Fix up "make show-cwes"

flawfinder

@@ -286,7 +286,7 @@ def print_multi_line(text):
     position = position + len(w) + 1
       
 # This matches references to CWE identifiers, so we can HTMLize them.
-# We don't refer to CWE-1 through CWE-9, so we'll only match on 2+ digits.
+# We don't refer to CWE's with one digit, so we'll only match on 2+ digits.
 link_cwe_pattern = re.compile(r'(CWE-([1-9][0-9]+))([,()])')
 
 class Hit:

flawfinder.1

@@ -766,6 +766,8 @@ for it to be more specific than the mappings currently implemented.
 This also means that it is unlikely to need much
 updating for map currency; it simply doesn't have enough information to
 refine to a detailed CWE level that CWE changes would typically affect.
+The list of CWE identifiers was generated automatically using "make show-cwes",
+so there is confidence that this list is correct.
 Please report CWE mapping problems as bugs if you find any.
 .PP
 Flawfinder may fail to find a vulnerability, even if flawfinder covers

makefile

@@ -20,6 +20,8 @@ INSTALL_DIR=/usr/local
 INSTALL_DIR_BIN=$(INSTALL_DIR)/bin
 INSTALL_DIR_MAN=$(INSTALL_DIR)/man/man1
 
+FLEX=flex
+
 # For Cygwin on Windows, set PYTHONEXT=.py
 # (EXE=.exe would be needed on some systems, but not for flawfinder)
 EXE=
@@ -150,8 +152,8 @@ my_install: flawfinder.pdf flawfinder.ps
 
 # This is intended to be a local capability to list CWEs
 show-cwes:
-	flex -o cwe.c cwe.l
-	gcc -o cwe cwe.c -lfl
+	$(FLEX) -o cwe.c cwe.l
+	$(CC) -o cwe cwe.c -lfl
 	./cwe < flawfinder | sort -u -V