![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / security / flawfinder
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.30 / (download) - annotate - [select for diffs], Mon Feb 6 11:23:50 2023 UTC (4 months ago) by nros
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1,
HEAD
Changes since 1.29: +5 -9
lines
Diff to previous 1.29 (colored)
Update flawfinder to version 2.0.19
The reason for the update is to get this package to work,
version 1.31 crashed when I tried it, version 2.0.19 works.
Changes from changelog:
2021-08-29 David A. Wheeler
* Version 2.0.19
* Fix so we send error messages to stderr instead of stdout.
Originally we sent some to stdout by mistake, which could
mess up results since the error messages would be mixed up
with the results.
2021-06-24 David A. Wheeler
* Version 2.0.18
* Fix SARIF output. SARIF output is new to flawfinder, and
there was a subtle error in its generation that causes GitHub
to reject the SARIF file.
2021-06-02 David A. Wheeler
* Version 2.0.17
* Fix the distributed tarball, which didn't include the
key source file due to the earlier file restructure.
* Minor code style fix, which simplifies the code slightly.
* Update date in manual page to 2021. That's important because
the documentation now includes information on `--sarif`.
2021-05-31 David A. Wheeler
* Version 2.0.16
* The distributed source file is now flawfinder.py, not flawfinder.
This is part of a change that improves
improve cross-platform ease-of-use by using entry_points.
That said, "make install" will still
install it as "flawfinder" (so those who install it via
"make install" will see no change). Many thanks to Ben Spoor!
* Added support for generating SARIF output, use --sarif.
A big thanks to Yong Yan for this work!
* Track curly brace level to reduce some problems, my thanks to
Greg Myers for the work!
* Improved handling of Git patch format, thanks to
Robin Geffroy.
2021-01-11 David A. Wheeler
* Version 2.0.15
* Fixed some release problems in 2.0.14.
* Improved handling of LoadLibraryEx; flawfinderr no longer complains
about certain constructs that are known to be safe (eliminating
some false positives).
2021-01-09 David A. Wheeler
* Version 2.0.14
* If there are >0 hits, tell users how to ignore them as part of the
tool output.
* Various Windows improvments.
Ignore LoadLibraryEx if its third parameter is
LOAD_LIBRARY_SEARCH_SYSTEM32, as this is safe, and
remove the rule for InitialCriticalSection
(this is no longer a vulnerability on current widely-used versions
of Windows)
* Various C++ improvements. Add .hpp support for C++,
ignore "system::" to reduce false positives,
treat ' as digit separator when file extension is a C++ file
(for C++14).
* I had some release problems; this is identified as 2.0.14
(skipping a few minor numbers) to ensure that the version
number uniquely identifies a specific release.
2020-02-17 David A. Wheeler
* Version 2.0.11
* Provide a much more detailed error report, including recommended
solutions, when character encoding problems hit.
As Python3 has slowly gained in popularity, its failure to provide
useful built-ins to handle real-world character encoding problems
hurts more people. (E.g., many files don't comply with *any*
character set encoding standard, and Python3 can't read them
without enabling options that are wrong for others.)
We can at least provide much more detailed feedback to help
explain the various options available.
2019-06-22 David A. Wheeler
* Version 2.0.10
* Use binary mode when reading a diffhitlist.
My thanks to Micha Górny, who both reported the problem
and provided the patch!
2019-05-19 David A. Wheeler
* Version 2.0.9
* Fixes a serious defect in --diffhitlist
2019-05-17 Labidurie Jerome
* Fixed a serious defect in --diffhitlist option and added a unit test
2019-01-21 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.8
* Don't warn if memcpy call includes sizeof(first arg).
Thanks to Michael Clark for this improvement!
* Bugfix (banned function _ftcsat should be _ftcscat).
Thanks to Lucas Ramage for reporting this!
* Documentation tweaks. Make it clear that GitHub issues and
pull requests are supported, and use ~~~~ in markdown
to ease copy-and-paste from documentation.
