From 7ebfb3bbb65bd2d7fbe0abd8082b05b9a234d615 Mon Sep 17 00:00:00 2001 From: "David A. Wheeler" Date: Sat, 12 Jul 2014 21:06:45 -0400 Subject: [PATCH] Mention "git diff" --- flawfinder.1 | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/flawfinder.1 b/flawfinder.1 index 8e1b42d..465f45e 100644 --- a/flawfinder.1 +++ b/flawfinder.1 @@ -69,8 +69,8 @@ Thus, for most projects, simply give flawfinder the name of the source code's topmost directory (use ``.'' for the current directory), and flawfinder will examine all of the project's C/C++ source code. If you only want to have \fIchanges\fR reviewed, save a unified diff -of those changes (created by "diff -u" or "svn diff") in a patch file -and use the \-\-patch (\-P) option. +of those changes (created by "diff -u" or "svn diff" or "git diff") +in a patch file and use the \-\-patch (\-P) option. .PP Flawfinder will produce a list of ``hits'' (potential security flaws), sorted by risk; the riskiest hits are shown first. @@ -342,10 +342,12 @@ behavior is now the default. .TP 12 .BI \-\-patch patchfile +.TP .BI \-P patchfile Only report hits that are changed by the given patch file. The patch file must be in unified diff format (e.g., the output of -"diff -u old new" or "svn diff"), where the new files are the ones that are +"diff -u old new", "svn diff", or "git diff"), +where the new files are the ones that are being examined by flawfinder. The line numbers given in the patch file are used to determine which lines were changed, so if you have modified the files since the @@ -354,8 +356,9 @@ Beware that the file names of the new files given in the patch file must match exactly, including upper/lower case, path prefix, and directory separator (\\ vs. /). -Only unified diff format is accepted (either GNU diff or svn diff output is -okay); if you have a different format, again regenerate it first. +Only unified diff format is accepted (GNU diff, svn diff, and +git diff output is okay); +if you have a different format, again regenerate it first. Only hits that occur on resultant changed lines, or immediately above and below them, are reported. This option implies \-\-neverignore.