walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Compare commits

base: walkero:248c4449fb0f924d7d9be0ccb09cdbdcba64316b
Branches Tags
walkero:amigaos
walkero:master
walkero:2.0.19r1-amiga
walkero:2.0.19
walkero:2.0.19-alpha1
walkero:2.0.18
walkero:2.0.17
walkero:2.0.16
walkero:2.0.15
walkero:2.0.14
walkero:2.0.12
walkero:2.0.11
walkero:2.0.10
walkero:2.0.9
walkero:2.0.8
walkero:2.0.7
walkero:2.0.6
walkero:2.0.5
walkero:2.0.4
walkero:2.0.2
walkero:2.0.0
walkero:1.31
walkero:1.29
walkero:1.28
walkero:v1.27
walkero:1.27
..
compare: walkero:e95918cd7faed10a74a455854b59434c0c73dad4
Branches Tags
walkero:amigaos
walkero:master
walkero:2.0.19r1-amiga
walkero:2.0.19
walkero:2.0.19-alpha1
walkero:2.0.18
walkero:2.0.17
walkero:2.0.16
walkero:2.0.15
walkero:2.0.14
walkero:2.0.12
walkero:2.0.11
walkero:2.0.10
walkero:2.0.9
walkero:2.0.8
walkero:2.0.7
walkero:2.0.6
walkero:2.0.5
walkero:2.0.4
walkero:2.0.2
walkero:2.0.0
walkero:1.31
walkero:1.29
walkero:1.28
walkero:v1.27
walkero:1.27

No commits in common. "248c4449fb0f924d7d9be0ccb09cdbdcba64316b" and "e95918cd7faed10a74a455854b59434c0c73dad4" have entirely different histories.
248c4449fb ... e95918cd7f

10 changed files with 52 additions and 2036 deletions
Show Stats Expand all files Collapse all files

20
Makefile.amiga
View File

@ -1,20 +0,0 @@
#
# Project: flawfinder
# Created by George "walkero" Sokianos
# 2022-07-25
#
release: clean
mkdir -p release/flawfinder
cp -r release_files/* release/flawfinder/
cp flawfinder.py release/flawfinder/flawfinder
protect release/flawfinder/flawfinder srwed
cp -r simplejson release/flawfinder
cp ChangeLog release/flawfinder/
cp README.md release/flawfinder/
cp COPYING release/flawfinder/
lha -aeqr3 a flawfinder.lha release/
clean:
rm -f simplejson/#?.pyc