2018-09-30 David A. Wheeler <dwheeler, at, dwheeler.com>
* Incorporate many small improvements from nickthetait
* Fix a number of bugs reported by philipp
* Update URLs for www.dwheeler.com -> dwheeler.com
2018-04-04 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.6
2018-01-26 David A. Wheeler <dwheeler, at, dwheeler.com>
* Small fixes
* Update cwe.mitre.org URLs to use https
2017-11-16 David A. Wheeler <dwheeler, at, dwheeler.com>
* add detection of crypt_r function
* add detection of errant equal, mismatch, and is_permutation
* update CWE, risk, and discussion for C++14 STL functions
* Always report hit counts correctly, even if ignored using -m
* Update www.dwheeler.com URLs to use https
2017-09-02 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.4
* Switch from distutils to setuptools
* Directly support "pip" installs
2017-08-26 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.2
* Flawfinder can now run on either Python 2.7 or 3
* Added more tests
* Implemented additional code cleanups recommended by Pylint
* Modified documentation in various ways to clarify things
2017-08-13 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.1
* Tranform many internal constructs to work on Python 2 or 3,
with the eventual goal of making it run on either.
2017-07-29 David A. Wheeler <dwheeler, at, dwheeler.com>
* Version 2.0.0
* Change version numbers to use Semantic Versioning (x.y.z)
* Add support for generating CSV (comma-separated value) format,
to make this tool easier to integrate into larger toolsuites.
* Fixed a number of issues - and even a few bugs - found by the
Python static analysis tool pylint.
* Document in CONTRIBUTING.md how to contribute to the project.
* Change version number to 2.0.0, because we have a subtle
interface change that won't affect most people but it
*may* affect those who use postprocess
flawfinder data on CWEs. The fundamental issue is that
in some cases a hit corresponds to multiple CWEs. As a result,
in some cases flawfinder will list a sequence of CWEs
in the format "more-general/more-specific", where the CWE actually
being mapped is followed by a "!".
This is always done whenever a flaw is not mapped directly to
a top 25 CWE, but the mapping is related to such a CWE.
So "CWE-119!/CWE-120" means that the vulnerability is mapped
to CWE-119 and that CWE-120 is a subset of CWE-119.
In contrast, "CWE-362/CWE-367!" means that the hit is mapped to
CWE-367, a subset of CWE-362.
Note that this is a subtle syntax change from flawfinder
version 1.31; in flawfinder version 1.31,
the form "more-general:more-specific" meant what is now listed as
"more-general!/more-specific", while
"more-general/more-specific" meant "more-general/more-specific!".
Tools can handle both the version 1.31 and the current format,
if they wish, by noting that the older format did not use "!" at all.
These mapping mechanisms simplify searching for certain CWEs.
Revision 1.29 / (download) - annotate - [select for diffs], Thu Jun 30 11:18:47 2022 UTC (11 months, 1 week ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3
Changes since 1.28: +2 -2
lines
Diff to previous 1.28 (colored)
*: Revbump packages that use Python at runtime without a PKGNAME prefix
Revision 1.28 / (download) - annotate - [select for diffs], Fri Dec 4 20:45:39 2020 UTC (2 years, 6 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4,
pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2,
pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4
Changes since 1.27: +2 -2
lines
Diff to previous 1.27 (colored)
Revbump packages with a runtime Python dep but no version prefix. For the Python 3.8 default switch.
Revision 1.27 / (download) - annotate - [select for diffs], Mon Nov 4 21:12:52 2019 UTC (3 years, 7 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2,
pkgsrc-2020Q1-base,
pkgsrc-2020Q1,
pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.26: +2 -2
lines
Diff to previous 1.26 (colored)
security: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections.
Revision 1.26 / (download) - annotate - [select for diffs], Thu Apr 25 07:33:15 2019 UTC (4 years, 1 month ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3,
pkgsrc-2019Q2-base,
pkgsrc-2019Q2
Changes since 1.25: +2 -1
lines
Diff to previous 1.25 (colored)
PKGREVISION bump for anything using python without a PYPKGPREFIX. This is a semi-manual PKGREVISION bump.
Revision 1.25 / (download) - annotate - [select for diffs], Tue Aug 1 14:59:04 2017 UTC (5 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3
Changes since 1.24: +3 -3
lines
Diff to previous 1.24 (colored)
Follow some http -> https redirects.
