walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Convert README to use markdown 

Signed-off-by: nickthetait <nicholas.tait@ieee.org>
This commit is contained in:
nickthetait 2018-03-14 00:09:21 -06:00
parent 23c1a7e289
commit db09996c01
1 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
README → README.md
View File

@ -1,4 +1,6 @@
This is "flawfinder" by David A. Wheeler, <dwheeler@dwheeler.com>. # About
This is "flawfinder" by [David A. Wheeler](mailto:dwheeler@dwheeler.com).
Flawfinder is a simple program that scans C/C++ source code and reports Flawfinder is a simple program that scans C/C++ source code and reports
potential security flaws. It can be a useful tool for examining software potential security flaws. It can be a useful tool for examining software
@ -7,20 +9,25 @@ static source code analysis tools more generally. It is designed to
be easy to install and use. Flawfinder supports the Common Weakness be easy to install and use. Flawfinder supports the Common Weakness
Enumeration (CWE) and is officially CWE-Compatible. Enumeration (CWE) and is officially CWE-Compatible.
For more information, see: For more information, see the [project website](http://www.dwheeler.com/flawfinder)
http://www.dwheeler.com/flawfinder
# Platforms
Flawfinder is designed for use on Unix/Linux/POSIX systems Flawfinder is designed for use on Unix/Linux/POSIX systems
(including Cygwin, Linux-based systems, MacOS, and *BSDs) as a (including Cygwin, Linux-based systems, MacOS, and *BSDs) as a
command line tool. It requires Python 2.7 or Python 3. command line tool. It requires Python 2.7 or Python 3.
# Installation
If you just want to *use* it, you can install flawfinder with If you just want to *use* it, you can install flawfinder with
Python's "pip" or with your system's package manager (flawfinder has Python's "pip" or with your system's package manager (flawfinder has
packages for many systems). It also supports easy installation packages for many systems). It also supports easy installation
following usual "make install" source installation conventions. following usual "make install" source installation conventions.
The file INSTALL.txt has more detailed installation instructions. The file [INSTALL.txt](INSTALL.txt) has more detailed installation instructions.
You don't HAVE to install it to run it, but it's easiest that way. You don't HAVE to install it to run it, but it's easiest that way.
# Usage
To run flawfinder, just give it a list of source files or directories to To run flawfinder, just give it a list of source files or directories to
example. For example, to examine all files in "src/" and down recursively: example. For example, to examine all files in "src/" and down recursively:
@ -31,6 +38,8 @@ flawfinder (including its various options) and related information
(such as how it supports CWE). For example, the "--html" option generates (such as how it supports CWE). For example, the "--html" option generates
output in HTML format. The "--help" option gives a brief list of options. output in HTML format. The "--help" option gives a brief list of options.
# Under the hood
More technically, flawfinder uses lexical scanning to find tokens More technically, flawfinder uses lexical scanning to find tokens
(such as function names) that suggest likely vulnerabilities, estimates their (such as function names) that suggest likely vulnerabilities, estimates their
level of risk (e.g., by the text of function calls), and reports the results. level of risk (e.g., by the text of function calls), and reports the results.
@ -42,8 +51,12 @@ vulnerabilities in programs that cannot be built or cannot be linked.
Flawfinder also doesn't get as confused by macro definitions Flawfinder also doesn't get as confused by macro definitions
and other oddities that more sophisticated tools have trouble with. and other oddities that more sophisticated tools have trouble with.
# Contributions
We love contributions! For more information on contributing, see We love contributions! For more information on contributing, see
the file CONTRIBUTING.md. the file [CONTRIBUTING.md](CONTRIBUTING.md).
# License
Flawfinder is released under the GNU GPL license version 2 or later (GPL-2.0+). Flawfinder is released under the GNU GPL license version 2 or later (GPL-2.0+).
See the COPYING file for license information. See the [COPYING](COPYING) file for license information.