Commit Graph

296 Commits

Author SHA1 Message Date
David A. Wheeler 2b8c890467 flawfinder.1: minor reformatting
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 19:05:39 -04:00
David A. Wheeler 428fbf6b02 Make --error-level more obvious in the man page
The --error-level option is useful in continuous integration (CI)
pipelines. Make it even more obvious in the documentation.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 19:03:37 -04:00
David A. Wheeler 113483d06b flawfinder.1: Minor man page cleanup
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 18:56:28 -04:00
David A. Wheeler 0684f61cf4 Ensure SARIF includes flawfinder's current version
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 18:48:19 -04:00
David A. Wheeler bcb5e652ef Document SARIF defails in man page
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 18:46:50 -04:00
David A. Wheeler c99529852a ChangeLog: Note major changes (with credits!!)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 15:15:06 -04:00
David A. Wheeler 3bc5f16c4c Merge branch 'sarifOutput'
My SINCERE THANKS to yongyan-gh for the hard work to integrate
SARIF output functionality into flawfinder!!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 14:41:39 -04:00
David A. Wheeler 772c6f6448 flawfinder.py should be executable
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 14:41:14 -04:00
David A. Wheeler fd50391439 Move sariflogger.py into flawfinder.py
Flawfinder has a project-specific rule to put all code in one file.
That can be a pain for development, but the rule makes *deploying*
flawfinder really easy in some settings. Worse comes to worse, just
copy the file somewhere and you can run it!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 14:39:44 -04:00
David A. Wheeler 1a225623ca
Merge pull request #44 from myersg86/master
Track curly brace level in extract_c_parameters
2021-05-19 10:17:15 -04:00
Greg Myers 7defaf1fe5
Track curly brace level in extract_c_parameters
https://github.com/david-a-wheeler/flawfinder/issues/25
https://gitlab.com/gitlab-org/gitlab/-/issues/327032
2021-04-30 13:27:58 -06:00
Yong Yan f9819b48a5 export sarif report
Fix functions/variables naming

update function name
2021-04-28 16:50:58 -07:00
David A. Wheeler 1ff740623b Fix makefile install/uninstall
Modify "make install" to quote filenames
(in case a directory has a space in it), and
on Linux/Unix force the program's permissions to be executable.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-04-20 20:10:16 -04:00
David A. Wheeler 14bcaeec36
Merge pull request #40 from IntidSammers/master
Make Git patch works
2021-04-07 10:51:56 -04:00
Robin Geffroy 21307f6642 Make Git patch works
Git patch format is slightly different from unified diff / svn diff.
The hunk format changes, and the function name is added after the last
@@. The regex has to be changed to ensure the hunk is recognized, so the
line numbers are correct.
2021-04-07 14:25:15 +02:00
David A. Wheeler 8f3b3c33fa Add .pc and .sc extensions
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-03-21 18:03:37 -04:00
David A. Wheeler 9a181d4103
Merge pull request #37 from ben-edna/feature/cross-platform-setup
Feature/cross platform setup

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-03-21 17:44:11 -04:00
Ben Spoor e0655e4faf Use entry_points instead of scripts
As decribed in https://click.palletsprojects.com/en/7.x/setuptools/ shebangs only work in
unix and OSX (and in cygwin on windows). By using the entry_points mechanism
Python will handle all cross-platform issues making it useable for everybody.
2021-03-08 13:29:31 +01:00
Ben Spoor 6b4b796c48 Make proper python module (add .py extension) 2021-03-08 13:29:17 +01:00
Ben Spoor 09f34faaf2 Add main entry point 2021-03-08 13:21:33 +01:00
David A. Wheeler 36d74e0505 Update tests for new .csv results
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-03-07 18:38:04 -05:00
Yong Yan 88869d9dec Add default rule level to csv 2021-02-26 16:10:48 -08:00
Yong Yan fd4dc902ad Add Sarif rule id 2021-02-25 02:49:15 -08:00
David A. Wheeler c13f65df14
Merge pull request #31 from squaresurf/fix-msg
Fix encoding error message misspelling
2021-01-12 22:50:13 -05:00
Daniel Paul Searles 29a28737e8
Fix encoding error message misspelling 2021-01-12 20:09:23 -07:00
David A. Wheeler 6c8f2ce729 Update ChangeLog for 2.0.15
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:27:58 -05:00
David A. Wheeler 04e444c84a Update tests for new version#
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:21:15 -05:00
David A. Wheeler 8f3111a3fd Change version# to 2.0.15
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:20:19 -05:00
David A. Wheeler 6fd354bd2d Check for ps2pdf before using it
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:19:12 -05:00
David A. Wheeler 29df9eb26e
Merge pull request #29 from sylveon/load-library-ex-enhancements
Enhance detection and diagnostics of LoadLibrary(Ex)
2021-01-11 19:15:20 -05:00
Charles Milette 49fd4b2ec9
Move safe_search to globals and add LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR to the list of safe flags 2021-01-10 18:01:03 -05:00
Charles Milette bd3787e2bc
Update test files 2021-01-09 20:37:20 -05:00
Charles Milette 917d03e4f9
Enhance detection and diagnostics of LoadLibrary(Ex) 2021-01-09 20:25:26 -05:00
David A. Wheeler 0cba711317 Version 2.0.14
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:55:24 -05:00
David A. Wheeler 3e0c3a4f53 Fix makefile problem and version numbers
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:49:12 -05:00
David A. Wheeler 6ec2611fac Update ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:35:30 -05:00
David A. Wheeler 48d45086b2 Ignore LoadLibraryEx if LOAD_LIBRARY_SEARCH_SYSTEM32
Ignore LoadLibraryEx if its third parameter is
LOAD_LIBRARY_SEARCH_SYSTEM32, as this is safe.
This eliminates a false positive.

