walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Always report hit counts correctly, even if ignored using -m 

This commit means that the output provides useful summary data,
even if the lower-level hits are suppressed.

Note that this does use a little more memory when some hits
are supressed, since the hitlist is fully created even
if only parts are displayed.  However, modern systems have
lots of memory. Hopefully we'll never analyze software
with so many problems that this is a problem itself :-).
If someone ever has that problem, they can output everything
and filter it separately.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This commit is contained in:
David A. Wheeler 2017-09-23 20:36:50 -04:00
parent e06e2ba3df
commit 6f513af900
4 changed files with 20 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
correct-results.html
View File

@ -311,9 +311,9 @@ Lines analyzed = 118
<br> <br>
Physical Source Lines of Code (SLOC) = 80 Physical Source Lines of Code (SLOC) = 80
<br> <br>
Hits@level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7 <br> Hits@level = [0] 16 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7 <br>
Hits@level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7 <br> Hits@level+ = [0+] 52 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7 <br>
Hits/KSLOC@level+ = [0+] 450 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5 <br> Hits/KSLOC@level+ = [0+] 650 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5 <br>
Suppressed hits = 2 (use --neverignore to show them) Suppressed hits = 2 (use --neverignore to show them)
<br> <br>
Minimum risk level = 1 Minimum risk level = 1

6
correct-results.txt
View File

@ -143,9 +143,9 @@ ANALYSIS SUMMARY:
Hits = 36 Hits = 36
Lines analyzed = 118 Lines analyzed = 118
Physical Source Lines of Code (SLOC) = 80 Physical Source Lines of Code (SLOC) = 80
Hits@level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7 Hits@level = [0] 16 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7
Hits@level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7 Hits@level+ = [0+] 52 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7
Hits/KSLOC@level+ = [0+] 450 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5 Hits/KSLOC@level+ = [0+] 650 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5
Suppressed hits = 2 (use --neverignore to show them) Suppressed hits = 2 (use --neverignore to show them)
Minimum risk level = 1 Minimum risk level = 1
Not every hit is necessarily a security vulnerability. Not every hit is necessarily a security vulnerability.

23
flawfinder
View File

@ -476,13 +476,12 @@ def add_warning(hit):
if required_regex and (required_regex_compiled.search(hit.warning) is if required_regex and (required_regex_compiled.search(hit.warning) is
None): None):
return return
if hit.level >= minimum_level: if linenumber == ignoreline:
if linenumber == ignoreline: num_ignored_hits = num_ignored_hits + 1
num_ignored_hits = num_ignored_hits + 1 else:
else: hitlist.append(hit)
hitlist.append(hit) if show_immediately:
if show_immediately: hit.show()
hit.show()
def internal_warn(message): def internal_warn(message):
@ -2039,9 +2038,10 @@ def show_final_results():
print("<ul>") print("<ul>")
for hit in hitlist: for hit in hitlist:
if hit not in diff_hitlist: if hit not in diff_hitlist:
hit.show()
count_per_level[hit.level] = count_per_level[hit.level] + 1 count_per_level[hit.level] = count_per_level[hit.level] + 1
count = count + 1 if hit.level >= minimum_level:
hit.show()
count = count + 1
if output_format: if output_format:
print("</ul>") print("</ul>")
diff_file.close() diff_file.close()
@ -2049,11 +2049,12 @@ def show_final_results():
if output_format: if output_format:
print("<ul>") print("<ul>")
for hit in hitlist: for hit in hitlist:
hit.show()
count_per_level[hit.level] = count_per_level[hit.level] + 1 count_per_level[hit.level] = count_per_level[hit.level] + 1
if hit.level >= minimum_level:
hit.show()
count = count + 1
if output_format: if output_format:
print("</ul>") print("</ul>")
count = len(hitlist)
# Done with list, show the post-hitlist summary. # Done with list, show the post-hitlist summary.
if showheading: if showheading:
if output_format: if output_format:

4
makefile
View File

@ -169,10 +169,10 @@ test_005: flawfinder test-diff-005.patch test-patched.c
test_006: flawfinder test.c test_006: flawfinder test.c
@echo 'test_006 (save/load hitlist)' @echo 'test_006 (save/load hitlist)'
@$(PYTHON) ./flawfinder -m 5 -S -DC --quiet \ @$(PYTHON) ./flawfinder -S -DC --quiet \
--savehitlist test-saved-hitlist-006.txt \ --savehitlist test-saved-hitlist-006.txt \
test.c > test-junk-006.txt test.c > test-junk-006.txt
@$(PYTHON) ./flawfinder -SQDC \ @$(PYTHON) ./flawfinder -SQDC -m 5 \
--loadhitlist test-saved-hitlist-006.txt > \ --loadhitlist test-saved-hitlist-006.txt > \
test-results-006.txt test-results-006.txt
@diff -u correct-results-006.txt test-results-006.txt @diff -u correct-results-006.txt test-results-006.txt