Revision 1.24 / (download) - annotate - [select for diffs], Wed Mar 11 00:51:06 2015 UTC (8 years, 3 months ago) by mef
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3,
pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1,
pkgsrc-2015Q4-base,
pkgsrc-2015Q4,
pkgsrc-2015Q3-base,
pkgsrc-2015Q3,
pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.23: +3 -3
lines
Diff to previous 1.23 (colored)
(pkgsrc)
- Add LICENSE= gnu-gpl-v2
(upstream)
- Update 1.27 to 1.31
----------------------
2014-08-03 David A. Wheeler <dwheeler, at, dwheeler.com>
* Release version 1.31, a set of small improvements mostly CWE-related.
* Note that flawfinder is officially CWE-compatible.
* Support GNU make install conventions (prefix, bindir, DESTDIR, etc.).
The older program-specific conventions are still supported, but
the documentation emphasizes using the standard conventions instead.
* Simplified installation text.
* Added more wide character function rules.
* Add reference to info at "http://www.dwheeler.com/secure-programs".
* Document that hitlists should be trusted to be loaded or diffed.
These are implented using Python's pickle module, and that module
presumes the data is from a trustworthy source. In the expected
use case this is fine... but it needed to be documented.
* Tweak/improve mappings to CWE. E.G., strlen()
better maps to CWE-126 (buffer over-read). In a few cases the
CWE mappings weren't reported as such; that is now fixed.
CWEs are actually a hierarchy; expose a little of this so
people can more easily search on them.
* Improved error detection and reporting. In particular, error
messages are sent to standard errors, filenames listed but
non-existent trigger a separate warning, and there's a warning
about non-existent filenames listed on the command line that
begin with the UTF-8 long dash sequence (users might not notice
the difference between long dash and dash, and this can happen
in some cases when copying and pasting).
* Add "-H" option as synonym for "--html".
2014-07-19 David A. Wheeler <dwheeler, at, dwheeler.com>
* Release 1.29, primarily for CWE improvements.
* Multi-line formatting is faster and formats better.
* Documentation about CWEs has been improved.
* HTML format includes links from CWE identifiers to their definitions.
* Tweak CWE mappings, e.g., strlen maps to CWE-126 (buffer over-read).
* Option "--listrules" now gives default warning and is tab-delimited.
* Regression test suite now also tests the generated HTML.
2014-07-13 David A. Wheeler <dwheeler, at, dwheeler.com>
* Release 1.28
* Common Weakness Enumeration (CWE) references are
now included in most hits
* Handle files not ending in newline (thanks to Alexis Wilke)
* Documentation clarifications
* Added support for "git diff" in patchfile processing
* Handles unbalanced double-quotes in sprintf
* Fix incorrect time executed report
* Fix bug to allow "flawfinder ." (fix bug#3)
* Fix ignore directive when filenames differ (fix bug#6)
Revision 1.23 / (download) - annotate - [select for diffs], Sat May 17 16:10:48 2014 UTC (9 years ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base,
pkgsrc-2014Q4,
pkgsrc-2014Q3-base,
pkgsrc-2014Q3,
pkgsrc-2014Q2-base,
pkgsrc-2014Q2
Changes since 1.22: +2 -2
lines
Diff to previous 1.22 (colored)
Bump applications PKGREVISIONs for python users that might be using python3, since the default changed from python33 to python34. I probably bumped too many. I hope I got them all.
Revision 1.22 / (download) - annotate - [select for diffs], Sat Jan 25 10:45:20 2014 UTC (9 years, 4 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base,
pkgsrc-2014Q1
Changes since 1.21: +2 -2
lines
Diff to previous 1.21 (colored)
No need to have two variables for the same logic. Replace PYTHON_PATCH_SCRIPTS with REPLACE_PYTHON.
