Commit Graph

267 Commits

Author SHA1 Message Date
David A. Wheeler 29df9eb26e
Merge pull request #29 from sylveon/load-library-ex-enhancements
Enhance detection and diagnostics of LoadLibrary(Ex)
2021-01-11 19:15:20 -05:00
Charles Milette 49fd4b2ec9
Move safe_search to globals and add LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR to the list of safe flags 2021-01-10 18:01:03 -05:00
Charles Milette bd3787e2bc
Update test files 2021-01-09 20:37:20 -05:00
Charles Milette 917d03e4f9
Enhance detection and diagnostics of LoadLibrary(Ex) 2021-01-09 20:25:26 -05:00
David A. Wheeler 0cba711317 Version 2.0.14
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:55:24 -05:00
David A. Wheeler 3e0c3a4f53 Fix makefile problem and version numbers
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:49:12 -05:00
David A. Wheeler 6ec2611fac Update ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:35:30 -05:00
David A. Wheeler 48d45086b2 Ignore LoadLibraryEx if LOAD_LIBRARY_SEARCH_SYSTEM32
Ignore LoadLibraryEx if its third parameter is
LOAD_LIBRARY_SEARCH_SYSTEM32, as this is safe.
This eliminates a false positive.

See:
https://github.com/david-a-wheeler/flawfinder/issues/26

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:22:58 -05:00
David A. Wheeler 7321f9f19c Remove InitialCriticalSection
This is no longer a vulnerability on widely-used Windows versions.
See:
https://github.com/david-a-wheeler/flawfinder/issues/19

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:04:56 -05:00
David A. Wheeler 41857c6364 Tell users how to disable false positives
If there are >0 hits, tell users how to ignore them in the output.
This resolves:
https://github.com/david-a-wheeler/flawfinder/issues/24

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 12:55:44 -05:00
David A. Wheeler 48ebb4023e Ignore "system::" to reduce false positives
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-03 14:13:27 -05:00
David A. Wheeler f32f11f092 Add .hpp support for C++
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-03 13:42:58 -05:00
David A. Wheeler 40b540d6ae
Merge pull request #21 from duongdominhchau/master
Fix misrecognized number separator in C++14
2021-01-03 12:58:36 -05:00
Duong Do Minh Chau 1bb1a69d6c Add test 2020-04-27 20:22:27 +07:00
Duong Do Minh Chau e856bce4e9 Treat ' as digit separator when file extension is .cpp, .cxx, .cc 2020-04-27 20:00:17 +07:00
David A. Wheeler 6d3a04cfef Last-minute tweaks for release
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2020-02-17 10:24:34 -05:00
David A. Wheeler d694a9e766 Provide better error feedback on encoding problems
Python3 has provided the world with endless character encoding problems.
It assumes the world is perfect with perfectly encoded data,
and fails to provide useful ways to deal with messy real-world data.

We can't really solve that, but we can detect the problem and
provide some useful information to users on possible ways to
solve the problem.  Much of this information was already in the
documentation, but many users aren't looking at the documentation.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2020-02-17 10:05:39 -05:00
David A. Wheeler 293ca17d82 Note character encoding in README, note cvt2utf
To help people out, note the potential character encoding issue
in the README (pointing to the documentation for more details)
and note the "cvt2utf" Python program.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-10-24 08:22:59 -04:00
David A. Wheeler 578c99cc17
Merge pull request #15 from jhachenbergerSIT/test_subdir
Move all test related files into a subdirectory
2019-09-24 21:33:01 -04:00
Julien Hachenberger be85f40291
Recreate missing make targets
Pull request #15 moved `check` and `test-is-correct`
to test/makefile making them inaccessible by the main
makefile. This commit recreates both targets again and
simply passesthrough the calls to the corresponding sub makefile.

Signed-off-by: Julien Hachenberger <julien.hachenberger@sit.fraunhofer.de>
2019-09-24 12:52:10 +02:00
Julien Hachenberger 717d035206
Make sub-'make' call POSIX compliant
Pull request #15 introduced a `make` call using `-C` (short for: `--directory`)
option which is not POSIX compliant. This commit will use the `cd` builtin
instead to maintain POSIX compliance.

Signed-off-by: Julien Hachenberger <julien.hachenberger@sit.fraunhofer.de>
2019-09-24 12:42:39 +02:00
Julien Hachenberger 025cee45db
Move all test related files into a subdirectory
In order to keep all test-related files within one folder,
this commit creates a new folder 'test/', moves the
test-related files into it and intrdocues a second makefile
within this folder dedicated to run the tests.
The original makefile still contains a 'test' target, but simply
delegates this task to the second makefile.

(fixes david-a-wheeler/flawfinder#11)

Signed-off-by: Julien Hachenberger <julien.hachenberger@sit.fraunhofer.de>
2019-09-23 11:37:14 +02:00
David A. Wheeler fe78940e6f Add better error message on encoding problems
Python3 doesn't provide easy-to-use built-in libraries to deal
with common encoding issues (e.g., Windows-1252 encoded characters
in a UTF-8 stream), so when we see an encoding error,
provide better information on how to deal with it and
a pointer to the more detailed information in the documentation.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-09-22 15:22:17 -04:00
David A. Wheeler f1fdd59da5 Improve docs on character encoding
Provide better info on how to handle character encoding problems.
As more people use Python3 this is more likely to be a problem.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-09-22 15:21:11 -04:00
David A. Wheeler a3ff9a89d6
Merge pull request #10 from jhachenbergerSIT/cleanup
Remove unused files
2019-09-22 14:07:21 -04:00
Julien Hachenberger fa5d5f217d
Remove unused files
These files are not used by any project file,
nor mentioned by the documentation, hence they seem
to be useless.

