Added amiga makefile for creating the releases

This commit is contained in:
George Sokianos 2022-07-25 14:43:59 +01:00
parent 0387fab1c7
commit 248c4449fb
2 changed files with 73 additions and 52 deletions

20
Makefile.amiga Normal file
View File

@ -0,0 +1,20 @@
#
# Project: flawfinder
# Created by George "walkero" Sokianos
# 2022-07-25
#
release: clean
mkdir -p release/flawfinder
cp -r release_files/* release/flawfinder/
cp flawfinder.py release/flawfinder/flawfinder
protect release/flawfinder/flawfinder srwed
cp -r simplejson release/flawfinder
cp ChangeLog release/flawfinder/
cp README.md release/flawfinder/
cp COPYING release/flawfinder/
lha -aeqr3 a flawfinder.lha release/
clean:
rm -f simplejson/#?.pyc

105
flawfinder.py Executable file → Normal file
View File

@ -1,4 +1,4 @@
#!/usr/bin/env python
#!python
"""flawfinder: Find potential security flaws ("hits") in source code.
Usage:
@ -40,7 +40,7 @@
# That *finally* makes it possible to semi-gracefully transition.
from __future__ import division
from __future__ import print_function
# from __future__ import print_function
import functools
import sys
import re
@ -53,7 +53,7 @@ import operator # To support filename expansion on Windows
import time
import csv # To support generating CSV format
import hashlib
import json
import simplejson as json
version = "2.0.19"
@ -488,16 +488,16 @@ def print_multi_line(text):
prefix = " "
starting_position = len(prefix) + 1
#
print(prefix, end='')
print(prefix),
position = starting_position
#
for w in text.split():
if len(w) + position >= width:
print()
print(prefix, end='')
print '\n',
print(prefix),
position = starting_position
print(' ', end='')
print(w, end='')
# print(' '),
print(w),
position += len(w) + 1
@ -608,44 +608,44 @@ class Hit(object):
if sarif_output:
return
if output_format:
print("<li>", end='')
print("<li>"),
sys.stdout.write(h(self.filename))
if show_columns:
print(":%(line)s:%(column)s:" % self, end='')
print(":%(line)s:%(column)s:" % self),
else:
print(":%(line)s:" % self, end='')
print(":%(line)s:" % self),
if output_format:
print(" <b>", end='')
print(" <b>"),
# Extra space before risk level in text, makes it easier to find:
print(" [%(level)s]" % self, end=' ')
print(" [%(level)s] " % self),
if output_format:
print("</b> ", end='')
print("(%(category)s)" % self, end=' ')
print("</b> "),
print("(%(category)s) " % self),
if output_format:
print("<i> ", end='')
print(h("%(name)s:" % self), end='')
print("<i> "),
print(h("%(name)s:" % self)),
main_text = h("%(warning)s. " % self)
if output_format: # Create HTML link to CWE definitions
main_text = link_cwe_pattern.sub(
r'<a href="https://cwe.mitre.org/data/definitions/\2.html">\1</a>\3',
main_text)
if single_line:
print(main_text, end='')
print(main_text),
if self.suggestion:
print(" " + h(self.suggestion) + ".", end='')
print(' ' + h(self.note), end='')
print(" " + h(self.suggestion) + "."),
print(' ' + h(self.note)),
else:
if self.suggestion:
main_text += h(self.suggestion) + ". "
main_text += h(self.note)
print()
print '\n',
print_multi_line(main_text)
if output_format:
print(" </i>", end='')
print("</li>", end='')
print()
print(" </i>"),
print("</li>"),
print '\n',
if show_context:
if output_format:
print("<pre>")
@ -676,7 +676,8 @@ def add_warning(hit):
def internal_warn(message):
print(h(message), file=sys.stderr)
# print(h(message), file=sys.stderr)
print h(message)
# C Language Specific
@ -1756,9 +1757,9 @@ def process_c_file(f, patch_infos):
if not quiet:
if output_format:
print("Examining", h(f), "<br>")
print 'Examining %s<br>' % (h(f))
else:
print("Examining", f)
print 'Examining %s' % (h(f))
sys.stdout.flush()
# Python3 is often configured to use only UTF-8, and presumes
@ -1767,10 +1768,10 @@ def process_c_file(f, patch_infos):
# in such cases - with some hints on how to solve it.
try:
text = "".join(my_input.readlines())
except UnicodeDecodeError as err:
except UnicodeDecodeError, err:
print('Error: encoding error in', h(f))
print(err)
print()
print '\n',
print('Python3 requires input character data to be perfectly encoded;')
print('it also requires perfectly correct system encoding settings.')
print('Unfortunately, your data and/or system settings are not.')
@ -1948,8 +1949,7 @@ def display_ruleset(ruleset):