See:
https://github.com/david-a-wheeler/flawfinder/issues/26

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:22:58 -05:00
David A. Wheeler 7321f9f19c Remove InitialCriticalSection
This is no longer a vulnerability on widely-used Windows versions.
See:
https://github.com/david-a-wheeler/flawfinder/issues/19

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:04:56 -05:00
David A. Wheeler 41857c6364 Tell users how to disable false positives
If there are >0 hits, tell users how to ignore them in the output.
This resolves:
https://github.com/david-a-wheeler/flawfinder/issues/24

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 12:55:44 -05:00
David A. Wheeler 48ebb4023e Ignore "system::" to reduce false positives
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-03 14:13:27 -05:00
David A. Wheeler f32f11f092 Add .hpp support for C++
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-03 13:42:58 -05:00
David A. Wheeler 40b540d6ae
Merge pull request #21 from duongdominhchau/master
Fix misrecognized number separator in C++14
2021-01-03 12:58:36 -05:00
Duong Do Minh Chau 1bb1a69d6c Add test 2020-04-27 20:22:27 +07:00
Duong Do Minh Chau e856bce4e9 Treat ' as digit separator when file extension is .cpp, .cxx, .cc 2020-04-27 20:00:17 +07:00
David A. Wheeler 6d3a04cfef Last-minute tweaks for release
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2020-02-17 10:24:34 -05:00
David A. Wheeler d694a9e766 Provide better error feedback on encoding problems
Python3 has provided the world with endless character encoding problems.
It assumes the world is perfect with perfectly encoded data,
and fails to provide useful ways to deal with messy real-world data.

We can't really solve that, but we can detect the problem and
provide some useful information to users on possible ways to
solve the problem.  Much of this information was already in the
documentation, but many users aren't looking at the documentation.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2020-02-17 10:05:39 -05:00
David A. Wheeler 293ca17d82 Note character encoding in README, note cvt2utf
To help people out, note the potential character encoding issue
in the README (pointing to the documentation for more details)
and note the "cvt2utf" Python program.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-10-24 08:22:59 -04:00
David A. Wheeler 578c99cc17
Merge pull request #15 from jhachenbergerSIT/test_subdir
Move all test related files into a subdirectory
2019-09-24 21:33:01 -04:00
Julien Hachenberger be85f40291
Recreate missing make targets
Pull request #15 moved `check` and `test-is-correct`
to test/makefile making them inaccessible by the main
makefile. This commit recreates both targets again and
simply passesthrough the calls to the corresponding sub makefile.

Signed-off-by: Julien Hachenberger <julien.hachenberger@sit.fraunhofer.de>
2019-09-24 12:52:10 +02:00
Julien Hachenberger 717d035206
Make sub-'make' call POSIX compliant
Pull request #15 introduced a `make` call using `-C` (short for: `--directory`)
option which is not POSIX compliant. This commit will use the `cd` builtin
instead to maintain POSIX compliance.

Signed-off-by: Julien Hachenberger <julien.hachenberger@sit.fraunhofer.de>
2019-09-24 12:42:39 +02:00