From 5808029a6a4298d1a3a2550bbf3f35de21a28a90 Mon Sep 17 00:00:00 2001 From: dwheeler Date: Tue, 16 Jan 2007 03:44:31 +0000 Subject: [PATCH] Better error message when the files cannot be read git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@7 5c01084b-1f27-0410-9f85-80411afe95dc --- ChangeLog | 8 ++++++++ correct-results.html | 10 +++++----- correct-results.txt | 10 +++++----- flawfinder | 8 ++++++-- 4 files changed, 24 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 09f41c7..7b27bb0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2007-01-15 Steve Kemp + * Fix Debian bug #268236. + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=268236 + This complains that flawfinder crashes when presented with a + file it cannot read. The patch obviously can't prevent + the problem, since the tool can't review what it can't read, + but at least it halts with a cleaner error message. + 2007-01-15 cmorgan * Fixed Debian bug #271287 (flawfinder). See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=271287 diff --git a/correct-results.html b/correct-results.html index 2535e58..3a29193 100644 --- a/correct-results.html +++ b/correct-results.html @@ -9,9 +9,9 @@

Flawfinder Results

Here are the security scan results from -Flawfinder version 1.25, +Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. -Number of dangerous functions in C/C++ ruleset: 137 +Number of dangerous functions in C/C++ ruleset: 158

Examining test.c
Examining test2.c
@@ -256,9 +256,9 @@ Lines analyzed = 118
Physical Source Lines of Code (SLOC) = 80
-Hits @ level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7
-Hits @ level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7
-Hits/KSLOC @ level+ = [0+] 450 [1+] 450 [2+] 338 [3+] 250 [4+] 213 [5+] 88
+Hits@level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7
+Hits@level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7
+Hits/KSLOC@level+ = [0+] 450 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5
Suppressed hits = 2 (use --neverignore to show them)
Minimum risk level = 1 diff --git a/correct-results.txt b/correct-results.txt index d199548..da348ee 100644 --- a/correct-results.txt +++ b/correct-results.txt @@ -1,5 +1,5 @@ -Flawfinder version 1.25, (C) 2001-2004 David A. Wheeler. -Number of dangerous functions in C/C++ ruleset: 137 +Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. +Number of dangerous functions in C/C++ ruleset: 158 Examining test.c Examining test2.c test.c:32: [5] (buffer) gets: @@ -130,9 +130,9 @@ test.c:66: [1] (buffer) MultiByteToWideChar: Hits = 36 Lines analyzed = 118 Physical Source Lines of Code (SLOC) = 80 -Hits @ level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7 -Hits @ level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7 -Hits/KSLOC @ level+ = [0+] 450 [1+] 450 [2+] 338 [3+] 250 [4+] 213 [5+] 88 +Hits@level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7 +Hits@level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7 +Hits/KSLOC@level+ = [0+] 450 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5 Suppressed hits = 2 (use --neverignore to show them) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. diff --git a/flawfinder b/flawfinder index 2428f3a..4eb608e 100755 --- a/flawfinder +++ b/flawfinder @@ -1242,12 +1242,16 @@ def process_c_file(f, patch_infos): if f == "-": input = sys.stdin else: - # This should never happen. + # Symlinks should never get here, but just in case... if ((not allowlink) and os.path.islink(f)): print "BUG! Somehow got a symlink in process_c_file!" num_links_skipped = num_links_skipped + 1 return - input = open(f, "r") + try: + input = open(f, "r") + except: + print "Error: failed to open", h(f) + sys.exit(1) # Read ENTIRE file into memory. Use readlines() to convert \n if necessary. # This turns out to be very fast in Python, even on large files, and it