walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

flawfinder.1: Document that hitlists should be trusted to be loaded or diffed

This commit is contained in:
David A. Wheeler 2014-07-19 20:42:37 -04:00
parent f980d02e2d
commit 564b78b98d
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flawfinder.1
View File

@ -488,11 +488,13 @@ Save all resulting hits (the "hitlist") to F.
.TP .TP
\fB\-\-loadhitlist=\fR\fIF\fR \fB\-\-loadhitlist=\fR\fIF\fR
Load the hitlist from F instead of analyzing source programs. Load the hitlist from F instead of analyzing source programs.
Do not load hitlists from untrusted sources.
.TP .TP
\fB\-\-diffhitlist=\fR\fIF\fR \fB\-\-diffhitlist=\fR\fIF\fR
Show only hits (loaded or analyzed) not in F. Show only hits (loaded or analyzed) not in F.
F was presumably created previously using \-\-savehitlist. F was presumably created previously using \-\-savehitlist.
Do not diff hitlists from untrusted sources.
If the \-\-loadhitlist option is not provided, this will show the hits in If the \-\-loadhitlist option is not provided, this will show the hits in
the analyzed source code files that were not previously stored in F. the analyzed source code files that were not previously stored in F.
If used along with \-\-loadhitlist, this will show the hits in the If used along with \-\-loadhitlist, this will show the hits in the
@ -912,6 +914,10 @@ COM1-COM9, and LPT1-LPT9, optionally followed by an extension
(e.g., ``com1.txt''), in any directory, and in any case (e.g., ``com1.txt''), in any directory, and in any case
(Windows is case-insensitive). (Windows is case-insensitive).
.\" See 'Writing Secure Code' by Howard and LeBlanc, pg. 223 .\" See 'Writing Secure Code' by Howard and LeBlanc, pg. 223
.PP
Do not load or diff hitlists from untrusted sources.
They are implemented using the Python pickle module, which is not
intended to be secure against erroneous or maliciously constructed data.
.SH BUGS .SH BUGS