flawfinder

Commit Graph

Author	SHA1	Message	Date
Yong Yan	62b9b509a0	Fix Sarif output relationship target id format.	2021-06-23 16:19:00 -07:00
David A. Wheeler	53ad19bb3b	Update ChangeLog Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-06-03 11:12:46 -04:00
David A. Wheeler	87a40270b1	Update flawfinder.1 date Update date in flawfinder.1; that also updates generated file flawfinder.pdf. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-06-03 11:11:21 -04:00
David A. Wheeler	84dedfc324	New version 2.0.17 Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-06-03 11:00:30 -04:00
David A. Wheeler	61f815376f	Code style improvement: use "VAR in (...)" Switch to "VAR in (...)" style in the code. This is shorter and slightly simpler (it's clear only a single variable value is being considered). This eliminates many pylint warnings and produces a minor improvement in the pylint score. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-06-03 10:25:38 -04:00
David A. Wheeler	daf0bb0992	makefile: fix "distribute" target to keep flawfinder.py Fix the source package. We recently renamed "flawfinder" to "flawfinder.py" in the source tree, but the "distribute" target then removes because previously "flawfinder.py" wasn't the "real thing". Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-06-03 10:10:08 -04:00
David A. Wheeler	396074ca62	Update test correct results (new version number) Update test correct answers because we have a new version number by repeatedly running: make check; make test-is-correct Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-31 15:32:59 -04:00
David A. Wheeler	835a3ba63e	Change version 2.0.15->2.0.16 Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-31 15:31:37 -04:00
David A. Wheeler	9a1955fe95	ChangeLog: Improve and note new version number Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-31 15:29:58 -04:00
David A. Wheeler	2b8c890467	flawfinder.1: minor reformatting Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-30 19:05:39 -04:00
David A. Wheeler	428fbf6b02	Make --error-level more obvious in the man page The --error-level option is useful in continuous integration (CI) pipelines. Make it even more obvious in the documentation. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-30 19:03:37 -04:00
David A. Wheeler	113483d06b	flawfinder.1: Minor man page cleanup Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-30 18:56:28 -04:00
David A. Wheeler	0684f61cf4	Ensure SARIF includes flawfinder's current version Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-30 18:48:19 -04:00
David A. Wheeler	bcb5e652ef	Document SARIF defails in man page Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-30 18:46:50 -04:00
David A. Wheeler	c99529852a	ChangeLog: Note major changes (with credits!!) Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-30 15:15:06 -04:00
David A. Wheeler	3bc5f16c4c	Merge branch 'sarifOutput' My SINCERE THANKS to yongyan-gh for the hard work to integrate SARIF output functionality into flawfinder!! Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-30 14:41:39 -04:00
David A. Wheeler	772c6f6448	flawfinder.py should be executable Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-30 14:41:14 -04:00
David A. Wheeler	fd50391439	Move sariflogger.py into flawfinder.py Flawfinder has a project-specific rule to put all code in one file. That can be a pain for development, but the rule makes deploying flawfinder really easy in some settings. Worse comes to worse, just copy the file somewhere and you can run it! Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-05-30 14:39:44 -04:00
David A. Wheeler	1a225623ca	Merge pull request #44 from myersg86/master Track curly brace level in extract_c_parameters	2021-05-19 10:17:15 -04:00
Greg Myers	7defaf1fe5	Track curly brace level in extract_c_parameters https://github.com/david-a-wheeler/flawfinder/issues/25 https://gitlab.com/gitlab-org/gitlab/-/issues/327032	2021-04-30 13:27:58 -06:00
Yong Yan	f9819b48a5	export sarif report Fix functions/variables naming update function name	2021-04-28 16:50:58 -07:00
David A. Wheeler	1ff740623b	Fix makefile install/uninstall Modify "make install" to quote filenames (in case a directory has a space in it), and on Linux/Unix force the program's permissions to be executable. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-04-20 20:10:16 -04:00
