David A. Wheeler
0f4deebe00
Remove some Python 2/3 inconsistencies
...
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 20:45:05 -04:00
David A. Wheeler
6bb9c5d3c7
Tweak code to eliminate pylint warning
...
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 20:34:04 -04:00
David A. Wheeler
eb3631d839
Remove use of Python 2-only __cmp__
...
Remove use of __cmp__, which is in Python 2 but not in Python 3.
Instead, use sort keys, which work in Python 2 and 3.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 20:31:41 -04:00
David A. Wheeler
ea67f5dbca
Switch all print statements to print() functions
...
Switch all print statements to print() functions per PEP 3105.
Python 3 *only* supports print() functions, so this begins to
move the code towards simultaneously supporting python 2 and 3.
This implements "stage1" of futurize. In theory, "stage1" is
supposed to be "low risk", but in fact a *large* number of
manual fixes had to be made to make the program work again.
Python 2's traditional print statement includes the "softspace"
feature. This is "a semi-secret attribute on files currently used to tell
print whether to insert a space before the first item". The print()
function does not have the "softspace" feature, so there is no direct
translation for any situation that depended on softspaces.
Flawfinder used softspaces extensively, as they were convenient,
so it took a little work to make print() functions work.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 19:33:49 -04:00
David A. Wheeler
d5c4af4be1
Add "fingerprint" to CSV output
...
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 23:50:52 -04:00
David A. Wheeler
310f850d5b
Update version number to 2.0.1
...
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 23:15:56 -04:00
David A. Wheeler
7a0a1f38a6
Improve documentation about the use of pylint
...
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 20:47:28 -04:00
David A. Wheeler
a19714aa30
Modify some names per pylint recommendations
...
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 20:29:10 -04:00
David A. Wheeler
c4b28d916f
Remove/merge duplicate hash entries found by pylint
...
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 20:22:11 -04:00
David A. Wheeler
6c49d39c61
Fix error (use of undefined variable) found by pylint
...
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 20:13:37 -04:00
David A. Wheeler
48bad06778
Change old-style class to "new"-style class
...
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 20:07:58 -04:00
David A. Wheeler
1de04d3dca
Mass reformat of flawfinder source code to better comply with PEP 8
...
This reformats the source code's style to better comply with
Python PEP 8.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 20:06:39 -04:00
David A. Wheeler
d06466bd2a
Fix minor style issues identified by pylint
...
Pylint is a static analyzer of Python code. It seems appropriate
to use a static analyzer to analyze a static analyzer :-).
None of the changes here fix a flaw in flawfinder.
The goal here is to follow PEP 008 more closely in the hope that
the changes make it easier for other developers to improve it further.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 16:49:11 -04:00
David A. Wheeler
02029816d4
Add rules to detect g_*rand* functions
...
Thanks to Michael McConville for this suggestion!
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-29 16:35:06 -04:00
David A. Wheeler
6f399a0a25
Add support for generating CSV files
...
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-29 16:21:00 -04:00
David A. Wheeler
872109f230
Change version number to 2.0.0 - use Semantic Versioning
...
This switches flawfinder's version naming conventions to comply with
Semantic Versioning. We change the first digit to "2" because
there's a subtle change in how CWEs are reported - see the
ChangeLog or documentation for more information.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-29 13:24:25 -04:00
David A. Wheeler
8f62d4290b
flawfinder: remove some trailing whitespace
2014-09-07 14:14:55 -04:00
David A. Wheeler
f6814c97c1
Reduce risk level to 0 of snprintf with constant format string
...
- snprintf is a useful *countermeasure* for buffer overflows,
and unlike some alternatives it is standard and *widely* available.
(strlcpy/strlcat are useful but not standard and not widely available;
snprintf_s is standard but not widely available).
Historically we warned about snprintf because old systems didn't
implement it correctly, but at this point these old systems are
more historical than anything else.
Instead, let's specifically *mention* snprintf as a recommended
potential solution for buffer overflows.
2014-09-01 15:14:55 -04:00
David A. Wheeler
6031b31f8c
Add Microsoft banned list for string concatenation
2014-08-09 13:44:32 -04:00
David A. Wheeler
aa2277b862
Add Microsoft banned functions for string copy and replacement
2014-08-09 13:32:37 -04:00
David A. Wheeler
0b432d2791
Change syntax of CWE mapping reports for CWE hierarchies (use "!" for map)
...
