Version number now 1.28, add test for filenames without trailing newline

correct-results.html

@@ -9,8 +9,8 @@
 <body>
 <h1>Flawfinder Results</h1>
 Here are the security scan results from
-<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.27</a>,
-(C) 2001-2004 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
+<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.28</a>,
+(C) 2001-2007 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
 Number of dangerous functions in C/C++ ruleset: 160
 <p>
 Examining test.c <br>

correct-results.txt

@@ -1,4 +1,4 @@
-Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler.
+Flawfinder version 1.28, (C) 2001-2007 David A. Wheeler.
 Number of dangerous functions in C/C++ ruleset: 160
 Examining test.c
 Examining test2.c
@@ -137,3 +137,6 @@ Suppressed hits = 2 (use --neverignore to show them)
 Minimum risk level = 1
 Not every hit is necessarily a security vulnerability.
 There may be other security vulnerabilities; review your code!
+
+Testing for no ending newline:
+Lines analyzed = 32

flawfinder

@@ -6,7 +6,7 @@
 
  See the man page for a description of the options."""
 
-version="1.27"
+version="1.28"
 
 # The default output is as follows:
 # filename:line_number [risk_level] (type) function_name: message

flawfinder.spec

@@ -1,6 +1,6 @@
 Name: flawfinder
 Summary: Examines C/C++ source code for security flaws
-Version: 1.27
+Version: 1.28
 Release: 1
 License: GPL
 Group: Development/Tools

makefile

@@ -9,7 +9,7 @@
 # Eventually switch to using DistUtils to autogenerate.
 
 NAME=flawfinder
-VERSION=1.27
+VERSION=1.28
 RPM_VERSION=1
 VERSIONEDNAME=$(NAME)-$(VERSION)
 ARCH=noarch
@@ -97,12 +97,17 @@ time:
 test: flawfinder test.c test2.c
 	# Omit time report so that results are always the same textually.
 	./flawfinder --omittime test.c test2.c > test-results.txt
+	echo >> test-results.txt
+	echo "Testing for no ending newline:" >> test-results.txt
+	./flawfinder --omittime no-ending-newline.c | \
+	  grep 'Lines analyzed' >> test-results.txt
 	./flawfinder --omittime --html --context test.c test2.c > test-results.html
-	less test-results.txt
+	@echo "Differences from expected results:"
+	@diff -u correct-results.txt test-results.txt
 
-check:
-	diff -u correct-results.txt test-results.txt
+check: test
 
+# Run "make test-is-correct" if the results are as expected.
 test-is-correct: test-results.txt
 	mv test-results.txt correct-results.txt
 	mv test-results.html correct-results.html

no-ending-newline.c

@@ -0,0 +1,32 @@
+// Test file to show bug in 1.27
+
+#include	<stdio.h>
+#include	<stdlib.h>
+#include	<string.h>
+
+int main()
+{
+	FILE	*f;
+	char	buf[1024], *s;
+	int	first;
+
+	first = 1;
+	while(fgets(buf, sizeof(buf), stdin) != 0) {
+		if(first == 0) {
+			printf("\n");
+		}
+		s = buf;
+		while(*s != '\0') {
+			if(*s == '\n' || *s == '\r') {
+				*s = '\0';
+				break;
+			}
+			s++;
+		}
+		printf("%s", buf);
+		first = 0;
+	}
+}
+
+/* end with spaces and no \n or \r */
+   

setup.py

@@ -25,7 +25,7 @@ import commands
 
 setup (# Distribution meta-data
        name = "flawfinder",
-       version = "1.27",
+       version = "1.28",
        description = "a program that examines source code looking for security weaknesses",
        author = "David A. Wheeler",
        author_email = "dwheeler@dwheeler.com",

test-results.html

@@ -9,8 +9,8 @@
 <body>
 <h1>Flawfinder Results</h1>
 Here are the security scan results from
-<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.27</a>,
-(C) 2001-2004 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
+<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.28</a>,
+(C) 2001-2007 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
 Number of dangerous functions in C/C++ ruleset: 160
 <p>
 Examining test.c <br>

test-results.txt

@@ -1,4 +1,4 @@
-Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler.
+Flawfinder version 1.28, (C) 2001-2007 David A. Wheeler.
 Number of dangerous functions in C/C++ ruleset: 160
 Examining test.c
 Examining test2.c
@@ -137,3 +137,6 @@ Suppressed hits = 2 (use --neverignore to show them)
 Minimum risk level = 1
 Not every hit is necessarily a security vulnerability.
 There may be other security vulnerabilities; review your code!
+
+Testing for no ending newline:
+Lines analyzed = 32