walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Add test for saving/loading hitlist, add Python3 fixes for it 

Test the saving and loading of hitlists.
This detected a Python3 problem, which was easily corrected by
saving and loading in binary "b" format instead of text format.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This commit is contained in:
David A. Wheeler 2017-08-26 16:15:17 -04:00
parent b2556b7348
commit 339763c644
4 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
correct-results-005.txt Normal file
View File

@ -0,0 +1 @@
test-patched.c:13:2: [4] (buffer) strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).

7
correct-results-006.txt Normal file
View File

@ -0,0 +1,7 @@
test.c:32:2: [5] (buffer) gets:Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
test.c:56:3: [5] (buffer) strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:57:3: [5] (buffer) _tcsncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:60:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:62:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:73:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).
test.c:73:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).

8
flawfinder
View File

@ -1973,10 +1973,12 @@ def process_options():
def process_files(): def process_files():
"""Process input (files or hitlist); return True if okay."""
global hitlist global hitlist
if loadhitlist: if loadhitlist:
f = open(loadhitlist) f = open(loadhitlist, "rb")
hitlist = pickle.load(f) hitlist = pickle.load(f)
return True
else: else:
patch_infos = None patch_infos = None
if patch_file != "": if patch_file != "":
@ -1986,7 +1988,7 @@ def process_files():
print("*** No input files") print("*** No input files")
return None return None
process_file_args(files, patch_infos) process_file_args(files, patch_infos)
return 1 return True
def hitlist_sort_key(hit): def hitlist_sort_key(hit):
"""Sort key for hitlist.""" """Sort key for hitlist."""
@ -2140,7 +2142,7 @@ def save_if_desired():
if savehitlist: if savehitlist:
if not quiet: if not quiet:
print("Saving hitlist to", savehitlist) print("Saving hitlist to", savehitlist)
f = open(savehitlist, "w") f = open(savehitlist, "wb")
pickle.dump(hitlist, f) pickle.dump(hitlist, f)
f.close() f.close()

13
makefile
View File

@ -157,10 +157,20 @@ test_005: flawfinder test-diff-0005.patch test-patched.c
test-patched.c > test-results-005.txt test-patched.c > test-results-005.txt
@diff -u correct-results-005.txt test-results-005.txt @diff -u correct-results-005.txt test-results-005.txt
test_006: flawfinder test.c
@echo 'test_006 (save/load hitlist)'
@$(PYTHON) ./flawfinder -m 5 -S -DC --quiet \
--savehitlist test-saved-hitlist-006.txt \
test.c > test-junk-006.txt
@$(PYTHON) ./flawfinder -SQDC \
--loadhitlist test-saved-hitlist-006.txt > \
test-results-006.txt
@diff -u correct-results-006.txt test-results-006.txt
# Run all tests; output shows differences from expected results. # Run all tests; output shows differences from expected results.
# If everything works as expected, it just prints test numbers. # If everything works as expected, it just prints test numbers.
# Set PYTHON as needed, including to "" # Set PYTHON as needed, including to ""
test: test_001 test_002 test_003 test_004 test_005 test: test_001 test_002 test_003 test_004 test_005 test_006
@echo 'All tests pass!' @echo 'All tests pass!'
check: test check: test
@ -172,6 +182,7 @@ test-is-correct: test-results.txt
mv test-results.csv correct-results.csv mv test-results.csv correct-results.csv
mv test-results-004.txt correct-results-004.txt mv test-results-004.txt correct-results-004.txt
mv test-results-005.txt correct-results-005.txt mv test-results-005.txt correct-results-005.txt
mv test-results-006.txt correct-results-006.txt
profile: profile:
/usr/lib/python1.5/profile.py ./flawfinder > profile-results $(SAMPLE_DIR)/*/*.[ch] > profile-results /usr/lib/python1.5/profile.py ./flawfinder > profile-results $(SAMPLE_DIR)/*/*.[ch] > profile-results