def initialize_ruleset():
expand_ruleset(c_ruleset)
if showheading:
print("Number of rules (primarily dangerous function names) in C/C++ ruleset:", len(
c_ruleset))
print 'Number of rules (primarily dangerous function names) in C/C++ ruleset: %d' % len(c_ruleset)
if output_format:
print("<p>")
if list_rules:
@ -2313,7 +2313,7 @@ def process_options():
diffhitlist_filename = value
display_header()
if showheading:
print("Showing hits not in", value)
print("Showing hits not in %s" % value)
elif opt == "--version":
print(version)
sys.exit(0)
@ -2338,7 +2338,7 @@ def process_options():
# In Python 2 the convention is "getopt.GetoptError", but we
# use "getopt.error" here so it's compatible with both
# Python 1.5 and Python 2.
except getopt.error as text:
except getopt.error, text:
print("*** getopt error:", text)
usage()
sys.exit(16)
@ -2384,13 +2384,13 @@ def show_final_results():
for i in possible_levels: # Initialize count_per_level_and_up
count_per_level_and_up[i] = 0
if show_immediately or not quiet: # Separate the final results.
print()
print '\n',
if showheading:
if output_format:
print("<h2>Final Results</h2>")
else:
print("FINAL RESULTS:")
print()
print '\n',
hitlist.sort(key=hitlist_sort_key)
# Display results. The HTML format now uses
# <ul> so that the format differentiates each entry.
@ -2418,14 +2418,14 @@ def show_final_results():
if output_format:
print("<h2>Analysis Summary</h2>")
else:
print()
print '\n',
print("ANALYSIS SUMMARY:")
if output_format:
print("<p>")
else:
print()
print '\n',
if count > 0:
print("Hits =", count)
print 'Hits = %d' % count
else:
print("No hits found.")
if output_format:
@ -2436,27 +2436,27 @@ def show_final_results():
time_analyzing = time.time() - starttime
if required_regex:
print("Hits limited to regular expression " + required_regex)
print("Lines analyzed = %d" % sumlines, end='')
print("Lines analyzed = %d" % sumlines),
if time_analyzing > 0 and not omit_time: # Avoid divide-by-zero.
print(" in approximately %.2f seconds (%.0f lines/second)" % (
time_analyzing, (sumlines / time_analyzing)))
else:
print()
print '\n',
if output_format:
print("<br>")
print("Physical Source Lines of Code (SLOC) = %d" % sloc)
if output_format:
print("<br>")
# Output hits@each level.
print("Hits@level =", end='')
print("Hits@level ="),
for i in possible_levels:
print(" [%d] %3d" % (i, count_per_level[i]), end='')
print(" [%d] %3d" % (i, count_per_level[i])),
if output_format:
print(" <br>")
else:
print()
print '\n',
# Compute hits at "level x or higher"
print("Hits@level+ =", end='')
print("Hits@level+ ="),
for i in possible_levels:
for j in possible_levels:
if j >= i:
@ -2464,20 +2464,20 @@ def show_final_results():
i] = count_per_level_and_up[i] + count_per_level[j]
# Display hits at "level x or higher"
for i in possible_levels:
print(" [%d+] %3d" % (i, count_per_level_and_up[i]), end='')
print(" [%d+] %3d" % (i, count_per_level_and_up[i])),
if output_format:
print(" <br>")
else:
print()
print '\n',
if sloc > 0:
print("Hits/KSLOC@level+ =", end='')
print("Hits/KSLOC@level+ ="),
for i in possible_levels:
print(" [%d+] %3g" % (
i, count_per_level_and_up[i] * 1000.0 / sloc), end='')
i, count_per_level_and_up[i] * 1000.0 / sloc)),
if output_format:
print(" <br>")
else:
print()
print '\n',
#
if num_links_skipped:
print("Symlinks skipped =", num_links_skipped, "(--allowlink overrides but see doc for security issue)")
@ -2488,14 +2488,14 @@ def show_final_results():
if output_format:
print("<br>")
if num_ignored_hits > 0:
print("Suppressed hits =", num_ignored_hits, "(use --neverignore to show them)")
print("Suppressed hits = %d (use --neverignore to show them)" % num_ignored_hits)
if output_format:
print("<br>")
print("Minimum risk level = %d" % minimum_level)
if output_format:
print("<br>")
else:
print()
print '\n',
if count > 0:
print("Not every hit is necessarily a security vulnerability.")
print("You can inhibit a report by adding a comment in this form:")
@ -2505,7 +2505,7 @@ def show_final_results():
if output_format:
print("<br>")
else:
print()
print '\n',
print("There may be other security vulnerabilities; review your code!")
if output_format:
print("<br>")
@ -2550,3 +2550,4 @@ def main():
if __name__ == '__main__':
main()