Commit Graph

279 Commits

Author SHA1 Message Date
Ben Spoor e0655e4faf Use entry_points instead of scripts
As decribed in https://click.palletsprojects.com/en/7.x/setuptools/ shebangs only work in
unix and OSX (and in cygwin on windows). By using the entry_points mechanism
Python will handle all cross-platform issues making it useable for everybody.
2021-03-08 13:29:31 +01:00
Ben Spoor 6b4b796c48 Make proper python module (add .py extension) 2021-03-08 13:29:17 +01:00
Ben Spoor 09f34faaf2 Add main entry point 2021-03-08 13:21:33 +01:00
David A. Wheeler 36d74e0505 Update tests for new .csv results
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-03-07 18:38:04 -05:00
Yong Yan 88869d9dec Add default rule level to csv 2021-02-26 16:10:48 -08:00
Yong Yan fd4dc902ad Add Sarif rule id 2021-02-25 02:49:15 -08:00
David A. Wheeler c13f65df14
Merge pull request #31 from squaresurf/fix-msg
Fix encoding error message misspelling
2021-01-12 22:50:13 -05:00
Daniel Paul Searles 29a28737e8
Fix encoding error message misspelling 2021-01-12 20:09:23 -07:00
David A. Wheeler 6c8f2ce729 Update ChangeLog for 2.0.15
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:27:58 -05:00
David A. Wheeler 04e444c84a Update tests for new version#
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:21:15 -05:00
David A. Wheeler 8f3111a3fd Change version# to 2.0.15
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:20:19 -05:00
David A. Wheeler 6fd354bd2d Check for ps2pdf before using it
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-11 19:19:12 -05:00
David A. Wheeler 29df9eb26e
Merge pull request #29 from sylveon/load-library-ex-enhancements
Enhance detection and diagnostics of LoadLibrary(Ex)
2021-01-11 19:15:20 -05:00
Charles Milette 49fd4b2ec9
Move safe_search to globals and add LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR to the list of safe flags 2021-01-10 18:01:03 -05:00
Charles Milette bd3787e2bc
Update test files 2021-01-09 20:37:20 -05:00
Charles Milette 917d03e4f9
Enhance detection and diagnostics of LoadLibrary(Ex) 2021-01-09 20:25:26 -05:00
David A. Wheeler 0cba711317 Version 2.0.14
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:55:24 -05:00
David A. Wheeler 3e0c3a4f53 Fix makefile problem and version numbers
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:49:12 -05:00
David A. Wheeler 6ec2611fac Update ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:35:30 -05:00
David A. Wheeler 48d45086b2 Ignore LoadLibraryEx if LOAD_LIBRARY_SEARCH_SYSTEM32
Ignore LoadLibraryEx if its third parameter is
LOAD_LIBRARY_SEARCH_SYSTEM32, as this is safe.
This eliminates a false positive.

See:
https://github.com/david-a-wheeler/flawfinder/issues/26

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:22:58 -05:00
David A. Wheeler 7321f9f19c Remove InitialCriticalSection
This is no longer a vulnerability on widely-used Windows versions.
See:
https://github.com/david-a-wheeler/flawfinder/issues/19

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 13:04:56 -05:00
David A. Wheeler 41857c6364 Tell users how to disable false positives
If there are >0 hits, tell users how to ignore them in the output.
This resolves:
https://github.com/david-a-wheeler/flawfinder/issues/24

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-09 12:55:44 -05:00
David A. Wheeler 48ebb4023e Ignore "system::" to reduce false positives
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-03 14:13:27 -05:00
David A. Wheeler f32f11f092 Add .hpp support for C++
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2021-01-03 13:42:58 -05:00
David A. Wheeler 40b540d6ae
Merge pull request #21 from duongdominhchau/master
Fix misrecognized number separator in C++14
2021-01-03 12:58:36 -05:00
Duong Do Minh Chau 1bb1a69d6c Add test 2020-04-27 20:22:27 +07:00
Duong Do Minh Chau e856bce4e9 Treat ' as digit separator when file extension is .cpp, .cxx, .cc 2020-04-27 20:00:17 +07:00
David A. Wheeler 6d3a04cfef Last-minute tweaks for release
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2020-02-17 10:24:34 -05:00
David A. Wheeler d694a9e766 Provide better error feedback on encoding problems
Python3 has provided the world with endless character encoding problems.
It assumes the world is perfect with perfectly encoded data,
and fails to provide useful ways to deal with messy real-world data.

