
|
|
@ -1767,10 +1768,10 @@ def process_c_file(f, patch_infos):
|
|||
# in such cases - with some hints on how to solve it.
|
||||
try:
|
||||
text = "".join(my_input.readlines())
|
||||
except UnicodeDecodeError as err:
|
||||
except UnicodeDecodeError, err:
|
||||
print('Error: encoding error in', h(f))
|
||||
print(err)
|
||||
print()
|
||||
print '\n',
|
||||
print('Python3 requires input character data to be perfectly encoded;')
|
||||
print('it also requires perfectly correct system encoding settings.')
|
||||
print('Unfortunately, your data and/or system settings are not.')
|
||||
|
|
@ -1948,8 +1949,7 @@ def display_ruleset(ruleset):
|
|||
def initialize_ruleset():
|
||||
expand_ruleset(c_ruleset)
|
||||
if showheading:
|
||||
print("Number of rules (primarily dangerous function names) in C/C++ ruleset:", len(
|
||||
c_ruleset))
|
||||
print 'Number of rules (primarily dangerous function names) in C/C++ ruleset: %d' % len(c_ruleset)
|
||||
if output_format:
|
||||
print("<p>")
|
||||
if list_rules:
|
||||
|
|
@ -2313,7 +2313,7 @@ def process_options():
|
|||
diffhitlist_filename = value
|
||||
display_header()
|
||||
if showheading:
|
||||
print("Showing hits not in", value)
|
||||
print("Showing hits not in %s" % value)
|
||||
elif opt == "--version":
|
||||
print(version)
|
||||
sys.exit(0)
|
||||
|
|
@ -2338,7 +2338,7 @@ def process_options():
|
|||
# In Python 2 the convention is "getopt.GetoptError", but we
|
||||
# use "getopt.error" here so it's compatible with both
|
||||
# Python 1.5 and Python 2.
|
||||
except getopt.error as text:
|
||||
except getopt.error, text:
|
||||
print("*** getopt error:", text)
|
||||
usage()
|
||||
sys.exit(16)
|
||||
|
|
@ -2384,13 +2384,13 @@ def show_final_results():
|
|||
for i in possible_levels: # Initialize count_per_level_and_up
|
||||
count_per_level_and_up[i] = 0
|
||||
if show_immediately or not quiet: # Separate the final results.
|
||||
print()
|
||||
print '\n',
|
||||
if showheading:
|
||||
if output_format:
|
||||
print("<h2>Final Results</h2>")
|
||||
else:
|
||||
print("FINAL RESULTS:")
|
||||
print()
|
||||
print '\n',
|
||||
hitlist.sort(key=hitlist_sort_key)
|
||||
# Display results. The HTML format now uses
|
||||
# <ul> so that the format differentiates each entry.
|
||||
|
|
@ -2418,14 +2418,14 @@ def show_final_results():
|
|||
if output_format:
|
||||
print("<h2>Analysis Summary</h2>")
|
||||
else:
|
||||
print()
|
||||
print '\n',
|
||||
print("ANALYSIS SUMMARY:")
|
||||
if output_format:
|
||||
print("<p>")
|
||||
else:
|
||||
print()
|
||||
print '\n',
|
||||
if count > 0:
|
||||
print("Hits =", count)
|
||||
print 'Hits = %d' % count
|
||||
else:
|
||||
print("No hits found.")
|
||||
if output_format:
|
||||
|
|
@ -2436,27 +2436,27 @@ def show_final_results():
|
|||
time_analyzing = time.time() - starttime
|
||||
if required_regex:
|
||||
print("Hits limited to regular expression " + required_regex)
|
||||
print("Lines analyzed = %d" % sumlines, end='')
|
||||
print("Lines analyzed = %d" % sumlines),
|
||||
if time_analyzing > 0 and not omit_time: # Avoid divide-by-zero.
|
||||
print(" in approximately %.2f seconds (%.0f lines/second)" % (
|
||||
time_analyzing, (sumlines / time_analyzing)))
|
||||
else:
|
||||
print()
|
||||
print '\n',
|
||||
if output_format:
|
||||
print("<br>")
|
||||
print("Physical Source Lines of Code (SLOC) = %d" % sloc)
|
||||
if output_format:
|
||||
print("<br>")
|
||||
# Output hits@each level.
|
||||
print("Hits@level =", end='')
|
||||
print("Hits@level ="),
|
||||
for i in possible_levels:
|
||||
print(" [%d] %3d" % (i, count_per_level[i]), end='')
|
||||
print(" [%d] %3d" % (i, count_per_level[i])),
|
||||
if output_format:
|
||||
print(" <br>")
|
||||
else:
|
||||
print()
|
||||
print '\n',
|
||||
# Compute hits at "level x or higher"
|
||||
print("Hits@level+ =", end='')
|
||||
print("Hits@level+ ="),
|
||||
for i in possible_levels:
|
||||
for j in possible_levels:
|
||||
if j >= i:
|
||||
|
|
@ -2464,20 +2464,20 @@ def show_final_results():
|
|||
i] = count_per_level_and_up[i] + count_per_level[j]
|
||||
# Display hits at "level x or higher"
|
||||
for i in possible_levels:
|
||||
print(" [%d+] %3d" % (i, count_per_level_and_up[i]), end='')
|
||||
print(" [%d+] %3d" % (i, count_per_level_and_up[i])),
|
||||
if output_format:
|
||||
print(" <br>")
|
||||
else:
|
||||
print()
|
||||
print '\n',
|
||||
if sloc > 0:
|
||||
print("Hits/KSLOC@level+ =", end='')
|
||||
print("Hits/KSLOC@level+ ="),
|
||||
for i in possible_levels:
|
||||
print(" [%d+] %3g" % (
|
||||
i, count_per_level_and_up[i] * 1000.0 / sloc), end='')
|
||||
i, count_per_level_and_up[i] * 1000.0 / sloc)),
|
||||
if output_format:
|
||||
print(" <br>")
|
||||
else:
|
||||
print()
|
||||
print '\n',
|
||||
#
|
||||
if num_links_skipped:
|
||||
print("Symlinks skipped =", num_links_skipped, "(--allowlink overrides but see doc for security issue)")
|
||||
|
|
@ -2488,14 +2488,14 @@ def show_final_results():
|
|||
if output_format:
|
||||
print("<br>")
|
||||
if num_ignored_hits > 0:
|
||||
print("Suppressed hits =", num_ignored_hits, "(use --neverignore to show them)")
|
||||
print("Suppressed hits = %d (use --neverignore to show them)" % num_ignored_hits)
|
||||
if output_format:
|
||||
print("<br>")
|
||||
print("Minimum risk level = %d" % minimum_level)
|
||||
if output_format:
|
||||
print("<br>")
|
||||
else:
|
||||
print()
|
||||
print '\n',
|
||||
if count > 0:
|
||||
print("Not every hit is necessarily a security vulnerability.")
|
||||
print("You can inhibit a report by adding a comment in this form:")
|
||||
|
|
@ -2505,7 +2505,7 @@ def show_final_results():
|
|||
if output_format:
|
||||
print("<br>")
|
||||
else:
|
||||
print()
|
||||
print '\n',
|
||||
print("There may be other security vulnerabilities; review your code!")
|
||||
if output_format:
|
||||
print("<br>")
|
||||
|
|
@ -2550,3 +2550,4 @@ def main():
|
|||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue