walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity
120 Commits 2 Branches 24 Tags 724 KiB
Commit Graph

17 Commits

Author SHA1 Message Date
David A. Wheeler 02029816d4 Add rules to detect g_*rand* functions 
Thanks to Michael McConville for this suggestion!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
 2017-07-29 16:35:06 -04:00
David A. Wheeler 872109f230 Change version number to 2.0.0 - use Semantic Versioning 
This switches flawfinder's version naming conventions to comply with
Semantic Versioning.  We change the first digit to "2" because
there's a subtle change in how CWEs are reported - see the
ChangeLog or documentation for more information.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
 2017-07-29 13:24:25 -04:00
David A. Wheeler f6814c97c1 Reduce risk level to 0 of snprintf with constant format string 
- snprintf is a useful *countermeasure* for buffer overflows,
    and unlike some alternatives it is standard and *widely* available.
    (strlcpy/strlcat are useful but not standard and not widely available;
    snprintf_s is standard but not widely available).
    Historically we warned about snprintf because old systems didn't
    implement it correctly, but at this point these old systems are
    more historical than anything else.
    Instead, let's specifically *mention* snprintf as a recommended
    potential solution for buffer overflows.
 2014-09-01 15:14:55 -04:00
David A. Wheeler aa2277b862 Add Microsoft banned functions for string copy and replacement 2014-08-09 13:32:37 -04:00
David A. Wheeler a6b3a1b24d Add cross-link to "Secure Programming" book 2014-07-28 21:25:00 -04:00
David A. Wheeler 4e99642392 Switch version # to 1.31. 
- Version number 1.30 might be confused with 1.3.  This eliminates
    the potential problem.
 2014-07-27 17:19:24 -04:00
David A. Wheeler a33ae6c62e Add more wide character rules and refine CWE mapping 2014-07-22 23:17:53 -04:00
David A. Wheeler 5eb5e8411d Change version number to 1.30. 
- This is the upcoming version number.  Change it now so that this
    is distinct from the released version 1.29.
 2014-07-19 20:46:15 -04:00
David A. Wheeler 60948e8368 Move CWE-119 report on char into warning instead of recommendation 2014-07-19 19:16:41 -04:00
David A. Wheeler dcf40ef8fd Modify test suite - also check generated HTML 2014-07-19 19:10:12 -04:00
David A. Wheeler 7112bf164c Rewrite print_multi_line. It's now shorter, faster, and formats better 2014-07-19 16:42:14 -04:00
David A. Wheeler 5c66efaf2b Update version# and years 2014-07-19 13:00:58 -04:00
David A. Wheeler 9de8db2e74 Add Common Weakness Enumeration (CWE) references 2014-07-13 00:06:04 -04:00
David A. Wheeler f5e02e9ec2 Version number now 1.28, add test for filenames without trailing newline 2014-07-12 07:01:23 -04:00
dwheeler 1331cd7aae Add atoi() and atol(). It's a little lame, but at least it's there. 
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@14 5c01084b-1f27-0410-9f85-80411afe95dc
 2007-01-16 23:20:49 +00:00
dwheeler 5808029a6a Better error message when the files cannot be read 
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@7 5c01084b-1f27-0410-9f85-80411afe95dc
 2007-01-16 03:44:31 +00:00
dwheeler 14c90f7335 Initial import 
git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@1 5c01084b-1f27-0410-9f85-80411afe95dc
 2007-01-16 02:44:45 +00:00