Commit Graph

281 Commits

Author SHA1 Message Date
David A. Wheeler 6f513af900 Always report hit counts correctly, even if ignored using -m
This commit means that the output provides useful summary data,
even if the lower-level hits are suppressed.

Note that this does use a little more memory when some hits
are supressed, since the hitlist is fully created even
if only parts are displayed.  However, modern systems have
lots of memory. Hopefully we'll never analyze software
with so many problems that this is a problem itself :-).
If someone ever has that problem, they can output everything
and filter it separately.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-23 20:36:50 -04:00
Jon Hood e06e2ba3df update CWE, risk, and discussion for C++14 STL functions 2017-09-14 13:16:22 -05:00
David A. Wheeler 22507eabdb Update tests to pass (new rules, so rule count changed)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-09 20:47:08 -04:00
David A. Wheeler 05ad330a53 Merge /u/squinky86/flawfinder-2/ branch master into master
https://sourceforge.net/p/flawfinder/code/merge-requests/2/
2017-09-10 00:45:36 +00:00
Jon Hood 1b7199ea16 add detection of errant equal, mismatch, and is_permutation 2017-09-08 13:20:28 -05:00
Jon Hood e522ea7291 add detection of crypt_r function 2017-09-07 13:47:10 -05:00
David A. Wheeler 0c4dbe8cc0 Tweak makefile to prevent unnecessary failures
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 21:15:02 -04:00
David A. Wheeler 77121b15ed Update ChangeLog (we support pip installs)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 21:09:41 -04:00
David A. Wheeler 9a55bdd175 In makefile, add warning in comment about using upload-pypi
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 21:04:18 -04:00
David A. Wheeler 3ecde32e8e Update INSTALL.txt and README to note pip install
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 21:03:02 -04:00
David A. Wheeler 24992c0f08 Update version to 2.0.4
My upload intended for pypitest appears to have gone to pypi instead.
To eliminate confusion, I'm bumping the version number so that
any single version number always refers to exactly one program version.

This was done with:
sed -i.bak -e 's/2\.0\.3/2.0.4/g' \
  ChangeLog correct-results.* flawfinder makefile setup.py

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 20:46:45 -04:00
David A. Wheeler 1df337cb8b Add test - sanity check of setup.py
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 20:15:19 -04:00
David A. Wheeler ec31c822dd Mark version as 2.0.3
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 20:03:44 -04:00
David A. Wheeler 1c9eba3f47 In setup.py, switch from distutils to setuptools and declare Python 3 okay
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 19:56:58 -04:00
David A. Wheeler d4bc234667 Add simple .gitignore file
This was suggested by:
http://python-packaging.readthedocs.io/en/latest/minimal.html

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 18:06:28 -04:00
David A. Wheeler 23e8cee364 Rename test-diff-0005 to follow other filename conventions
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-09-02 15:45:08 -04:00
David A. Wheeler d38535419f Update version number to 2.0.2
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 17:56:29 -04:00
David A. Wheeler cead0828ef Add documentation about encoding
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 17:51:27 -04:00
David A. Wheeler b1d1b2e74d Update ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 17:51:14 -04:00
David A. Wheeler 09c14ab42d Note Python versioning issues with pickle in flawfinder.1 man page.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 16:51:17 -04:00
David A. Wheeler e97254a5f3 Document in README that we accept Python 3 as well as Python 2.7
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 16:18:33 -04:00
David A. Wheeler 339763c644 Add test for saving/loading hitlist, add Python3 fixes for it
Test the saving and loading of hitlists.
This detected a Python3 problem, which was easily corrected by
saving and loading in binary "b" format instead of text format.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 16:15:17 -04:00
David A. Wheeler b2556b7348 Add some warnings about -P to help users use it properly
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 15:52:04 -04:00
David A. Wheeler 608bc45b6d Add test for -P (patch) option, which tests diff handling
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 15:42:35 -04:00
David A. Wheeler 203115edc3 Update book title
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 15:28:22 -04:00
David A. Wheeler a19a2bb694 Don't output "saving hitlist..." if quiet
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 15:13:35 -04:00
David A. Wheeler 58e56cad03 Minor update of man page
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 14:55:09 -04:00
David A. Wheeler b5c17e2969 Add "All tests pass!" if they do at completion of test suite
This message makes it clear that the test suite passed (if it did).