- The old syntax was very confusing. Now just report
higher-level/lower-level, with "!" after the CWE that is actually
the mapping.
2014-08-09 13:06:50 -04:00
David A. Wheeler
58749e78bc
Change version number to 1.32
...
- Change version number early to prevent accidentally confusing
this version with a released version.
2014-08-04 22:48:41 -04:00
David A. Wheeler
5156456c79
flawfinder: Improve error-handling. Warn of non-existent files (esp long dash)
...
- Provide a separate warning for filenames listed on the command line
but do not actually exist.
- Provide a SPECIAL warning for filenames that begin with
the UTF-8 sequence of long dashes. Users might
copy-and-paste from the pdf version of the man page, and that might
produce long dashes (instead of normal dashes). This problem
can be hard to detect, so specially warning about it should help.
2014-08-03 15:29:05 -04:00
David A. Wheeler
547d1f3e17
Sending warnings to stderr, not stdout
2014-08-03 15:10:39 -04:00
David A. Wheeler
16ac21ca1f
Fix some warning text (CWE reference was in wrong place)
2014-08-02 21:59:28 -04:00
David A. Wheeler
8f9ccc47ea
Add option "-H" as a synonym for "--html" to generate HTML
2014-08-02 21:50:21 -04:00
David A. Wheeler
4c36be0094
Reorder help information, help and version are really common requests
2014-08-02 21:46:29 -04:00
David A. Wheeler
4f363e6766
flawfinder: Document Python language version issues
2014-07-30 23:45:39 -04:00
David A. Wheeler
304225c9bd
Use non-integer division (requires Python 2.2+)
...
- Add "from __future__ import division". This is the default in
Python 3, and has been long available in Python 2.
2014-07-29 08:43:27 -04:00
David A. Wheeler
7e655111a9
flawfinder: Make comments fit in 80 char columns
2014-07-29 08:39:30 -04:00
David A. Wheeler
43ada0aae8
Reformat comments to be less than 80 columns long.
2014-07-29 08:37:06 -04:00
David A. Wheeler
f74076c2fa
Remove unnecessary invocation of "apply"
...
- Remove unnecessary invocation of "apply".
Python 2.4 deprecated "apply", and Python 3 removes it.
2014-07-29 08:29:02 -04:00
David A. Wheeler
bc5eef939f
flawfinder: Replace tabs with spaces, making indentation char consistent
2014-07-29 08:23:24 -04:00
David A. Wheeler
f351b779ac
flawfinder: Change constructs of form "d.has_key(d)" to "k in d".
...
- Change code to be more idiomatic and closer to Python 3,
while staying in Python 2. For more information, see:
http://www.dwheeler.com/essays/python3-in-python2.html
2014-07-29 08:18:52 -04:00
David A. Wheeler
d769867375
Clearly document the license (GPLv2+)
2014-07-28 21:58:22 -04:00
David A. Wheeler
a6b3a1b24d
Add cross-link to "Secure Programming" book
2014-07-28 21:25:00 -04:00
David A. Wheeler
4e99642392
Switch version # to 1.31.
...
- Version number 1.30 might be confused with 1.3. This eliminates
the potential problem.
2014-07-27 17:19:24 -04:00
David A. Wheeler
a33ae6c62e
Add more wide character rules and refine CWE mapping
2014-07-22 23:17:53 -04:00
David A. Wheeler
5eb5e8411d
Change version number to 1.30.
...
- This is the upcoming version number. Change it now so that this
is distinct from the released version 1.29.
