walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Update documentation to explain --patch and --followdotdir 

git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@8 5c01084b-1f27-0410-9f85-80411afe95dc
This commit is contained in:
dwheeler 2007-01-16 04:07:58 +00:00
parent 5808029a6a
commit b91bfe9757
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
flawfinder.1
View File

@ -30,9 +30,11 @@ flawfinder \- find potential security flaws ("hits") in source code
.\" Selecting Hits: .\" Selecting Hits:
.RB [ \-\-allowlink ] .RB [ \-\-allowlink ]
.RB [ \-\-inputs | \-I ] .RB [ \-\-inputs | \-I ]
[ \fB\-\-minlevel=\fR\fIX\fR | \fB-m\fR \fIX\fR ] [ \fB\-\-minlevel=\fR\fIX\fR | \fB\-m\fR\ \fIX\fR ]
.RB [ \-\-falsepositive | \-F ] .RB [ \-\-falsepositive | \-F ]
.RB [ \-\-neverignore | \-n ] .RB [ \-\-neverignore | \-n ]
.RB [ \-\-patch=\fIfilename\fR | \-P\ \fIfilename\fR ]
.RB [ \-\-followdotdir ]
.\" Selecting Output Format: .\" Selecting Output Format:
.RB [ \-\-context | \-c ] .RB [ \-\-context | \-c ]
.RB [ \-\-columns | \-C ] .RB [ \-\-columns | \-C ]
@ -58,6 +60,9 @@ in that directory (and its subdirectories, recursively) will be examined.
Thus, for most projects, simply give flawfinder the name of the source Thus, for most projects, simply give flawfinder the name of the source
code's topmost directory (use ``.'' for the current directory), code's topmost directory (use ``.'' for the current directory),
and flawfinder will examine all of the project's C/C++ source code. and flawfinder will examine all of the project's C/C++ source code.
If you only want to have \fIchanges\fR reviewed, save a unified diff
of those changes (created by "diff -u" or "svn diff") in a patch file,
and include --patch=\fIdiff\fR as an option.
.PP .PP
Flawfinder will produce a list of ``hits'' (potential Flawfinder will produce a list of ``hits'' (potential
security flaws), sorted by risk; the riskiest hits are shown first. security flaws), sorted by risk; the riskiest hits are shown first.
@ -268,6 +273,18 @@ Shows (just) the version number and exits.
.SS "Selecting Hits to Display" .SS "Selecting Hits to Display"
.TP 12
.BI \-\-patch= filename
Only report hits that are changed by the given patch file.
The patch file must be in unified diff format (e.g., the output of
"diff -u" or "svn diff").
Beware that the "new" file names given in the patch file must match exactly,
including upper/lower case, path prefix, and directory
separator (\\ vs. /).
Only hits that occur on resultant changed lines, or immediately
above and below them, are reported.
This option implies --neverignore.
.TP 12 .TP 12
.BI \-\-allowlink .BI \-\-allowlink
Allow the use of symbolic links; normally symbolic links are skipped. Allow the use of symbolic links; normally symbolic links are skipped.
@ -322,6 +339,11 @@ clauses and calls through function pointers will be missed.
Never ignore security issues, even if they have an ``ignore'' directive Never ignore security issues, even if they have an ``ignore'' directive
in a comment. in a comment.
.TP
.BI \-\-followdotdir
Enter directories whose names begin with ".".
Normally such directories are ignored, since they normally
include version control private data, configurations, and so on.
.SS "Selecting Output Format" .SS "Selecting Output Format"