Commit Graph

306 Commits

Author SHA1 Message Date
David A. Wheeler 9744995fc3
Merge pull request #52 from yongyan-gh/users/yongyan-gh/fixSarifOutput
Fix Sarif output relationship target id format.
2021-06-23 21:05:29 -04:00
Yong Yan 62b9b509a0 Fix Sarif output relationship target id format. 2021-06-23 16:19:00 -07:00
David A. Wheeler 53ad19bb3b Update ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-03 11:12:46 -04:00
David A. Wheeler 87a40270b1 Update flawfinder.1 date
Update date in flawfinder.1; that also updates generated
file flawfinder.pdf.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-03 11:11:21 -04:00
David A. Wheeler 84dedfc324 New version 2.0.17
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-03 11:00:30 -04:00
David A. Wheeler 61f815376f Code style improvement: use "VAR in (...)"
Switch to "VAR in (...)" style in the code.
This is shorter and slightly simpler (it's clear only a single
variable value is being considered).
This eliminates many pylint warnings and
produces a minor improvement in the pylint score.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-03 10:25:38 -04:00
David A. Wheeler daf0bb0992 makefile: fix "distribute" target to keep flawfinder.py
Fix the source package.
We recently renamed "flawfinder" to "flawfinder.py" in the
source tree, but the "distribute" target then removes because
previously "flawfinder.py" wasn't the "real thing".

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-03 10:10:08 -04:00
David A. Wheeler 396074ca62 Update test correct results (new version number)
Update test correct answers because we have a new version
number by repeatedly running:

    make check; make test-is-correct

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-31 15:32:59 -04:00
David A. Wheeler 835a3ba63e Change version 2.0.15->2.0.16
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-31 15:31:37 -04:00
David A. Wheeler 9a1955fe95 ChangeLog: Improve and note new version number
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-31 15:29:58 -04:00
David A. Wheeler 2b8c890467 flawfinder.1: minor reformatting
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 19:05:39 -04:00
David A. Wheeler 428fbf6b02 Make --error-level more obvious in the man page
The --error-level option is useful in continuous integration (CI)
pipelines. Make it even more obvious in the documentation.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 19:03:37 -04:00
David A. Wheeler 113483d06b flawfinder.1: Minor man page cleanup
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 18:56:28 -04:00
David A. Wheeler 0684f61cf4 Ensure SARIF includes flawfinder's current version
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 18:48:19 -04:00
David A. Wheeler bcb5e652ef Document SARIF defails in man page
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 18:46:50 -04:00
David A. Wheeler c99529852a ChangeLog: Note major changes (with credits!!)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 15:15:06 -04:00
David A. Wheeler 3bc5f16c4c Merge branch 'sarifOutput'
My SINCERE THANKS to yongyan-gh for the hard work to integrate
SARIF output functionality into flawfinder!!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 14:41:39 -04:00
David A. Wheeler 772c6f6448 flawfinder.py should be executable
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 14:41:14 -04:00
David A. Wheeler fd50391439 Move sariflogger.py into flawfinder.py
Flawfinder has a project-specific rule to put all code in one file.
That can be a pain for development, but the rule makes *deploying*
flawfinder really easy in some settings. Worse comes to worse, just
copy the file somewhere and you can run it!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 14:39:44 -04:00
David A. Wheeler 1a225623ca
Merge pull request #44 from myersg86/master
Track curly brace level in extract_c_parameters
2021-05-19 10:17:15 -04:00
Greg Myers 7defaf1fe5
Track curly brace level in extract_c_parameters
https://github.com/david-a-wheeler/flawfinder/issues/25
https://gitlab.com/gitlab-org/gitlab/-/issues/327032
2021-04-30 13:27:58 -06:00
Yong Yan f9819b48a5 export sarif report
Fix functions/variables naming

