* entrypoint.sh: Make minor improvements
Modify entrypoint.sh, used by the Dockerfile.
The original version *ALWAYS* echoed a success,
even if the command did NOT succeed for some reason.
Instead of printing the spurious message, just show the output and
let the exit value get communicated back to the caller.
This is especially important for CI/CD, since we want the CI/CD
system to get the exit value (e.g., so it can report failure if there
was a failure).
This version also displays the results to standard out, so it's
easier to immediately see the output from a CI/CD run.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Note that the input filenames still have to be escaped
(to support the use of "-" options on the command line).
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Switch to "VAR in (...)" style in the code.
This is shorter and slightly simpler (it's clear only a single
variable value is being considered).
This eliminates many pylint warnings and
produces a minor improvement in the pylint score.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Fix the source package.
We recently renamed "flawfinder" to "flawfinder.py" in the
source tree, but the "distribute" target then removes because
previously "flawfinder.py" wasn't the "real thing".
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Update test correct answers because we have a new version
number by repeatedly running:
make check; make test-is-correct
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
The --error-level option is useful in continuous integration (CI)
pipelines. Make it even more obvious in the documentation.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
My SINCERE THANKS to yongyan-gh for the hard work to integrate
SARIF output functionality into flawfinder!!
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Flawfinder has a project-specific rule to put all code in one file.
That can be a pain for development, but the rule makes *deploying*
flawfinder really easy in some settings. Worse comes to worse, just
copy the file somewhere and you can run it!
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Modify "make install" to quote filenames
(in case a directory has a space in it), and
on Linux/Unix force the program's permissions to be executable.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Git patch format is slightly different from unified diff / svn diff.
The hunk format changes, and the function name is added after the last
@@. The regex has to be changed to ensure the hunk is recognized, so the
line numbers are correct.