From c4b28d916fd65c0bcf87b8736a45b233e4ac9ed6 Mon Sep 17 00:00:00 2001
From: "David A. Wheeler" <dwheeler@dwheeler.com>
Date: Sun, 30 Jul 2017 20:22:11 -0400
Subject: [PATCH] Remove/merge duplicate hash entries found by pylint

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
---
 flawfinder | 19 ++-----------------
 1 file changed, 2 insertions(+), 17 deletions(-)

diff --git a/flawfinder b/flawfinder
index 519dd66..6a61668 100755
--- a/flawfinder
+++ b/flawfinder
@@ -1030,12 +1030,6 @@ c_ruleset = {
      "Check implementation on installation, or limit the size of all string inputs",
      "buffer", "dangers-c", {'input': 1}),
 
-    "getpass":
-    (normal, 3,
-     "Some implementations may overflow buffers (CWE-120, CWE-20)",
-     "",
-     "buffer", "dangers-c", {'input': 1}),
-
     "getwd":
     (normal, 3,
      "This does not protect against buffer overflows "
@@ -1147,14 +1141,6 @@ c_ruleset = {
      "if available",
      "shell", "", {}),
 
-    # TODO: Need to detect varying levels of danger.
-    "execl|execlp|execle|execv|execvp|system|popen|WinExec|ShellExecute":
-    (normal, 4,
-     "This causes a new program to execute and is difficult to use safely (CWE-78)",
-     "try using a library call that implements the same functionality " +
-     "if available",
-     "shell", "", {}),
-
     # TODO: Be more specific.  The biggest problem involves "first" param NULL,
     # second param with embedded space. Windows.
     "CreateProcessAsUser|CreateProcessWithLogon":
@@ -1305,9 +1291,9 @@ c_ruleset = {
 
     "getpass":
     (normal, 4,
-     "This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2.  What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.) (CWE-676)",
+     "This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2.  What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20)",
      "Make the specific calls to do exactly what you want.  If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space",
-     "misc", "", {}),
+     "misc", "", {'input': 1}),
 
     "gsignal|ssignal":
     (normal, 2,
@@ -1333,7 +1319,6 @@ c_ruleset = {
      "Use nanosleep(2) or setitimer(2) instead",
      "obsolete", "", {}),
 
-
     # Input functions, useful for -I
     "recv|recvfrom|recvmsg|fread|readv":
     (normal, 0, "Function accepts input from outside program (CWE-20)",