update function name
2021-04-28 16:50:58 -07:00
David A. Wheeler 1ff740623b Fix makefile install/uninstall
Modify "make install" to quote filenames
(in case a directory has a space in it), and
on Linux/Unix force the program's permissions to be executable.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-04-20 20:10:16 -04:00
David A. Wheeler 14bcaeec36
Merge pull request #40 from IntidSammers/master
Make Git patch works
2021-04-07 10:51:56 -04:00
Robin Geffroy 21307f6642 Make Git patch works
Git patch format is slightly different from unified diff / svn diff.
The hunk format changes, and the function name is added after the last
@@. The regex has to be changed to ensure the hunk is recognized, so the
line numbers are correct.
2021-04-07 14:25:15 +02:00
David A. Wheeler 8f3b3c33fa Add .pc and .sc extensions
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-03-21 18:03:37 -04:00
David A. Wheeler 9a181d4103
Merge pull request #37 from ben-edna/feature/cross-platform-setup
Feature/cross platform setup

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-03-21 17:44:11 -04:00
Ben Spoor e0655e4faf Use entry_points instead of scripts
As decribed in https://click.palletsprojects.com/en/7.x/setuptools/ shebangs only work in
unix and OSX (and in cygwin on windows). By using the entry_points mechanism
Python will handle all cross-platform issues making it useable for everybody.
2021-03-08 13:29:31 +01:00
Ben Spoor 6b4b796c48 Make proper python module (add .py extension) 2021-03-08 13:29:17 +01:00
Ben Spoor 09f34faaf2 Add main entry point 2021-03-08 13:21:33 +01:00
David A. Wheeler 36d74e0505 Update tests for new .csv results
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-03-07 18:38:04 -05:00
Yong Yan 88869d9dec Add default rule level to csv 2021-02-26 16:10:48 -08:00
Yong Yan fd4dc902ad Add Sarif rule id 2021-02-25 02:49:15 -08:00
David A. Wheeler c13f65df14
Merge pull request #31 from squaresurf/fix-msg
Fix encoding error message misspelling
2021-01-12 22:50:13 -05:00
Daniel Paul Searles 29a28737e8
Fix encoding error message misspelling 2021-01-12 20:09:23 -07:00
David A. Wheeler 6c8f2ce729 Update ChangeLog for 2.0.15
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:27:58 -05:00
David A. Wheeler 04e444c84a Update tests for new version#
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:21:15 -05:00
David A. Wheeler 8f3111a3fd Change version# to 2.0.15
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:20:19 -05:00
David A. Wheeler 6fd354bd2d Check for ps2pdf before using it
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:19:12 -05:00
David A. Wheeler 29df9eb26e
Merge pull request #29 from sylveon/load-library-ex-enhancements
Enhance detection and diagnostics of LoadLibrary(Ex)
2021-01-11 19:15:20 -05:00
Charles Milette 49fd4b2ec9
Move safe_search to globals and add LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR to the list of safe flags 2021-01-10 18:01:03 -05:00
Charles Milette bd3787e2bc
Update test files 2021-01-09 20:37:20 -05:00
Charles Milette 917d03e4f9
Enhance detection and diagnostics of LoadLibrary(Ex) 2021-01-09 20:25:26 -05:00
David A. Wheeler 0cba711317 Version 2.0.14
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:55:24 -05:00
David A. Wheeler 3e0c3a4f53 Fix makefile problem and version numbers
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:49:12 -05:00
David A. Wheeler 6ec2611fac Update ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:35:30 -05:00
David A. Wheeler 48d45086b2 Ignore LoadLibraryEx if LOAD_LIBRARY_SEARCH_SYSTEM32
Ignore LoadLibraryEx if its third parameter is
LOAD_LIBRARY_SEARCH_SYSTEM32, as this is safe.
This eliminates a false positive.

See:
https://github.com/david-a-wheeler/flawfinder/issues/26

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:22:58 -05:00
David A. Wheeler 7321f9f19c Remove InitialCriticalSection
This is no longer a vulnerability on widely-used Windows versions.
See:
https://github.com/david-a-wheeler/flawfinder/issues/19

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:04:56 -05:00
David A. Wheeler 41857c6364 Tell users how to disable false positives
If there are >0 hits, tell users how to ignore them in the output.
This resolves:
https://github.com/david-a-wheeler/flawfinder/issues/24

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 12:55:44 -05:00
David A. Wheeler 48ebb4023e Ignore "system::" to reduce false positives
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-03 14:13:27 -05:00