Signed-off-by: Julien Hachenberger <julien.hachenberger@sit.fraunhofer.de>
2019-09-02 13:09:38 +02:00
David A. Wheeler 38cfae4000 Update version number to upcoming 2.0.11
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-06-23 19:43:09 -04:00
David A. Wheeler 3d054d7438 Update ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-06-22 14:54:00 -04:00
David A. Wheeler 422473be6d Bugfix: when opening diffhitlist, use 'rb' mode
My thanks to Michał Górny, who both reported the problem
and provided the patch. Awesome!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-06-22 14:49:42 -04:00
David A. Wheeler d35fd2718a Update version number now
Update the version number *now* so that we won't
accidentally release two different versions with the same version number.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-05-19 22:55:14 -04:00
David A. Wheeler f5abbfc701 Document what changed in version 2.0.9.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-05-19 22:45:04 -04:00
David A. Wheeler 627fd605dc Note --diffhitlist fix in ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-05-17 19:51:50 -04:00
Labidurie Jerome 8f8353df07 Add unit test for --diffhitlist option
Signed-off-by: Labidurie Jerome <jerome.labidurie@orange.com>
2019-05-17 10:08:33 +02:00
Labidurie Jerome 280dc4a295 Fix Hitlist comparison by adding __eq__() & __ne__() to Hit class
Signed-off-by: Labidurie Jerome <jerome.labidurie@orange.com>
2019-05-17 10:00:41 +02:00
Jon Hood 1e2e6f590f
Merge pull request #6 from elfring/construct_string_literals_without_using_plus_operators
Syntax changes thanks to elfring that do affect bytecode size; Construct string literals without using plus operators
2019-02-26 10:27:04 -06:00
Markus Elfring 69084a95bb Construction of string literals without using plus operators
The programming language “Python” supports string literal concatenation
without the usage of additional plus operators as standard functionality.
https://docs.python.org/3/reference/lexical_analysis.html#string-literal-concatenation

Thus omit unnecessary operator specifications.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2019-02-26 13:09:04 +01:00
David A. Wheeler d42ecdba1d Fix indentation (pylint)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-02-25 23:33:57 -05:00
David A. Wheeler 59a4d42a33 Update test values for version number
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-02-25 23:30:58 -05:00
David A. Wheeler 872ec190ac
Merge pull request #4 from elfring/use_augmented_assignments
Use augmented assignment statements
2019-02-25 23:26:21 -05:00
Markus Elfring 3b8ca7b34a Usage of augmented assignment statements
Source code like “var = var + X” was specified at some places so far.
Use augmented assignment statements instead because they are succinct
and can be more efficient.
https://docs.python.org/3/reference/simple_stmts.html#augmented-assignment-statements

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2019-02-25 21:55:06 +01:00
David A. Wheeler e4f4d4a34b Set version number for next release (2.0.9)
Change the version number *now*, before release, so that we won't
accidentally release software with a duplicate version number later.
Also, tweak the release_process.md documentation to clarify a few things.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-01-21 18:54:01 -05:00
David A. Wheeler f5dac7d8d7 Update ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-01-21 18:32:12 -05:00
David A. Wheeler 9206c93517 Update documentation
Document that we now support GitHub.  Also, change .md files
to use ~~~~ instead of `...` because that's friendlier to
people who want to cut-and-paste commands.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-01-21 17:30:28 -05:00
David A. Wheeler 49a2289fe3 _ftcsat should be _ftcscat. Thanks to Lucas Ramage
Fix typo in name of "banned" function.  Thanks to Lucas Ramage,
who reported this January 2019.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-01-12 11:53:27 -05:00
David A. Wheeler 8d6cfec002 Update correct test results to match memcpy change
There were some merge conflicts in the original merge of teh
memcpy change - to fix them, regenerate the correct test results.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2018-12-19 08:12:33 -05:00
Michael Clark 3c9bf48736 Fixes #19 - don't warn if memcpy call includes sizeof(first arg)
Also fixes for the test output, comprising the bulk of the patch.
2018-12-19 08:07:47 -05:00
David A. Wheeler 27ee4b0c8c Update test results for new version number
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2018-10-08 18:58:01 -04:00
David A. Wheeler fccc59cdcb Update for next version (2.0.8)
Change the version number NOW, so we won't forget later.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2018-10-08 18:55:52 -04:00
David A. Wheeler 6abb7c524b Fix SourceForge bug #14 No special warning for filename with long dash
This was reported by philipp. After some tweaking I got the warning
to work on both Python 2 and Python 3.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2018-10-06 19:11:21 -04:00
David A. Wheeler 006a39e966 Fix SourceForge #18 Renamed file still referenced by other files
We renamed README to README.md but didn't fix all the references.
This fixes the references (hopefully we got them all!).
My thanks to philipp for reporting this!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2018-10-06 18:46:09 -04:00