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 11:21:03 -04:00
David A. Wheeler 64c8f8dcbb Add test_004 integration test (ensure single-line and minimum are working)
Add test_004. This tests options that are often used when sending
flawfinder output to other tools.  In this case,
we test -m, -S, -D, -C, and --quiet.

This also begins a convention change, to name tests e.g., "test_001".
This ensures that the tests sort reasonably without special options.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 11:15:51 -04:00
David A. Wheeler 62c1db1141 Rename "input" to avoid redefining built-in
We formerly used a variable named "input".  This is legal in Python,
but potentially confusing since there's a built-in named "input"
that this shadows in that scope.  Rename the variable, to
avoid that confusion.  This fixes the following pylint warning:
W:1440, 8: Redefining built-in 'input' (redefined-builtin)

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 11:00:04 -04:00
David A. Wheeler ad0d06cced Remove unnecessary import of os.path
We import os, so there's no need to import os.path.
This fixes the following pylint warning:
C: 53, 0: Imports from package os are not grouped (ungrouped-imports)

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-26 10:55:02 -04:00
David A. Wheeler 57929a1c60 Fix some Python3 stragglers, so flawfinder runs on Python 2 or 3
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-23 22:01:34 -04:00
David A. Wheeler cdea1a214a Update comments
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-23 21:55:35 -04:00
David A. Wheeler 48a6b3982b Modify flawfinder to work in Python 2 *and* Python 3 - this passes tests
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-23 21:45:22 -04:00
David A. Wheeler 90777b6980 Split up tests in makefile
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-23 21:12:23 -04:00
David A. Wheeler a59ca71bc2 Add PYTHON macro to the makefile
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-23 21:02:08 -04:00
David A. Wheeler 596b63164f Update setup.py for PyPI
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-13 17:45:32 -04:00
David A. Wheeler 0a1761b10b Replace some string.find/rfind for Python 2/3 compatibility
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-13 10:11:58 -04:00
David A. Wheeler 94164014da Change string.join => "".join for simultaneous Python 2/3 support
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 21:18:11 -04:00
David A. Wheeler 05c238acc6 Modify find/split operations to work on Python 2 and 3
Python 3 only accepts certain syntaxes for find & split.
Thankfully, it's possible to use them in Python 2, so rework
it so we can use the same syntax for both.
This is not detected or fixed by futurize, sadly
(a problem true for many other situations).

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 21:12:54 -04:00
David A. Wheeler 8fee8a34bd Remove another use of range (Python 2/3 difference)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 21:01:11 -04:00
David A. Wheeler c2ecdcf89b Remove many uses of range(), a Python 2/3 difference
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 20:58:19 -04:00
David A. Wheeler 0f4deebe00 Remove some Python 2/3 inconsistencies
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 20:45:05 -04:00
David A. Wheeler 6bb9c5d3c7 Tweak code to eliminate pylint warning
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 20:34:04 -04:00
David A. Wheeler eb3631d839 Remove use of Python 2-only __cmp__
Remove use of __cmp__, which is in Python 2 but not in Python 3.
Instead, use sort keys, which work in Python 2 and 3.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 20:31:41 -04:00
David A. Wheeler ea67f5dbca Switch all print statements to print() functions
Switch all print statements to print() functions per PEP 3105.
Python 3 *only* supports print() functions, so this begins to
move the code towards simultaneously supporting python 2 and 3.

This implements "stage1" of futurize.  In theory, "stage1" is
supposed to be "low risk", but in fact a *large* number of
manual fixes had to be made to make the program work again.

Python 2's traditional print statement includes the "softspace"
feature. This is "a semi-secret attribute on files currently used to tell
print whether to insert a space before the first item".  The print()
function does not have the "softspace" feature, so there is no direct
translation for any situation that depended on softspaces.
Flawfinder used softspaces extensively, as they were convenient,
so it took a little work to make print() functions work.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-08-12 19:33:49 -04:00
David A. Wheeler f9d6e11cdf Document CSV format further, including the fingerprint
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 23:56:09 -04:00
David A. Wheeler d5c4af4be1 Add "fingerprint" to CSV output
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 23:50:52 -04:00
David A. Wheeler 41ccb9c0ef Add CSV option as a documented example
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 23:39:04 -04:00
David A. Wheeler 5ad5a17034 Make minor improvements to flawfinder man page
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2017-07-30 23:29:36 -04:00