Version number now 1.28, add test for filenames without trailing newline
This commit is contained in:
parent
8674d33858
commit
f5e02e9ec2
|
@ -9,8 +9,8 @@
|
||||||
<body>
|
<body>
|
||||||
<h1>Flawfinder Results</h1>
|
<h1>Flawfinder Results</h1>
|
||||||
Here are the security scan results from
|
Here are the security scan results from
|
||||||
<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.27</a>,
|
<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.28</a>,
|
||||||
(C) 2001-2004 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
|
(C) 2001-2007 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
|
||||||
Number of dangerous functions in C/C++ ruleset: 160
|
Number of dangerous functions in C/C++ ruleset: 160
|
||||||
<p>
|
<p>
|
||||||
Examining test.c <br>
|
Examining test.c <br>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler.
|
Flawfinder version 1.28, (C) 2001-2007 David A. Wheeler.
|
||||||
Number of dangerous functions in C/C++ ruleset: 160
|
Number of dangerous functions in C/C++ ruleset: 160
|
||||||
Examining test.c
|
Examining test.c
|
||||||
Examining test2.c
|
Examining test2.c
|
||||||
|
@ -137,3 +137,6 @@ Suppressed hits = 2 (use --neverignore to show them)
|
||||||
Minimum risk level = 1
|
Minimum risk level = 1
|
||||||
Not every hit is necessarily a security vulnerability.
|
Not every hit is necessarily a security vulnerability.
|
||||||
There may be other security vulnerabilities; review your code!
|
There may be other security vulnerabilities; review your code!
|
||||||
|
|
||||||
|
Testing for no ending newline:
|
||||||
|
Lines analyzed = 32
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
See the man page for a description of the options."""
|
See the man page for a description of the options."""
|
||||||
|
|
||||||
version="1.27"
|
version="1.28"
|
||||||
|
|
||||||
# The default output is as follows:
|
# The default output is as follows:
|
||||||
# filename:line_number [risk_level] (type) function_name: message
|
# filename:line_number [risk_level] (type) function_name: message
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
Name: flawfinder
|
Name: flawfinder
|
||||||
Summary: Examines C/C++ source code for security flaws
|
Summary: Examines C/C++ source code for security flaws
|
||||||
Version: 1.27
|
Version: 1.28
|
||||||
Release: 1
|
Release: 1
|
||||||
License: GPL
|
License: GPL
|
||||||
Group: Development/Tools
|
Group: Development/Tools
|
||||||
|
|
13
makefile
13
makefile
|
@ -9,7 +9,7 @@
|
||||||
# Eventually switch to using DistUtils to autogenerate.
|
# Eventually switch to using DistUtils to autogenerate.
|
||||||
|
|
||||||
NAME=flawfinder
|
NAME=flawfinder
|
||||||
VERSION=1.27
|
VERSION=1.28
|
||||||
RPM_VERSION=1
|
RPM_VERSION=1
|
||||||
VERSIONEDNAME=$(NAME)-$(VERSION)
|
VERSIONEDNAME=$(NAME)-$(VERSION)
|
||||||
ARCH=noarch
|
ARCH=noarch
|
||||||
|
@ -97,12 +97,17 @@ time:
|
||||||
test: flawfinder test.c test2.c
|
test: flawfinder test.c test2.c
|
||||||
# Omit time report so that results are always the same textually.
|
# Omit time report so that results are always the same textually.
|
||||||
./flawfinder --omittime test.c test2.c > test-results.txt
|
./flawfinder --omittime test.c test2.c > test-results.txt
|
||||||
|
echo >> test-results.txt
|
||||||
|
echo "Testing for no ending newline:" >> test-results.txt
|
||||||
|
./flawfinder --omittime no-ending-newline.c | \
|
||||||
|
grep 'Lines analyzed' >> test-results.txt
|
||||||
./flawfinder --omittime --html --context test.c test2.c > test-results.html
|
./flawfinder --omittime --html --context test.c test2.c > test-results.html
|
||||||
less test-results.txt
|
@echo "Differences from expected results:"
|
||||||
|
@diff -u correct-results.txt test-results.txt
|
||||||
|
|
||||||
check:
