walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Add more documentation about --patch 

git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@17 5c01084b-1f27-0410-9f85-80411afe95dc
This commit is contained in:
dwheeler 2007-01-17 02:15:06 +00:00
parent 85ed86f2c0
commit 6e33789344
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
flawfinder.1
View File

@ -30,10 +30,10 @@ flawfinder \- find potential security flaws ("hits") in source code
.\" Selecting Hits: .\" Selecting Hits:
.RB [ \-\-allowlink ] .RB [ \-\-allowlink ]
.RB [ \-\-inputs | \-I ] .RB [ \-\-inputs | \-I ]
[ \fB\-\-minlevel=\fR\fIX\fR | \fB\-m\fR\ \fIX\fR ] [ \fB\-\-minlevel \fR\fIX\fR | \fB\-m\fR\ \fIX\fR ]
.RB [ \-\-falsepositive | \-F ] .RB [ \-\-falsepositive | \-F ]
.RB [ \-\-neverignore | \-n ] .RB [ \-\-neverignore | \-n ]
.RB [ \-\-patch=\fIfilename\fR | \-P\ \fIfilename\fR ] .RB [ \-\-patch\ \fIfilename\fR | \-P\ \fIfilename\fR ]
.RB [ \-\-followdotdir ] .RB [ \-\-followdotdir ]
.\" Selecting Output Format: .\" Selecting Output Format:
.RB [ \-\-context | \-c ] .RB [ \-\-context | \-c ]
@ -45,9 +45,9 @@ flawfinder \- find potential security flaws ("hits") in source code
.RB [ \-\-omittime ] .RB [ \-\-omittime ]
.RB [ \-\-quiet | \-Q ] .RB [ \-\-quiet | \-Q ]
.\" Managing hit list. .\" Managing hit list.
[ \fB\-\-loadhitlist=\fR\fIF\fR ] [ \fB\-\-loadhitlist\ \fR\fIF\fR ]
[ \fB\-\-savehitlist=\fR\fIF\fR ] [ \fB\-\-savehitlist\ \fR\fIF\fR ]
[ \fB\-\-diffhitlist=\fR\fIF\fR ] [ \fB\-\-diffhitlist\ \fR\fIF\fR ]
.RB [ \-\- ] .RB [ \-\- ]
.I [ source code file or source root directory ]+ .I [ source code file or source root directory ]+
.SH DESCRIPTION .SH DESCRIPTION
@ -61,8 +61,8 @@ Thus, for most projects, simply give flawfinder the name of the source
code's topmost directory (use ``.'' for the current directory), code's topmost directory (use ``.'' for the current directory),
and flawfinder will examine all of the project's C/C++ source code. and flawfinder will examine all of the project's C/C++ source code.
If you only want to have \fIchanges\fR reviewed, save a unified diff If you only want to have \fIchanges\fR reviewed, save a unified diff
of those changes (created by "diff -u" or "svn diff") in a patch file, of those changes (created by "diff -u" or "svn diff") in a patch file
and include --patch=\fIdiff\fR as an option. and use the \-\-patch (\-P) option.
.PP .PP
Flawfinder will produce a list of ``hits'' (potential Flawfinder will produce a list of ``hits'' (potential
security flaws), sorted by risk; the riskiest hits are shown first. security flaws), sorted by risk; the riskiest hits are shown first.
@ -274,13 +274,21 @@ Shows (just) the version number and exits.
.SS "Selecting Hits to Display" .SS "Selecting Hits to Display"
.TP 12 .TP 12
.BI \-\-patch= filename .BI \-\-patch patchfile
.BI \-P patchfile
Only report hits that are changed by the given patch file. Only report hits that are changed by the given patch file.
The patch file must be in unified diff format (e.g., the output of The patch file must be in unified diff format (e.g., the output of
"diff -u" or "svn diff"). "diff -u old new" or "svn diff"), where the new files are the ones that are
Beware that the "new" file names given in the patch file must match exactly, being examined by flawfinder.
The line numbers given in the patch file are used to determine which
lines were changed, so if you have modified the files since the
patch file was created, regenerate the patch file first.
Beware that the file names of the new files
given in the patch file must match exactly,
including upper/lower case, path prefix, and directory including upper/lower case, path prefix, and directory
separator (\\ vs. /). separator (\\ vs. /).
Only unified diff format is accepted (either GNU diff or svn diff output is
okay); if you have a different format, again regenerate it first.
Only hits that occur on resultant changed lines, or immediately Only hits that occur on resultant changed lines, or immediately
above and below them, are reported. above and below them, are reported.
This option implies --neverignore. This option implies --neverignore.