Revision 1.21 / (download) - annotate - [select for diffs], Tue Oct 23 18:16:27 2012 UTC (10 years, 7 months ago) by asau
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base,
pkgsrc-2013Q4,
pkgsrc-2013Q3-base,
pkgsrc-2013Q3,
pkgsrc-2013Q2-base,
pkgsrc-2013Q2,
pkgsrc-2013Q1-base,
pkgsrc-2013Q1,
pkgsrc-2012Q4-base,
pkgsrc-2012Q4
Changes since 1.20: +1 -3
lines
Diff to previous 1.20 (colored)
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Revision 1.20 / (download) - annotate - [select for diffs], Thu Mar 15 11:53:37 2012 UTC (11 years, 2 months ago) by obache
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base,
pkgsrc-2012Q3,
pkgsrc-2012Q2-base,
pkgsrc-2012Q2,
pkgsrc-2012Q1-base,
pkgsrc-2012Q1
Changes since 1.19: +2 -2
lines
Diff to previous 1.19 (colored)
Bump PKGREVISION from default python to 2.7.
Revision 1.19 / (download) - annotate - [select for diffs], Wed Feb 10 19:17:44 2010 UTC (13 years, 3 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1
Changes since 1.18: +2 -2
lines
Diff to previous 1.18 (colored)
Bump revision for PYTHON_VERSION_DEFAULT change.
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jan 27 17:21:29 2010 UTC (13 years, 4 months ago) by joerg
Branch: MAIN
Changes since 1.17: +5 -3
lines
Diff to previous 1.17 (colored)
DESTDIR support
Revision 1.17 / (download) - annotate - [select for diffs], Mon Feb 9 22:56:26 2009 UTC (14 years, 4 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3,
pkgsrc-2009Q2-base,
pkgsrc-2009Q2,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1
Changes since 1.16: +2 -1
lines
Diff to previous 1.16 (colored)
Switch to Python 2.5 as default. Bump revision of all packages that have changed runtime dependencies now.
Revision 1.16 / (download) - annotate - [select for diffs], Wed Jan 17 21:48:25 2007 UTC (16 years, 4 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1,
cwrapper,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.15: +2 -3
lines
Diff to previous 1.15 (colored)
Update to 1.27 2007-01-16 David A. Wheeler <dwheeler, at, dwheeler.com> * Release version 1.27 2007-01-16 Sebastien Tandel <sebastien, at, tandel (doht) be) * Cleaned up code for patch handling, fix bug in subdir handling, include patch info in help. 2007-01-15 Steve Kemp <steve at shellcode dot org> * Fix Debian bug 268236. This complains that flawfinder crashes when presented with a file it cannot read. The patch obviously can't prevent the problem, since the tool can't review what it can't read, but at least it halts with a cleaner error message. 2007-01-15 cmorgan <cmorgan47, at earthlink dooot net> * Fixed Debian bug 271287 (flawfinder). Fixed skipping newlines when line ended with \, which caused incorrect line number reporting. Skip multiple whitespace at one time. 2007-01-15 David A. Wheeler <dwheeler, at, dwheeler.com> * Modified Sebastien Tandel's code so that it also supports GNU diff (his code worked only for svn diff) * When using a patchfile, skip analysis of any file not listed in the patchfile. 2007-01-15 Sebastien Tandel <sebastien, at, tandel (doht) be) * Add support for using "svn diff" created patch files, based on the approach described by David A. Wheeler on how it could be done. 2007-01-15 David A. Wheeler <dwheeler, at, dwheeler.com> * By default, now skips directories beginning with "." (this makes it work nicely with many SCM systems). Added "--followdotdir" option if you WANT it to enter such directories. * Fixed divide-by-zero when no code found (not exactly common in normal use, but anyway!)
Revision 1.15 / (download) - annotate - [select for diffs], Sat Dec 2 16:01:45 2006 UTC (16 years, 6 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base,
pkgsrc-2006Q4
Changes since 1.14: +4 -4
lines
Diff to previous 1.14 (colored)
Fixed PKGMANDIR.