David A. Wheeler	14bcaeec36	Merge pull request #40 from IntidSammers/master Make Git patch works	2021-04-07 10:51:56 -04:00
Robin Geffroy	21307f6642	Make Git patch works Git patch format is slightly different from unified diff / svn diff. The hunk format changes, and the function name is added after the last @@. The regex has to be changed to ensure the hunk is recognized, so the line numbers are correct.	2021-04-07 14:25:15 +02:00
David A. Wheeler	8f3b3c33fa	Add .pc and .sc extensions Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-03-21 18:03:37 -04:00
David A. Wheeler	9a181d4103	Merge pull request #37 from ben-edna/feature/cross-platform-setup Feature/cross platform setup Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-03-21 17:44:11 -04:00
Ben Spoor	e0655e4faf	Use entry_points instead of scripts As decribed in https://click.palletsprojects.com/en/7.x/setuptools/ shebangs only work in unix and OSX (and in cygwin on windows). By using the entry_points mechanism Python will handle all cross-platform issues making it useable for everybody.	2021-03-08 13:29:31 +01:00
Ben Spoor	6b4b796c48	Make proper python module (add .py extension)	2021-03-08 13:29:17 +01:00
Ben Spoor	09f34faaf2	Add main entry point	2021-03-08 13:21:33 +01:00
David A. Wheeler	36d74e0505	Update tests for new .csv results Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-03-07 18:38:04 -05:00
Yong Yan	88869d9dec	Add default rule level to csv	2021-02-26 16:10:48 -08:00
Yong Yan	fd4dc902ad	Add Sarif rule id	2021-02-25 02:49:15 -08:00
David A. Wheeler	c13f65df14	Merge pull request #31 from squaresurf/fix-msg Fix encoding error message misspelling	2021-01-12 22:50:13 -05:00
Daniel Paul Searles	29a28737e8	Fix encoding error message misspelling	2021-01-12 20:09:23 -07:00
David A. Wheeler	6c8f2ce729	Update ChangeLog for 2.0.15 Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-11 19:27:58 -05:00
David A. Wheeler	04e444c84a	Update tests for new version# Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-11 19:21:15 -05:00
David A. Wheeler	8f3111a3fd	Change version# to 2.0.15 Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-11 19:20:19 -05:00
David A. Wheeler	6fd354bd2d	Check for ps2pdf before using it Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-11 19:19:12 -05:00
David A. Wheeler	29df9eb26e	Merge pull request #29 from sylveon/load-library-ex-enhancements Enhance detection and diagnostics of LoadLibrary(Ex)	2021-01-11 19:15:20 -05:00
Charles Milette	49fd4b2ec9	Move safe_search to globals and add LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR to the list of safe flags	2021-01-10 18:01:03 -05:00
Charles Milette	bd3787e2bc	Update test files	2021-01-09 20:37:20 -05:00
Charles Milette	917d03e4f9	Enhance detection and diagnostics of LoadLibrary(Ex)	2021-01-09 20:25:26 -05:00
David A. Wheeler	0cba711317	Version 2.0.14 Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-09 13:55:24 -05:00
David A. Wheeler	3e0c3a4f53	Fix makefile problem and version numbers Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-09 13:49:12 -05:00
David A. Wheeler	6ec2611fac	Update ChangeLog Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-09 13:35:30 -05:00
David A. Wheeler	48d45086b2	Ignore LoadLibraryEx if LOAD_LIBRARY_SEARCH_SYSTEM32 Ignore LoadLibraryEx if its third parameter is LOAD_LIBRARY_SEARCH_SYSTEM32, as this is safe. This eliminates a false positive. See: https://github.com/david-a-wheeler/flawfinder/issues/26 Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-09 13:22:58 -05:00
David A. Wheeler	7321f9f19c	Remove InitialCriticalSection This is no longer a vulnerability on widely-used Windows versions. See: https://github.com/david-a-wheeler/flawfinder/issues/19 Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-09 13:04:56 -05:00
David A. Wheeler	41857c6364	Tell users how to disable false positives If there are >0 hits, tell users how to ignore them in the output. This resolves: https://github.com/david-a-wheeler/flawfinder/issues/24 Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-09 12:55:44 -05:00
David A. Wheeler	48ebb4023e	Ignore "system::" to reduce false positives Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-03 14:13:27 -05:00
David A. Wheeler	f32f11f092	Add .hpp support for C++ Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>	2021-01-03 13:42:58 -05:00

1 2 3 4 5 ...

305 Commits All Branches Search

305 Commits

All Branches