Add test_004. This tests options that are often used when sending
flawfinder output to other tools. In this case,
we test -m, -S, -D, -C, and --quiet.
This also begins a convention change, to name tests e.g., "test_001".
This ensures that the tests sort reasonably without special options.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
We formerly used a variable named "input". This is legal in Python,
but potentially confusing since there's a built-in named "input"
that this shadows in that scope. Rename the variable, to
avoid that confusion. This fixes the following pylint warning:
W:1440, 8: Redefining built-in 'input' (redefined-builtin)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
We import os, so there's no need to import os.path.
This fixes the following pylint warning:
C: 53, 0: Imports from package os are not grouped (ungrouped-imports)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Python 3 only accepts certain syntaxes for find & split.
Thankfully, it's possible to use them in Python 2, so rework
it so we can use the same syntax for both.
This is not detected or fixed by futurize, sadly
(a problem true for many other situations).
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Remove use of __cmp__, which is in Python 2 but not in Python 3.
Instead, use sort keys, which work in Python 2 and 3.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Switch all print statements to print() functions per PEP 3105.
Python 3 *only* supports print() functions, so this begins to
move the code towards simultaneously supporting python 2 and 3.
This implements "stage1" of futurize. In theory, "stage1" is
supposed to be "low risk", but in fact a *large* number of
manual fixes had to be made to make the program work again.
Python 2's traditional print statement includes the "softspace"
feature. This is "a semi-secret attribute on files currently used to tell
print whether to insert a space before the first item". The print()
function does not have the "softspace" feature, so there is no direct
translation for any situation that depended on softspaces.
Flawfinder used softspaces extensively, as they were convenient,
so it took a little work to make print() functions work.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
The CSV option is noted in the ChangeLog, and is explained in --help,
but I forgot to add it to the man page. This fixes the man page
and its corresponding generated PDF file.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Pylint is a static analyzer of Python code. It seems appropriate
to use a static analyzer to analyze a static analyzer :-).
None of the changes here fix a flaw in flawfinder.
The goal here is to follow PEP 008 more closely in the hope that
the changes make it easier for other developers to improve it further.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This switches flawfinder's version naming conventions to comply with
Semantic Versioning. We change the first digit to "2" because
there's a subtle change in how CWEs are reported - see the
ChangeLog or documentation for more information.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
- snprintf is a useful *countermeasure* for buffer overflows,
and unlike some alternatives it is standard and *widely* available.
(strlcpy/strlcat are useful but not standard and not widely available;
snprintf_s is standard but not widely available).
Historically we warned about snprintf because old systems didn't
implement it correctly, but at this point these old systems are
more historical than anything else.
Instead, let's specifically *mention* snprintf as a recommended
potential solution for buffer overflows.