We can't really solve that, but we can detect the problem and
provide some useful information to users on possible ways to
solve the problem.  Much of this information was already in the
documentation, but many users aren't looking at the documentation.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2020-02-17 10:05:39 -05:00
David A. Wheeler 293ca17d82 Note character encoding in README, note cvt2utf
To help people out, note the potential character encoding issue
in the README (pointing to the documentation for more details)
and note the "cvt2utf" Python program.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-10-24 08:22:59 -04:00
David A. Wheeler 578c99cc17
Merge pull request #15 from jhachenbergerSIT/test_subdir
Move all test related files into a subdirectory
2019-09-24 21:33:01 -04:00
Julien Hachenberger be85f40291
Recreate missing make targets
Pull request #15 moved `check` and `test-is-correct`
to test/makefile making them inaccessible by the main
makefile. This commit recreates both targets again and
simply passesthrough the calls to the corresponding sub makefile.

Signed-off-by: Julien Hachenberger <julien.hachenberger@sit.fraunhofer.de>
2019-09-24 12:52:10 +02:00
Julien Hachenberger 717d035206
Make sub-'make' call POSIX compliant
Pull request #15 introduced a `make` call using `-C` (short for: `--directory`)
option which is not POSIX compliant. This commit will use the `cd` builtin
instead to maintain POSIX compliance.

Signed-off-by: Julien Hachenberger <julien.hachenberger@sit.fraunhofer.de>
2019-09-24 12:42:39 +02:00
Julien Hachenberger 025cee45db
Move all test related files into a subdirectory
In order to keep all test-related files within one folder,
this commit creates a new folder 'test/', moves the
test-related files into it and intrdocues a second makefile
within this folder dedicated to run the tests.
The original makefile still contains a 'test' target, but simply
delegates this task to the second makefile.

(fixes david-a-wheeler/flawfinder#11)

Signed-off-by: Julien Hachenberger <julien.hachenberger@sit.fraunhofer.de>
2019-09-23 11:37:14 +02:00
David A. Wheeler fe78940e6f Add better error message on encoding problems
Python3 doesn't provide easy-to-use built-in libraries to deal
with common encoding issues (e.g., Windows-1252 encoded characters
in a UTF-8 stream), so when we see an encoding error,
provide better information on how to deal with it and
a pointer to the more detailed information in the documentation.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-09-22 15:22:17 -04:00
David A. Wheeler f1fdd59da5 Improve docs on character encoding
Provide better info on how to handle character encoding problems.
As more people use Python3 this is more likely to be a problem.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-09-22 15:21:11 -04:00
David A. Wheeler a3ff9a89d6
Merge pull request #10 from jhachenbergerSIT/cleanup
Remove unused files
2019-09-22 14:07:21 -04:00
Julien Hachenberger fa5d5f217d
Remove unused files
These files are not used by any project file,
nor mentioned by the documentation, hence they seem
to be useless.

Signed-off-by: Julien Hachenberger <julien.hachenberger@sit.fraunhofer.de>
2019-09-02 13:09:38 +02:00
David A. Wheeler 38cfae4000 Update version number to upcoming 2.0.11
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-06-23 19:43:09 -04:00
David A. Wheeler 3d054d7438 Update ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-06-22 14:54:00 -04:00
David A. Wheeler 422473be6d Bugfix: when opening diffhitlist, use 'rb' mode
My thanks to Michał Górny, who both reported the problem
and provided the patch. Awesome!

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-06-22 14:49:42 -04:00
David A. Wheeler d35fd2718a Update version number now
Update the version number *now* so that we won't
accidentally release two different versions with the same version number.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-05-19 22:55:14 -04:00
David A. Wheeler f5abbfc701 Document what changed in version 2.0.9.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-05-19 22:45:04 -04:00
David A. Wheeler 627fd605dc Note --diffhitlist fix in ChangeLog
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-05-17 19:51:50 -04:00
Labidurie Jerome 8f8353df07 Add unit test for --diffhitlist option
Signed-off-by: Labidurie Jerome <jerome.labidurie@orange.com>
2019-05-17 10:08:33 +02:00
Labidurie Jerome 280dc4a295 Fix Hitlist comparison by adding __eq__() & __ne__() to Hit class
Signed-off-by: Labidurie Jerome <jerome.labidurie@orange.com>
2019-05-17 10:00:41 +02:00
Jon Hood 1e2e6f590f
Merge pull request #6 from elfring/construct_string_literals_without_using_plus_operators
Syntax changes thanks to elfring that do affect bytecode size; Construct string literals without using plus operators
2019-02-26 10:27:04 -06:00
Markus Elfring 69084a95bb Construction of string literals without using plus operators
The programming language “Python” supports string literal concatenation
without the usage of additional plus operators as standard functionality.
https://docs.python.org/3/reference/lexical_analysis.html#string-literal-concatenation

Thus omit unnecessary operator specifications.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2019-02-26 13:09:04 +01:00
David A. Wheeler d42ecdba1d Fix indentation (pylint)
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-02-25 23:33:57 -05:00
David A. Wheeler 59a4d42a33 Update test values for version number
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2019-02-25 23:30:58 -05:00