Commit Graph

323 Commits

Author SHA1 Message Date
Weilun Fong ae41f796fe Optimize builtin SPEC file
1. optimize writing, add <Provides> SPEC Directive, improve install command and update version to 2.0.19
2. adjust assignment way of variable <prefix> and <DESTDIR> in makefile
2021-09-21 12:10:46 +08:00
Yong Yan 0810f732d2
Update readme (#55) 2021-08-29 15:14:20 -04:00
pbderr d9ddc06b7e
print warning messages to stderr (#58)
Co-authored-by: Peter Derr <peter.derr@mass.gov>
2021-08-20 14:37:08 -04:00
David A. Wheeler 8e4a779ad5 Rename GitHub Action Flawfinder -> flawfinder_scan
The GitHub Action "flawfinder appears to already be in use,
so I couldn't use it.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-07-17 16:45:24 -04:00
David A. Wheeler e0d8827c3b README.md: Tweak GitHub actions description
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-29 19:28:09 -04:00
David A. Wheeler b7e8ebe3df
entrypoint.sh: Make minor improvements (#54)
* entrypoint.sh: Make minor improvements

Modify entrypoint.sh, used by the Dockerfile.

The original version *ALWAYS* echoed a success,
even if the command did NOT succeed for some reason.
Instead of printing the spurious message, just show the output and
let the exit value get communicated back to the caller.
This is especially important for CI/CD, since we want the CI/CD
system to get the exit value (e.g., so it can report failure if there
was a failure).

This version also displays the results to standard out, so it's
easier to immediately see the output from a CI/CD run.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-29 18:51:44 -04:00
David A. Wheeler 18b559b69d entrypoint.sh: Don't require output filename to be escaped
Note that the input filenames still have to be escaped
(to support the use of "-" options on the command line).

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-27 16:32:16 -04:00
David A. Wheeler 8951154ac9 Merge branch 'master' of https://github.com/david-a-wheeler/flawfinder 2021-06-27 16:28:54 -04:00
David A. Wheeler 45c084d82d
Merge pull request #51 from yongyan-gh/users/yongyan-gh/addGHAction
Add Github Action required files and test workflow
2021-06-27 16:28:37 -04:00
David A. Wheeler 51c988dc47 Release version 2.0.18
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-24 20:24:57 -04:00
Yong Yan f5025a3c80 update readme 2021-06-24 15:01:02 -07:00
Yong Yan c4f58cca72 scan specific file so the workflow will not report any error 2021-06-24 12:02:17 -07:00
Yong Yan fc471e1c63 update actions files and readme. 2021-06-24 11:56:59 -07:00
David A. Wheeler 9744995fc3
Merge pull request #52 from yongyan-gh/users/yongyan-gh/fixSarifOutput
Fix Sarif output relationship target id format.
2021-06-23 21:05:29 -04:00
Yong Yan 62b9b509a0 Fix Sarif output relationship target id format. 2021-06-23 16:19:00 -07:00
Yong Yan c53794a24b specify upload sarif file path 2021-06-23 12:33:34 -07:00
Yong Yan 70014135c9 Update workflow 2021-06-23 12:23:34 -07:00
Yong Yan ce83692cd3 Grant shell script exeuction permission 2021-06-22 19:17:59 -07:00
Yong Yan ad8c4aadf3 Add Github Action required files and test workflow. 2021-06-22 19:17:03 -07:00
David A. Wheeler 53ad19bb3b Update ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-03 11:12:46 -04:00
David A. Wheeler 87a40270b1 Update flawfinder.1 date
Update date in flawfinder.1; that also updates generated
file flawfinder.pdf.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-03 11:11:21 -04:00
David A. Wheeler 84dedfc324 New version 2.0.17
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-03 11:00:30 -04:00
David A. Wheeler 61f815376f Code style improvement: use "VAR in (...)"
Switch to "VAR in (...)" style in the code.
This is shorter and slightly simpler (it's clear only a single
variable value is being considered).
This eliminates many pylint warnings and
produces a minor improvement in the pylint score.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-03 10:25:38 -04:00
David A. Wheeler daf0bb0992 makefile: fix "distribute" target to keep flawfinder.py
Fix the source package.
We recently renamed "flawfinder" to "flawfinder.py" in the
source tree, but the "distribute" target then removes because
previously "flawfinder.py" wasn't the "real thing".