105
flawfinder.py Normal file → Executable file
View File

@ -1,4 +1,4 @@
#!python
#!/usr/bin/env python
"""flawfinder: Find potential security flaws ("hits") in source code.
Usage:
@ -40,7 +40,7 @@
# That *finally* makes it possible to semi-gracefully transition.
from __future__ import division
# from __future__ import print_function
from __future__ import print_function
import functools
import sys
import re
@ -53,7 +53,7 @@ import operator # To support filename expansion on Windows
import time
import csv # To support generating CSV format
import hashlib
import simplejson as json
import json
version = "2.0.19"
@ -488,16 +488,16 @@ def print_multi_line(text):
prefix = " "
starting_position = len(prefix) + 1
#
print(prefix),
print(prefix, end='')
position = starting_position
#
for w in text.split():
if len(w) + position >= width:
print '\n',
print(prefix),
print()
print(prefix, end='')
position = starting_position
# print(' '),
print(w),
print(' ', end='')
print(w, end='')
position += len(w) + 1
@ -608,44 +608,44 @@ class Hit(object):
if sarif_output:
return
if output_format:
print("<li>"),
print("<li>", end='')
sys.stdout.write(h(self.filename))
if show_columns:
print(":%(line)s:%(column)s:" % self),
print(":%(line)s:%(column)s:" % self, end='')
else:
print(":%(line)s:" % self),
print(":%(line)s:" % self, end='')
if output_format:
print(" <b>"),
print(" <b>", end='')
# Extra space before risk level in text, makes it easier to find:
print(" [%(level)s] " % self),
print(" [%(level)s]" % self, end=' ')
if output_format:
print("</b> "),
print("(%(category)s) " % self),
print("</b> ", end='')
print("(%(category)s)" % self, end=' ')
if output_format:
print("<i> "),
print(h("%(name)s:" % self)),
print("<i> ", end='')
print(h("%(name)s:" % self), end='')
main_text = h("%(warning)s. " % self)
if output_format: # Create HTML link to CWE definitions
main_text = link_cwe_pattern.sub(
r'<a href="https://cwe.mitre.org/data/definitions/\2.html">\1</a>\3',
main_text)
if single_line:
print(main_text),
print(main_text, end='')
if self.suggestion:
print(" " + h(self.suggestion) + "."),
print(' ' + h(self.note)),
print(" " + h(self.suggestion) + ".", end='')
print(' ' + h(self.note), end='')
else:
if self.suggestion:
main_text += h(self.suggestion) + ". "
main_text += h(self.note)
print '\n',
print()
print_multi_line(main_text)
if output_format:
print(" </i>"),
print("</li>"),
print '\n',
print(" </i>", end='')
print("</li>", end='')
print()
if show_context:
if output_format:
print("<pre>")
@ -676,8 +676,7 @@ def add_warning(hit):
def internal_warn(message):
# print(h(message), file=sys.stderr)
print h(message)
print(h(message), file=sys.stderr)
# C Language Specific
@ -1757,9 +1756,9 @@ def process_c_file(f, patch_infos):
if not quiet:
if output_format:
print 'Examining %s<br>' % (h(f))
print("Examining", h(f), "<br>")
else:
print 'Examining %s' % (h(f))
print("Examining", f)
sys.stdout.flush()
# Python3 is often configured to use only UTF-8, and presumes
@ -1768,10 +1767,10 @@ def process_c_file(f, patch_infos):
# in such cases - with some hints on how to solve it.
try:
text = "".join(my_input.readlines())
except UnicodeDecodeError, err:
except UnicodeDecodeError as err:
print('Error: encoding error in', h(f))
print(err)
print '\n',
print()
print('Python3 requires input character data to be perfectly encoded;')
print('it also requires perfectly correct system encoding settings.')
print('Unfortunately, your data and/or system settings are not.')
@ -1949,7 +1948,8 @@ def display_ruleset(ruleset):
def initialize_ruleset():
expand_ruleset(c_ruleset)
if showheading:
print 'Number of rules (primarily dangerous function names) in C/C++ ruleset: %d' % len(c_ruleset)
print("Number of rules (primarily dangerous function names) in C/C++ ruleset:", len(
c_ruleset))
if output_format:
print("<p>")
if list_rules:
@ -2313,7 +2313,7 @@ def process_options():
diffhitlist_filename = value
display_header()
if showheading:
print("Showing hits not in %s" % value)
print("Showing hits not in", value)
elif opt == "--version":
print(version)
sys.exit(0)
@ -2338,7 +2338,7 @@ def process_options():