Revision 1.14 / (download) - annotate - [select for diffs], Sat Mar 4 21:30:33 2006 UTC (17 years, 3 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base,
pkgsrc-2006Q3,
pkgsrc-2006Q2-base,
pkgsrc-2006Q2,
pkgsrc-2006Q1-base,
pkgsrc-2006Q1
Changes since 1.13: +2 -2
lines
Diff to previous 1.13 (colored)
Point MAINTAINER to pkgsrc-users@NetBSD.org in the case where no developer is officially maintaining the package. The rationale for changing this from "tech-pkg" to "pkgsrc-users" is that it implies that any user can try to maintain the package (by submitting patches to the mailing list). Since the folks most likely to care about the package are the folks that want to use it or are already using it, this would leverage the energy of users who aren't developers.
Revision 1.13 / (download) - annotate - [select for diffs], Wed Feb 15 13:43:35 2006 UTC (17 years, 3 months ago) by rillig
Branch: MAIN
Changes since 1.12: +6 -6
lines
Diff to previous 1.12 (colored)
Fixed all pkglint warnings.
Revision 1.12 / (download) - annotate - [select for diffs], Sun Feb 5 23:10:43 2006 UTC (17 years, 4 months ago) by joerg
Branch: MAIN
Changes since 1.11: +2 -1
lines
Diff to previous 1.11 (colored)
Recursive revision bump / recommended bump for gettext ABI change.
Revision 1.11 / (download) - annotate - [select for diffs], Wed Sep 28 20:52:26 2005 UTC (17 years, 8 months ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base,
pkgsrc-2005Q4
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
Replaced "# defined" with "yes" in Makefile variables like GNU_CONFIGURE, NO_BUILD, USE_LIBTOOL.
Revision 1.10 / (download) - annotate - [select for diffs], Fri Jun 17 03:50:31 2005 UTC (17 years, 11 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base,
pkgsrc-2005Q3,
pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.9: +2 -1
lines
Diff to previous 1.9 (colored)
Create directories before installing files into them.
Revision 1.9 / (download) - annotate - [select for diffs], Wed Jun 23 16:19:41 2004 UTC (18 years, 11 months ago) by snj
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2005Q1,
pkgsrc-2004Q4-base,
pkgsrc-2004Q4,
pkgsrc-2004Q3-base,
pkgsrc-2004Q3
Changes since 1.8: +3 -9
lines
Diff to previous 1.8 (colored)
Update flawfinder to 1.26. Don't set PY_PATCHPLIST, as it is useless. Don't include python/extension.mk, as it is also useless. Don't set NO_CONFIGURE, because it makes PYTHON_PATCH_SCRIPTS useless. Don't set MAKEFILE, as we don't actually use the included makefile for anything. Changes since 1.24: * Added more support for Microsoft's approach to internationalization. * Added two new rules for GLib functions, "g_get_home_dir" and g_get_tmp_dir". * Added curl_getenv(). * Added several rules for input functions (for -I) - recv, recvfrom, recvmsg, fread, and readv. * Tightened the false positive test slightly; if a name is followed by = or - or + it's unlikely to be a function call, so it'll be quietly discarded. * Modified the summary report format slightly. * Modified the getpass text to remove an extraneous character. * Added rules for cuserid, getlogin, getpass, mkstemp, getpw, memalign, as well as the obsolete functions gsignal, ssignal, ulimit, usleep. * Modified text for strncat to clarify it. * Fixed error in --columns format, so that the output is simply "filename:linenumber:columnnumber" when --columns (-C) is used. * Eliminated "Number of" phrase in the footer report * Added more statistical information to the footer report. * Added shortcut single-letter commands (-D for --dataonly, -Q for --quiet, -C for --columns), so that invoking from editors is easier. * Tries to autoremove some false positives. In particular, a function name followed immediately by "=" (ignoring whitespace) is automatically considered to be a variable and NOT a function, and thus doesn't register as a hit. There are exotic cases where this won't be correct, but they're pretty unlikely in real code. * Added a "--falsepositive" (-F) option, which tries to remove many more likely false positives.
Revision 1.8 / (download) - annotate - [select for diffs], Sat Feb 14 14:21:17 2004 UTC (19 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base,
pkgsrc-2004Q2,
pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
Update to 1.24:
2003-10-29 David A. Wheeler
* Fixed an incredibly obscure parsing error that caused some
false positives. If a constant C string, after the closing
double-quote, is followed by a \ and newline (instead of a comma),
the string might not be recognized as a constant string
(thus triggering warnings about non-constant values in some cases).