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-06-03 10:10:08 -04:00
David A. Wheeler 396074ca62 Update test correct results (new version number)
Update test correct answers because we have a new version
number by repeatedly running:

    make check; make test-is-correct

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-31 15:32:59 -04:00
David A. Wheeler 835a3ba63e Change version 2.0.15->2.0.16
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-31 15:31:37 -04:00
David A. Wheeler 9a1955fe95 ChangeLog: Improve and note new version number
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-31 15:29:58 -04:00
David A. Wheeler 2b8c890467 flawfinder.1: minor reformatting
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 19:05:39 -04:00
David A. Wheeler 428fbf6b02 Make --error-level more obvious in the man page
The --error-level option is useful in continuous integration (CI)
pipelines. Make it even more obvious in the documentation.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 19:03:37 -04:00
David A. Wheeler 113483d06b flawfinder.1: Minor man page cleanup
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 18:56:28 -04:00
David A. Wheeler 0684f61cf4 Ensure SARIF includes flawfinder's current version
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 18:48:19 -04:00
David A. Wheeler bcb5e652ef Document SARIF defails in man page
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 18:46:50 -04:00
David A. Wheeler c99529852a ChangeLog: Note major changes (with credits!!)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 15:15:06 -04:00
David A. Wheeler 3bc5f16c4c Merge branch 'sarifOutput'
My SINCERE THANKS to yongyan-gh for the hard work to integrate
SARIF output functionality into flawfinder!!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 14:41:39 -04:00
David A. Wheeler 772c6f6448 flawfinder.py should be executable
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 14:41:14 -04:00
David A. Wheeler fd50391439 Move sariflogger.py into flawfinder.py
Flawfinder has a project-specific rule to put all code in one file.
That can be a pain for development, but the rule makes *deploying*
flawfinder really easy in some settings. Worse comes to worse, just
copy the file somewhere and you can run it!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-05-30 14:39:44 -04:00
David A. Wheeler 1a225623ca
Merge pull request #44 from myersg86/master
Track curly brace level in extract_c_parameters
2021-05-19 10:17:15 -04:00
Greg Myers 7defaf1fe5
Track curly brace level in extract_c_parameters
https://github.com/david-a-wheeler/flawfinder/issues/25
https://gitlab.com/gitlab-org/gitlab/-/issues/327032
2021-04-30 13:27:58 -06:00
Yong Yan f9819b48a5 export sarif report
Fix functions/variables naming

update function name
2021-04-28 16:50:58 -07:00
David A. Wheeler 1ff740623b Fix makefile install/uninstall
Modify "make install" to quote filenames
(in case a directory has a space in it), and
on Linux/Unix force the program's permissions to be executable.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-04-20 20:10:16 -04:00
David A. Wheeler 14bcaeec36
Merge pull request #40 from IntidSammers/master
Make Git patch works
2021-04-07 10:51:56 -04:00
Robin Geffroy 21307f6642 Make Git patch works
Git patch format is slightly different from unified diff / svn diff.
The hunk format changes, and the function name is added after the last
@@. The regex has to be changed to ensure the hunk is recognized, so the
line numbers are correct.
2021-04-07 14:25:15 +02:00
David A. Wheeler 8f3b3c33fa Add .pc and .sc extensions
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-03-21 18:03:37 -04:00
David A. Wheeler 9a181d4103
Merge pull request #37 from ben-edna/feature/cross-platform-setup
Feature/cross platform setup

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-03-21 17:44:11 -04:00
Ben Spoor e0655e4faf Use entry_points instead of scripts
As decribed in https://click.palletsprojects.com/en/7.x/setuptools/ shebangs only work in
unix and OSX (and in cygwin on windows). By using the entry_points mechanism
Python will handle all cross-platform issues making it useable for everybody.
2021-03-08 13:29:31 +01:00
Ben Spoor 6b4b796c48 Make proper python module (add .py extension) 2021-03-08 13:29:17 +01:00
Ben Spoor 09f34faaf2 Add main entry point 2021-03-08 13:21:33 +01:00
David A. Wheeler 36d74e0505 Update tests for new .csv results
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-03-07 18:38:04 -05:00
Yong Yan 88869d9dec Add default rule level to csv 2021-02-26 16:10:48 -08:00
Yong Yan fd4dc902ad Add Sarif rule id 2021-02-25 02:49:15 -08:00