walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity
262 Commits 2 Branches 24 Tags 724 KiB
Commit Graph

262 Commits

Author SHA1 Message Date
David A. Wheeler f6814c97c1 Reduce risk level to 0 of snprintf with constant format string 
- snprintf is a useful *countermeasure* for buffer overflows,
    and unlike some alternatives it is standard and *widely* available.
    (strlcpy/strlcat are useful but not standard and not widely available;
    snprintf_s is standard but not widely available).
    Historically we warned about snprintf because old systems didn't
    implement it correctly, but at this point these old systems are
    more historical than anything else.
    Instead, let's specifically *mention* snprintf as a recommended
    potential solution for buffer overflows.
 2014-09-01 15:14:55 -04:00
David A. Wheeler 6031b31f8c Add Microsoft banned list for string concatenation 2014-08-09 13:44:32 -04:00
David A. Wheeler aa2277b862 Add Microsoft banned functions for string copy and replacement 2014-08-09 13:32:37 -04:00
David A. Wheeler 0b432d2791 Change syntax of CWE mapping reports for CWE hierarchies (use "!" for map) 
- The old syntax was very confusing.  Now just report
    higher-level/lower-level, with "!" after the CWE that is actually
    the mapping.
 2014-08-09 13:06:50 -04:00
David A. Wheeler 0d56338062 flawfinder.1: Fix typo 2014-08-04 22:49:19 -04:00
David A. Wheeler 58749e78bc Change version number to 1.32 
- Change version number early to prevent accidentally confusing
    this version with a released version.
 2014-08-04 22:48:41 -04:00
David A. Wheeler aad0ac207c ChangeLog: Update release date 2014-08-03 18:31:02 -04:00
David A. Wheeler b8567a6702 makefile: Add an optional target to generate HTML documentation 2014-08-03 16:19:55 -04:00
David A. Wheeler bb09b9075b ChangeLog: Document better error reporting 2014-08-03 15:33:38 -04:00
David A. Wheeler 5156456c79 flawfinder: Improve error-handling. Warn of non-existent files (esp long dash) 
- Provide a separate warning for filenames listed on the command line
    but do not actually exist.
  - Provide a SPECIAL warning for filenames that begin with
    the UTF-8 sequence of long dashes. Users might
    copy-and-paste from the pdf version of the man page, and that might
    produce long dashes (instead of normal dashes).  This problem
    can be hard to detect, so specially warning about it should help.
 2014-08-03 15:29:05 -04:00
David A. Wheeler 547d1f3e17 Sending warnings to stderr, not stdout 2014-08-03 15:10:39 -04:00
David A. Wheeler 36b513af7c flawfinder.1: Update manual page date 2014-08-03 14:53:10 -04:00
David A. Wheeler 0017add313 README: Tweak so intro sentence similar to man page 2014-08-03 14:47:47 -04:00
David A. Wheeler d30fc2c1ac README: Rewrite to explain more. 2014-08-03 14:01:30 -04:00
David A. Wheeler ba844e7eea README: Fix spelling error 2014-08-03 13:18:51 -04:00
David A. Wheeler 2c383e37a7 flawfinder.1: Note that .git and .svn are examples of directories skipped 2014-08-03 13:17:43 -04:00
David A. Wheeler 1790331438 Update makefile: Don't use ",1" as temporary directory 2014-08-02 22:39:03 -04:00
David A. Wheeler 1d9000a8c3 README: Update contents 2014-08-02 22:36:00 -04:00
David A. Wheeler 9305afcb6e INSTALL.txt: Make it clear that you can simply run without installing. 2014-08-02 22:26:37 -04:00
David A. Wheeler 7727f10dce flawfinder.1: Trivial reformat 2014-08-02 22:25:20 -04:00
David A. Wheeler 75ce30e1c1 ChangeLog: Update for upcoming release 2014-08-02 22:15:51 -04:00
David A. Wheeler 4159de084a Document how to find all patterns that do NOT have a CWE mapping. 2014-08-02 22:05:23 -04:00
David A. Wheeler 16ac21ca1f Fix some warning text (CWE reference was in wrong place) 2014-08-02 21:59:28 -04:00
David A. Wheeler f05aa1270e flawfinder.1: Grammar fix 2014-08-02 21:56:19 -04:00
David A. Wheeler 8f9ccc47ea Add option "-H" as a synonym for "--html" to generate HTML 2014-08-02 21:50:21 -04:00
David A. Wheeler 4c36be0094 Reorder help information, help and version are really common requests 2014-08-02 21:46:29 -04:00
David A. Wheeler 24b7da535b flawfinder.1: Minor doc cleanups. Note that --listrules works with -D 2014-08-02 21:39:36 -04:00
David A. Wheeler 3b2f032f25 flawfinder.1: Specially document -QDSC example (useful for tool writers) 2014-08-02 21:07:42 -04:00
David A. Wheeler 4f363e6766 flawfinder: Document Python language version issues 2014-07-30 23:45:39 -04:00
David A. Wheeler fae254288c Tweak README to explain, in a little more detail, what it is. 2014-07-30 23:25:10 -04:00
David A. Wheeler 304225c9bd Use non-integer division (requires Python 2.2+) 
- Add "from __future__ import division".  This is the default in
     Python 3, and has been long available in Python 2.