This kind of formatting is quite ugly and rare.
My thanks to Sascha Nitsch (sascha, at spsn.ath.cx) for pointing
this bug out and giving me a test case to work with.
* Added a warning for readlink. The implementation and warning
are mine, but the idea of warning about readlink came from
Stefan Kost (kost, at imn.htwk-leipzig.de). Thanks!!
2003-09-27 David A. Wheeler
* Released version 1.23. Minor bugfixes.
2003-09-27 David A. Wheeler
* Fixed subtle bug - in some circumstances single character constants
wouldn't be parsed correctly. My thanks to Scott Renfro
<scottdonotspam, at renfro.org> for notifying me about this bug.
Scott Renfro also sent me a patch; I didn't use it
(the patch didn't handle other cases), but I'm grateful since it
illustrated the problem.
* Fixed documentation bug in man page.
The option "--minlevel=X" must be preceded by two dashes,
as are all GNU-style long options. The man page accidentally only
had one dash in the summary (it was correct elsewhere); it now
correctly shows both dashes.
* Modified man page to list filename extensions that are
interpreted as C/C++.
* Removed index.html from distribution - it's really only for the
website.
Revision 1.7 / (download) - annotate - [select for diffs], Mon Jul 21 17:20:08 2003 UTC (19 years, 10 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base,
pkgsrc-2003Q4
Changes since 1.6: +2 -2
lines
Diff to previous 1.6 (colored)
COMMENT should start with a capital letter.
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jul 17 22:52:54 2003 UTC (19 years, 10 months ago) by grant
Branch: MAIN
Changes since 1.5: +2 -2
lines
Diff to previous 1.5 (colored)
s/netbsd.org/NetBSD.org/
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jun 2 01:17:18 2003 UTC (20 years ago) by jschauma
Branch: MAIN
Changes since 1.4: +2 -2
lines
Diff to previous 1.4 (colored)
Use tech-pkg@ in favor of packages@ as MAINTAINER for orphaned packages. Should anybody feel like they could be the maintainer for any of thewe packages, please adjust.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Mar 9 18:11:05 2003 UTC (20 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.3: +2 -2
lines
Diff to previous 1.3 (colored)
Update to 1.22. This release changes the output format slightly to improve integration with other tools, and improves the RPM packaging.
Revision 1.3 / (download) - annotate - [select for diffs], Mon Sep 23 15:19:37 2002 UTC (20 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: netbsd-1-6-1-base,
netbsd-1-6-1
Changes since 1.2: +2 -2
lines
Diff to previous 1.2 (colored)
Update to 1.21:
* Improved the default output so it creates multiple formatted lines
instead of single very long lines for each hit.
Use the new "--singleline" (-S) option to get the original
"long line" format.
* Removed duplicate "getpass" entry in the ruleset;
this didn't hurt anything, but was unnecessary.
Thanks to the user who gave me that feedback, wish I'd kept your
email address so I could credit you properly :-).
* Added a short tutorial to man page.
* Fixed initial upper/lower case on many entries in the ruleset.
* Allow "--input" as a synonym for "--inputs".
Revision 1.2 / (download) - annotate - [select for diffs], Sat Sep 21 23:46:56 2002 UTC (20 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.1: +3 -3
lines
Diff to previous 1.1 (colored)
Strip the ".buildlink" from the names of the python application and extension Makefile fragments, because they really don't have anything to do with the buildlink[12] frameworks. Change all the Makefiles that use application.buildlink.mk and extension.buildlink.mk to use application.mk and extension.mk instead.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Jul 14 13:02:23 2002 UTC (20 years, 10 months ago) by wiz
Branch: TNF
CVS Tags: pkgviews-base,
pkgviews,
pkgsrc-base,
netbsd-1-6-RELEASE-base,
netbsd-1-6
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Initial import of flawfinder-1.20. flawfinder is a program that examines source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Jul 14 13:02:23 2002 UTC (20 years, 10 months ago) by wiz
Branch: MAIN
Initial revision