a static analysis tool for finding vulnerabilities in C/C++ source code
Go to file
David A. Wheeler ba844e7eea README: Fix spelling error 2014-08-03 13:18:51 -04:00
COPYING Initial import 2007-01-16 02:44:45 +00:00
ChangeLog ChangeLog: Update for upcoming release 2014-08-02 22:15:51 -04:00
INSTALL.txt INSTALL.txt: Make it clear that you can simply run without installing. 2014-08-02 22:26:37 -04:00
MANIFEST.in Initial import 2007-01-16 02:44:45 +00:00
README README: Fix spelling error 2014-08-03 13:18:51 -04:00
announcement Initial import 2007-01-16 02:44:45 +00:00
correct-results.html Add cross-link to "Secure Programming" book 2014-07-28 21:25:00 -04:00
correct-results.txt Add cross-link to "Secure Programming" book 2014-07-28 21:25:00 -04:00
cwe.l Add ability to list CWEs in source code 2014-07-13 09:44:34 -04:00
flawfinder Fix some warning text (CWE reference was in wrong place) 2014-08-02 21:59:28 -04:00
flawfinder.1 flawfinder.1: Note that .git and .svn are examples of directories skipped 2014-08-03 13:17:43 -04:00
flawfinder.spec Switch version # to 1.31. 2014-07-27 17:19:24 -04:00
flawtest.c Initial import 2007-01-16 02:44:45 +00:00
junk.c Add support for git diff (as well as svn diff and GNU diff) 2014-07-12 21:36:54 -04:00
makefile Update makefile: Don't use ",1" as temporary directory 2014-08-02 22:39:03 -04:00
no-ending-newline.c Version number now 1.28, add test for filenames without trailing newline 2014-07-12 07:01:23 -04:00
setup.cfg Initial import 2007-01-16 02:44:45 +00:00
setup.py Switch version # to 1.31. 2014-07-27 17:19:24 -04:00
sloctest.c Initial import 2007-01-16 02:44:45 +00:00
test.c Initial import 2007-01-16 02:44:45 +00:00
test2.c Initial import 2007-01-16 02:44:45 +00:00

README

This is "flawfinder" by David A. Wheeler, <dwheeler@dwheeler.com>.

Flawfinder is a simple program that scans C/C++ source code and reports
potential security problems.  It can be a useful tool for examining
software, and it can also serve as a simple introduction to static source code
analysis tools more generally.  It is designed to be easy to install and use.

More technically, flawfinder uses lexical scanning to find tokens
(such as function names) that suggest likely problems, estimates their
level of risk (e.g., by the text of function calls), and reports the results.

For more information, see:
 http://www.dwheeler.com/flawfinder

On Unix/Linux/POSIX systems, you can typically install it by extracting
its files, using "cd" to enter its directory, and then run this:
  sudo make prefix=/usr install
You can omit the "prefix=/usr"; it will then install under "/usr/local".
The file INSTALL.txt has more detailed installation instructions.
Flawfinder requires Python 2 (version 2.5 or later).

Flawfinder is released under the GNU GPL license version 2 or later (GPLv2+).
See the COPYING file for more license information.