# In Python 2 the convention is "getopt.GetoptError", but we
# use "getopt.error" here so it's compatible with both
# Python 1.5 and Python 2.
except getopt.error, text:
except getopt.error as text:
print("*** getopt error:", text)
usage()
sys.exit(16)
@ -2384,13 +2384,13 @@ def show_final_results():
for i in possible_levels: # Initialize count_per_level_and_up
count_per_level_and_up[i] = 0
if show_immediately or not quiet: # Separate the final results.
print '\n',
print()
if showheading:
if output_format:
print("<h2>Final Results</h2>")
else:
print("FINAL RESULTS:")
print '\n',
print()
hitlist.sort(key=hitlist_sort_key)
# Display results. The HTML format now uses
# <ul> so that the format differentiates each entry.
@ -2418,14 +2418,14 @@ def show_final_results():
if output_format:
print("<h2>Analysis Summary</h2>")
else:
print '\n',
print()
print("ANALYSIS SUMMARY:")
if output_format:
print("<p>")
else:
print '\n',
print()
if count > 0:
print 'Hits = %d' % count
print("Hits =", count)
else:
print("No hits found.")
if output_format:
@ -2436,27 +2436,27 @@ def show_final_results():
time_analyzing = time.time() - starttime
if required_regex:
print("Hits limited to regular expression " + required_regex)
print("Lines analyzed = %d" % sumlines),
print("Lines analyzed = %d" % sumlines, end='')
if time_analyzing > 0 and not omit_time: # Avoid divide-by-zero.
print(" in approximately %.2f seconds (%.0f lines/second)" % (
time_analyzing, (sumlines / time_analyzing)))
else:
print '\n',
print()
if output_format:
print("<br>")
print("Physical Source Lines of Code (SLOC) = %d" % sloc)
if output_format:
print("<br>")
# Output hits@each level.
print("Hits@level ="),
print("Hits@level =", end='')
for i in possible_levels:
print(" [%d] %3d" % (i, count_per_level[i])),
print(" [%d] %3d" % (i, count_per_level[i]), end='')
if output_format:
print(" <br>")
else:
print '\n',
print()
# Compute hits at "level x or higher"
print("Hits@level+ ="),
print("Hits@level+ =", end='')
for i in possible_levels:
for j in possible_levels:
if j >= i:
@ -2464,20 +2464,20 @@ def show_final_results():
i] = count_per_level_and_up[i] + count_per_level[j]
# Display hits at "level x or higher"
for i in possible_levels:
print(" [%d+] %3d" % (i, count_per_level_and_up[i])),
print(" [%d+] %3d" % (i, count_per_level_and_up[i]), end='')
if output_format:
print(" <br>")
else:
print '\n',
print()
if sloc > 0:
print("Hits/KSLOC@level+ ="),
print("Hits/KSLOC@level+ =", end='')
for i in possible_levels:
print(" [%d+] %3g" % (
i, count_per_level_and_up[i] * 1000.0 / sloc)),
i, count_per_level_and_up[i] * 1000.0 / sloc), end='')
if output_format:
print(" <br>")
else:
print '\n',
print()
#
if num_links_skipped:
print("Symlinks skipped =", num_links_skipped, "(--allowlink overrides but see doc for security issue)")
@ -2488,14 +2488,14 @@ def show_final_results():
if output_format:
print("<br>")
if num_ignored_hits > 0:
print("Suppressed hits = %d (use --neverignore to show them)" % num_ignored_hits)
print("Suppressed hits =", num_ignored_hits, "(use --neverignore to show them)")
if output_format:
print("<br>")
print("Minimum risk level = %d" % minimum_level)
if output_format:
print("<br>")
else:
print '\n',
print()
if count > 0:
print("Not every hit is necessarily a security vulnerability.")
print("You can inhibit a report by adding a comment in this form:")
@ -2505,7 +2505,7 @@ def show_final_results():
if output_format:
print("<br>")
else:
print '\n',
print()
print("There may be other security vulnerabilities; review your code!")
if output_format:
print("<br>")
@ -2550,4 +2550,3 @@ def main():
if __name__ == '__main__':
main()

BIN
release_files/COPYING.info
View File

Binary file not shown.

BIN
release_files/ChangeLog.info
View File

Binary file not shown.

BIN
release_files/README.md.info
View File

Binary file not shown.

1963
release_files/flawfinder.html
View File

File diff suppressed because it is too large Load Diff

BIN
release_files/flawfinder.html.info
View File

Binary file not shown.

BIN
release_files/flawfinder.info
View File

Binary file not shown.

BIN
release_files/flawfinder.pdf
View File

Binary file not shown.

BIN
release_files/flawfinder.pdf.info
View File

Binary file not shown.