Commit Graph

28 Commits

Author SHA1 Message Date
David A. Wheeler 34a58911d3 Update version numbers
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2018-01-26 00:24:39 -05:00
David A. Wheeler 2691ac6de5 Use https:, not http:, for cwe.mitre.org
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2018-01-25 23:52:35 -05:00
David A. Wheeler 6380038c34 Fix CWE hyperlinks with trailing ! or /
This fixes SF bug #9.

Thanks to philipp for reporting it!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2018-01-25 23:48:05 -05:00
David A. Wheeler 5aa1dec7f7 Update www.dwheeler.com URLs to use https
The www.dwheeler.com site has long supported https, but I forgot
to change these URLs. Fix that, so that people will use https.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-23 20:45:03 -04:00
David A. Wheeler 6f513af900 Always report hit counts correctly, even if ignored using -m
This commit means that the output provides useful summary data,
even if the lower-level hits are suppressed.

Note that this does use a little more memory when some hits
are supressed, since the hitlist is fully created even
if only parts are displayed.  However, modern systems have
lots of memory. Hopefully we'll never analyze software
with so many problems that this is a problem itself :-).
If someone ever has that problem, they can output everything
and filter it separately.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-23 20:36:50 -04:00
David A. Wheeler 22507eabdb Update tests to pass (new rules, so rule count changed)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-09 20:47:08 -04:00
David A. Wheeler 24992c0f08 Update version to 2.0.4
My upload intended for pypitest appears to have gone to pypi instead.
To eliminate confusion, I'm bumping the version number so that
any single version number always refers to exactly one program version.

This was done with:
sed -i.bak -e 's/2\.0\.3/2.0.4/g' \
  ChangeLog correct-results.* flawfinder makefile setup.py

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 20:46:45 -04:00
David A. Wheeler ec31c822dd Mark version as 2.0.3
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 20:03:44 -04:00
David A. Wheeler d38535419f Update version number to 2.0.2
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 17:56:29 -04:00
David A. Wheeler 203115edc3 Update book title
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 15:28:22 -04:00
David A. Wheeler 310f850d5b Update version number to 2.0.1
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 23:15:56 -04:00
David A. Wheeler 02029816d4 Add rules to detect g_*rand* functions
Thanks to Michael McConville for this suggestion!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-29 16:35:06 -04:00
David A. Wheeler 872109f230 Change version number to 2.0.0 - use Semantic Versioning
This switches flawfinder's version naming conventions to comply with
Semantic Versioning.  We change the first digit to "2" because
there's a subtle change in how CWEs are reported - see the
ChangeLog or documentation for more information.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-29 13:24:25 -04:00
David A. Wheeler f6814c97c1 Reduce risk level to 0 of snprintf with constant format string
- snprintf is a useful *countermeasure* for buffer overflows,
    and unlike some alternatives it is standard and *widely* available.
    (strlcpy/strlcat are useful but not standard and not widely available;
    snprintf_s is standard but not widely available).
    Historically we warned about snprintf because old systems didn't
    implement it correctly, but at this point these old systems are
    more historical than anything else.
    Instead, let's specifically *mention* snprintf as a recommended
    potential solution for buffer overflows.
2014-09-01 15:14:55 -04:00
David A. Wheeler aa2277b862 Add Microsoft banned functions for string copy and replacement 2014-08-09 13:32:37 -04:00
David A. Wheeler a6b3a1b24d Add cross-link to "Secure Programming" book 2014-07-28 21:25:00 -04:00
David A. Wheeler 4e99642392 Switch version # to 1.31.
- Version number 1.30 might be confused with 1.3.  This eliminates
    the potential problem.
2014-07-27 17:19:24 -04:00
David A. Wheeler a33ae6c62e Add more wide character rules and refine CWE mapping 2014-07-22 23:17:53 -04:00
David A. Wheeler 5eb5e8411d Change version number to 1.30.
- This is the upcoming version number.  Change it now so that this
    is distinct from the released version 1.29.
2014-07-19 20:46:15 -04:00
David A. Wheeler 60948e8368 Move CWE-119 report on char into warning instead of recommendation 2014-07-19 19:16:41 -04:00
David A. Wheeler dcf40ef8fd Modify test suite - also check generated HTML 2014-07-19 19:10:12 -04:00
David A. Wheeler 7112bf164c Rewrite print_multi_line. It's now shorter, faster, and formats better 2014-07-19 16:42:14 -04:00
David A. Wheeler 5c66efaf2b Update version# and years 2014-07-19 13:00:58 -04:00
David A. Wheeler 9de8db2e74 Add Common Weakness Enumeration (CWE) references 2014-07-13 00:06:04 -04:00
David A. Wheeler f5e02e9ec2 Version number now 1.28, add test for filenames without trailing newline 2014-07-12 07:01:23 -04:00
dwheeler 1331cd7aae Add atoi() and atol(). It's a little lame, but at least it's there.
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@14 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 23:20:49 +00:00
dwheeler 5808029a6a Better error message when the files cannot be read
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@7 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 03:44:31 +00:00
dwheeler 14c90f7335 Initial import
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@1 5c01084b-1f27-0410-9f85-80411afe95dc
2007-01-16 02:44:45 +00:00