Modify test suite - also check generated HTML

correct-results.html

@@ -192,7 +192,8 @@ Examining test2.c <br>
  sprintf(s, "hello");
 </pre>
 <li>test.c:45: <b>  [2] </b> (buffer) <i> char:
-  Statically-sized arrays can be overflowed (<a
+  Statically-sized arrays can be overflowed or have other issues (<a
+  href="http://cwe.mitre.org/data/definitions/119.html">CWE-119</a>,<a
   href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Perform
   bounds checking, use functions that limit length, or ensure that the size
   is larger than the maximum possible length (CWE-119). </i>
@@ -200,7 +201,8 @@ Examining test2.c <br>
   char d[20];
 </pre>
 <li>test.c:46: <b>  [2] </b> (buffer) <i> char:
-  Statically-sized arrays can be overflowed (<a
+  Statically-sized arrays can be overflowed or have other issues (<a
+  href="http://cwe.mitre.org/data/definitions/119.html">CWE-119</a>,<a
   href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Perform
   bounds checking, use functions that limit length, or ensure that the size
   is larger than the maximum possible length (CWE-119). </i>
@@ -276,9 +278,9 @@ Examining test2.c <br>
   strncat(d,s,10);
 </pre>
 <li>test.c:58: <b>  [1] </b> (buffer) <i> strlen:
-  Does not handle strings that are not \0-terminated (it could cause a crash
-  if unprotected) (<a
-  href="http://cwe.mitre.org/data/definitions/119.html">CWE-119</a>). </i>
+  Does not handle strings that are not \0-terminated; if given one it may
+  perform an over-read (it could cause a crash if unprotected) (<a
+  href="http://cwe.mitre.org/data/definitions/126.html">CWE-126</a>). </i>
 <pre>
   n = strlen(d);
 </pre>

correct-results.txt

@@ -86,13 +86,15 @@ test.c:19:  [2] (buffer) sprintf:
   Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
   vsnprintf. Risk is low because the source has a constant maximum length.
 test.c:45:  [2] (buffer) char:
-  Statically-sized arrays can be overflowed (CWE-120). Perform bounds
-  checking, use functions that limit length, or ensure that the size is
-  larger than the maximum possible length (CWE-119).
+  Statically-sized arrays can be overflowed or have other issues
+  (CWE-119,CWE-120). Perform bounds checking, use functions that limit
+  length, or ensure that the size is larger than the maximum possible length
+  (CWE-119).
 test.c:46:  [2] (buffer) char:
-  Statically-sized arrays can be overflowed (CWE-120). Perform bounds
-  checking, use functions that limit length, or ensure that the size is
-  larger than the maximum possible length (CWE-119).
+  Statically-sized arrays can be overflowed or have other issues
+  (CWE-119,CWE-120). Perform bounds checking, use functions that limit
+  length, or ensure that the size is larger than the maximum possible length
+  (CWE-119).
 test.c:50:  [2] (buffer) memcpy:
   Does not check for buffer overflows when copying to destination (CWE-120).
   Make sure destination can always hold the source data.
@@ -126,8 +128,8 @@ test.c:55:  [1] (buffer) strncat:
   size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
   resizing strings.
 test.c:58:  [1] (buffer) strlen:
-  Does not handle strings that are not \0-terminated (it could cause a crash
-  if unprotected) (CWE-119).
+  Does not handle strings that are not \0-terminated; if given one it may
+  perform an over-read (it could cause a crash if unprotected) (CWE-126).
 test.c:64:  [1] (buffer) MultiByteToWideChar:
   Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is very
   low, the length appears to be in characters not bytes.

makefile

@@ -106,6 +106,7 @@ test: flawfinder test.c test2.c
 	./flawfinder --omittime --html --context test.c test2.c > test-results.html
 	@echo "Differences from expected results:"
 	@diff -u correct-results.txt test-results.txt
+	@diff -u correct-results.html test-results.html
 
 check: test