Ignore LoadLibraryEx if its third parameter is
LOAD_LIBRARY_SEARCH_SYSTEM32, as this is safe.
This eliminates a false positive.
See:
https://github.com/david-a-wheeler/flawfinder/issues/26
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Python3 has provided the world with endless character encoding problems.
It assumes the world is perfect with perfectly encoded data,
and fails to provide useful ways to deal with messy real-world data.
We can't really solve that, but we can detect the problem and
provide some useful information to users on possible ways to
solve the problem. Much of this information was already in the
documentation, but many users aren't looking at the documentation.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Python3 doesn't provide easy-to-use built-in libraries to deal
with common encoding issues (e.g., Windows-1252 encoded characters
in a UTF-8 stream), so when we see an encoding error,
provide better information on how to deal with it and
a pointer to the more detailed information in the documentation.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Update the version number *now* so that we won't
accidentally release two different versions with the same version number.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Change the version number *now*, before release, so that we won't
accidentally release software with a duplicate version number later.
Also, tweak the release_process.md documentation to clarify a few things.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This was reported by philipp. After some tweaking I got the warning
to work on both Python 2 and Python 3.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
We don't currently support this combination, so error out if it's attempted.
Fixes SourceForge bug report #15 "Incomplete HTML output for list of rules".
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
If we see an unterminated parameter list in the code being analyzed,
continue to warn, but treat it as an empty list and continue.
That say, we can try to process at least some of the code.
This fixes bug report #12 TypeError raised for incomplete source code
from philipp created: 2018-03-10.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Fix a typo in the gsignal|ssignal rule.
This fixes SF bug #8.
My thanks to philipp for reporting this!
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
The www.dwheeler.com site has long supported https, but I forgot
to change these URLs. Fix that, so that people will use https.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
Change possible_levels to a tuple. Arrays are mutable,
but we never want to mutate this value, so changing it
to a tuple reduces the risk of accidentally mutating it.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This commit means that the output provides useful summary data,
even if the lower-level hits are suppressed.
Note that this does use a little more memory when some hits
are supressed, since the hitlist is fully created even
if only parts are displayed. However, modern systems have
lots of memory. Hopefully we'll never analyze software
with so many problems that this is a problem itself :-).
If someone ever has that problem, they can output everything
and filter it separately.
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
My upload intended for pypitest appears to have gone to pypi instead.
To eliminate confusion, I'm bumping the version number so that
any single version number always refers to exactly one program version.
This was done with:
sed -i.bak -e 's/2\.0\.3/2.0.4/g' \
ChangeLog correct-results.* flawfinder makefile setup.py
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>