2014-07-19 20:46:15 -04:00
David A. Wheeler
8423c14116
Fix up "make show-cwes"
2014-07-19 19:21:23 -04:00
David A. Wheeler
60948e8368
Move CWE-119 report on char into warning instead of recommendation
2014-07-19 19:16:41 -04:00
David A. Wheeler
cfe1a062fe
Tweak mappings to CWE. strlen() better maps to CWE-126 (buffer over-read)
2014-07-19 19:05:49 -04:00
David A. Wheeler
7112bf164c
Rewrite print_multi_line. It's now shorter, faster, and formats better
2014-07-19 16:42:14 -04:00
David A. Wheeler
f9a6fdd314
Add links to CWE entries when producing HTML, and tweak output report
2014-07-19 16:20:14 -04:00
David A. Wheeler
5c66efaf2b
Update version# and years
2014-07-19 13:00:58 -04:00
David A. Wheeler
742cb6db13
flawfinder: Modify --listrules to also report default warning
2014-07-19 12:58:02 -04:00
David A. Wheeler
ba451aceb7
Update dates
2014-07-13 13:21:40 -04:00
David A. Wheeler
bd3bd7dae5
Add ability to search in warnings (e.g., for CWEs), and document that
2014-07-13 13:19:50 -04:00
David A. Wheeler
9de8db2e74
Add Common Weakness Enumeration (CWE) references
2014-07-13 00:06:04 -04:00
David A. Wheeler
5a56f2667d
flawfinder: Simplify string check
2014-07-12 22:24:02 -04:00
David A. Wheeler
1d9a870d77
Add support for git diff (as well as svn diff and GNU diff)
2014-07-12 21:36:54 -04:00
David A. Wheeler
923cf6042c
Rewrite documentation in man page and --help option for clarity
...
- Group options in --help, just like the man page, for clarity
- Create a new group, "Selecting Input Data", so that they are
clearly distinguished from selecting what hits to display.
- Other clarifications in the man page.
2014-07-12 20:43:04 -04:00
David A. Wheeler
202bf127dc
Handle unbalanced double-quotes in sprintf
...
- Handle unbalanced double-quotes. This is a compilation error, but
we can handle it more gracefully.
2014-07-12 12:25:59 -04:00
David A. Wheeler
40982f89ba
Warn that time info is approximate
...
- We can't give exact times, in particular, the start time
is measured only after Python finishes starting up.
So, warn about that.
2014-07-12 12:11:26 -04:00
David A. Wheeler
e95f94db75
Fix report on time executed (fix bug#7)
...
- The time reported was wrong in a misguided attempt to round.
2014-07-12 12:07:24 -04:00
David A. Wheeler
400b58817c
Allow "flawfinder ." (fix bug#3)
...
- Skipping dotdir also skipped ".", but it shouldn't.
- My thanks to Gerd, who provided the patch
2014-07-12 11:40:22 -04:00
David A. Wheeler
f372da2530
Fix ignore directive when filenames differ (fix bug#6)
...
- My thanks to Bernhard Herzog who provided the patch!
2014-07-12 11:31:45 -04:00
David A. Wheeler
1623be3119
Document -F option in help output
2014-07-12 11:25:11 -04:00
David A. Wheeler
f5e02e9ec2
Version number now 1.28, add test for filenames without trailing newline
2014-07-12 07:01:23 -04:00
David A. Wheeler
8674d33858
flawfinder: Fix patch so line number count is correct
2014-07-12 06:46:14 -04:00
David A. Wheeler
3bdc1db866
flawfinder: Handle files not ending in newline (from Alexis Wilke)
...
- Thanks to Alexis Wilke!
2014-07-12 06:21:34 -04:00
dwheeler
1331cd7aae
Add atoi() and atol(). It's a little lame, but at least it's there.
...
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@14 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 23:20:49 +00:00
dwheeler
ec80c6eacd
Clean up getenv text
...
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@13 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 23:10:13 +00:00
dwheeler
ed8a7b2a98
Permit .c++ as a C++ extension
...
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@12 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 23:07:27 +00:00
dwheeler
130ee2e521
Cleanup: Replaced initial tabs with spaces
...
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@11 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 14:35:52 +00:00
dwheeler
bff102b656
Cleaned up code for patch handling, fix bug in subdir handling, include patch info in help.
...
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@10 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 14:32:07 +00:00
dwheeler
5808029a6a
Better error message when the files cannot be read
...
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@7 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 03:44:31 +00:00
dwheeler
47c7711a79
Fix Debian bug #271287
...
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@6 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 03:35:20 +00:00
dwheeler
1ff26b75e5
Removed junk files, e.g., an old Debian report (long since fixed)
...
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@3 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 03:00:12 +00:00
dwheeler
f5e94b32ec
Support unified diff patch files, skip dot-dirs
...
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@2 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 02:53:03 +00:00
dwheeler
14c90f7335
Initial import
...
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@1 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 02:44:45 +00:00