|
check: test
|
||||||
diff -u correct-results.txt test-results.txt
|
|
||||||
|
|
||||||
|
# Run "make test-is-correct" if the results are as expected.
|
||||||
test-is-correct: test-results.txt
|
test-is-correct: test-results.txt
|
||||||
mv test-results.txt correct-results.txt
|
mv test-results.txt correct-results.txt
|
||||||
mv test-results.html correct-results.html
|
mv test-results.html correct-results.html
|
||||||
|
|
|
@ -0,0 +1,32 @@
|
||||||
|
// Test file to show bug in 1.27
|
||||||
|
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
int main()
|
||||||
|
{
|
||||||
|
FILE *f;
|
||||||
|
char buf[1024], *s;
|
||||||
|
int first;
|
||||||
|
|
||||||
|
first = 1;
|
||||||
|
while(fgets(buf, sizeof(buf), stdin) != 0) {
|
||||||
|
if(first == 0) {
|
||||||
|
printf("\n");
|
||||||
|
}
|
||||||
|
s = buf;
|
||||||
|
while(*s != '\0') {
|
||||||
|
if(*s == '\n' || *s == '\r') {
|
||||||
|
*s = '\0';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
s++;
|
||||||
|
}
|
||||||
|
printf("%s", buf);
|
||||||
|
first = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* end with spaces and no \n or \r */
|
||||||
|
|
2
setup.py
2
setup.py
|
@ -25,7 +25,7 @@ import commands
|
||||||
|
|
||||||
setup (# Distribution meta-data
|
setup (# Distribution meta-data
|
||||||
name = "flawfinder",
|
name = "flawfinder",
|
||||||
version = "1.27",
|
version = "1.28",
|
||||||
description = "a program that examines source code looking for security weaknesses",
|
description = "a program that examines source code looking for security weaknesses",
|
||||||
author = "David A. Wheeler",
|
author = "David A. Wheeler",
|
||||||
author_email = "dwheeler@dwheeler.com",
|
author_email = "dwheeler@dwheeler.com",
|
||||||
|
|
|
@ -9,8 +9,8 @@
|
||||||
<body>
|
<body>
|
||||||
<h1>Flawfinder Results</h1>
|
<h1>Flawfinder Results</h1>
|
||||||
Here are the security scan results from
|
Here are the security scan results from
|
||||||
<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.27</a>,
|
<a href="http://www.dwheeler.com/flawfinder">Flawfinder version 1.28</a>,
|
||||||
(C) 2001-2004 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
|
(C) 2001-2007 <a href="http://www.dwheeler.com">David A. Wheeler</a>.
|
||||||
Number of dangerous functions in C/C++ ruleset: 160
|
Number of dangerous functions in C/C++ ruleset: 160
|
||||||
<p>
|
<p>
|
||||||
Examining test.c <br>
|
Examining test.c <br>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler.
|
Flawfinder version 1.28, (C) 2001-2007 David A. Wheeler.
|
||||||
Number of dangerous functions in C/C++ ruleset: 160
|
Number of dangerous functions in C/C++ ruleset: 160
|
||||||
Examining test.c
|
Examining test.c
|
||||||
Examining test2.c
|
Examining test2.c
|
||||||
|
@ -137,3 +137,6 @@ Suppressed hits = 2 (use --neverignore to show them)
|
||||||
Minimum risk level = 1
|
Minimum risk level = 1
|
||||||
Not every hit is necessarily a security vulnerability.
|
Not every hit is necessarily a security vulnerability.
|
||||||
There may be other security vulnerabilities; review your code!
|
There may be other security vulnerabilities; review your code!
|
||||||
|
|
||||||
|
Testing for no ending newline:
|
||||||
|
Lines analyzed = 32
|
||||||
|
|
Loading…
Reference in New Issue