 2014-07-29 08:43:27 -04:00
David A. Wheeler 7e655111a9 flawfinder: Make comments fit in 80 char columns 2014-07-29 08:39:30 -04:00
David A. Wheeler 43ada0aae8 Reformat comments to be less than 80 columns long. 2014-07-29 08:37:06 -04:00
David A. Wheeler f74076c2fa Remove unnecessary invocation of "apply" 
- Remove unnecessary invocation of "apply".
    Python 2.4 deprecated "apply", and Python 3 removes it.
 2014-07-29 08:29:02 -04:00
David A. Wheeler bc5eef939f flawfinder: Replace tabs with spaces, making indentation char consistent 2014-07-29 08:23:24 -04:00
David A. Wheeler f351b779ac flawfinder: Change constructs of form "d.has_key(d)" to "k in d". 
- Change code to be more idiomatic and closer to Python 3,
    while staying in Python 2.  For more information, see:
    http://www.dwheeler.com/essays/python3-in-python2.html
 2014-07-29 08:18:52 -04:00
David A. Wheeler bb6fa514c5 makefile: Tweak internal convenience target 2014-07-28 22:09:49 -04:00
David A. Wheeler 492130a44b ChangeLog: Document version differences 2014-07-28 22:06:55 -04:00
David A. Wheeler d769867375 Clearly document the license (GPLv2+) 2014-07-28 21:58:22 -04:00
David A. Wheeler cbb0a2426c INSTALL.txt: Simplify text. 2014-07-28 21:41:02 -04:00
David A. Wheeler a6b3a1b24d Add cross-link to "Secure Programming" book 2014-07-28 21:25:00 -04:00
David A. Wheeler 4d5c3fe36c Update installation instructions, now that prefix (etc.) are supported 2014-07-28 21:24:36 -04:00
David A. Wheeler 7020a47a3e flawfinder.1: Tweak output so 80-column version looks okay 2014-07-28 21:13:04 -04:00
David A. Wheeler ec361412f3 Support GNU convention variables (prefix, bindir, man1dir) and DESTDIR 
- Modify makefile to support GNU convention makefile variable names,
    including prefix, bindir, datarootdir, mandir, and man1dir.
    It is tweaked so that the older variable names (e.g., INSTALL_DIR)
    will continue to work.
  - DESTDIR support added.
  - Predefined a useful INSTALL_PROGRAM makefile variable; that means
    that users can redefine it if they want.
 2014-07-28 13:09:44 -04:00
David A. Wheeler 71c34ea619 makefile: Clean up internal creating cwe program 2014-07-27 17:23:35 -04:00
David A. Wheeler 4e99642392 Switch version # to 1.31. 
- Version number 1.30 might be confused with 1.3.  This eliminates
    the potential problem.
 2014-07-27 17:19:24 -04:00
David A. Wheeler 1ebc5d5afb Note that flawfinder is CWE-compatible. 2014-07-27 17:16:56 -04:00
David A. Wheeler a33ae6c62e Add more wide character rules and refine CWE mapping 2014-07-22 23:17:53 -04:00
David A. Wheeler bbe7a28ada flawfinder.1: Clean up man page, esp. option description 2014-07-21 00:00:12 -04:00
David A. Wheeler 5eb5e8411d Change version number to 1.30. 
- This is the upcoming version number.  Change it now so that this
    is distinct from the released version 1.29.
 2014-07-19 20:46:15 -04:00