![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / pkgsrc / security / flawfinder
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jan 17 21:48:25 2007 UTC (5 years, 4 months ago) by adrianp
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1,
pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3,
pkgsrc-2009Q2-base,
pkgsrc-2009Q2,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1,
pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1,
cwrapper,
cube-native-xorg-base,
cube-native-xorg,
HEAD
Changes since 1.6: +4 -4
lines
Diff to previous 1.6 (colored)
Update to 1.27 2007-01-16 David A. Wheeler <dwheeler, at, dwheeler.com> * Release version 1.27 2007-01-16 Sebastien Tandel <sebastien, at, tandel (doht) be) * Cleaned up code for patch handling, fix bug in subdir handling, include patch info in help. 2007-01-15 Steve Kemp <steve at shellcode dot org> * Fix Debian bug 268236. This complains that flawfinder crashes when presented with a file it cannot read. The patch obviously can't prevent the problem, since the tool can't review what it can't read, but at least it halts with a cleaner error message. 2007-01-15 cmorgan <cmorgan47, at earthlink dooot net> * Fixed Debian bug 271287 (flawfinder). Fixed skipping newlines when line ended with \, which caused incorrect line number reporting. Skip multiple whitespace at one time. 2007-01-15 David A. Wheeler <dwheeler, at, dwheeler.com> * Modified Sebastien Tandel's code so that it also supports GNU diff (his code worked only for svn diff) * When using a patchfile, skip analysis of any file not listed in the patchfile. 2007-01-15 Sebastien Tandel <sebastien, at, tandel (doht) be) * Add support for using "svn diff" created patch files, based on the approach described by David A. Wheeler on how it could be done. 2007-01-15 David A. Wheeler <dwheeler, at, dwheeler.com> * By default, now skips directories beginning with "." (this makes it work nicely with many SCM systems). Added "--followdotdir" option if you WANT it to enter such directories. * Fixed divide-by-zero when no code found (not exactly common in normal use, but anyway!)
Revision 1.6 / (download) - annotate - [select for diffs], Thu Feb 24 13:10:06 2005 UTC (7 years, 3 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base,
pkgsrc-2006Q4,
pkgsrc-2006Q3-base,
pkgsrc-2006Q3,
pkgsrc-2006Q2-base,
pkgsrc-2006Q2,
pkgsrc-2006Q1-base,
pkgsrc-2006Q1,
pkgsrc-2005Q4-base,
pkgsrc-2005Q4,
pkgsrc-2005Q3-base,
pkgsrc-2005Q3,
pkgsrc-2005Q2-base,
pkgsrc-2005Q2,
pkgsrc-2005Q1-base,
pkgsrc-2005Q1
Changes since 1.5: +2 -1
lines
Diff to previous 1.5 (colored)
Add RMD160 digests.
Revision 1.5 / (download) - annotate - [select for diffs], Wed Jun 23 16:19:41 2004 UTC (7 years, 11 months ago) by snj
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base,
pkgsrc-2004Q4,
pkgsrc-2004Q3-base,
pkgsrc-2004Q3
Changes since 1.4: +3 -3
lines
Diff to previous 1.4 (colored)
Update flawfinder to 1.26. Don't set PY_PATCHPLIST, as it is useless. Don't include python/extension.mk, as it is also useless. Don't set NO_CONFIGURE, because it makes PYTHON_PATCH_SCRIPTS useless. Don't set MAKEFILE, as we don't actually use the included makefile for anything. Changes since 1.24: * Added more support for Microsoft's approach to internationalization. * Added two new rules for GLib functions, "g_get_home_dir" and g_get_tmp_dir". * Added curl_getenv(). * Added several rules for input functions (for -I) - recv, recvfrom, recvmsg, fread, and readv. * Tightened the false positive test slightly; if a name is followed by = or - or + it's unlikely to be a function call, so it'll be quietly discarded. * Modified the summary report format slightly. * Modified the getpass text to remove an extraneous character. * Added rules for cuserid, getlogin, getpass, mkstemp, getpw, memalign, as well as the obsolete functions gsignal, ssignal, ulimit, usleep. * Modified text for strncat to clarify it. * Fixed error in --columns format, so that the output is simply "filename:linenumber:columnnumber" when --columns (-C) is used. * Eliminated "Number of" phrase in the footer report * Added more statistical information to the footer report. * Added shortcut single-letter commands (-D for --dataonly, -Q for --quiet, -C for --columns), so that invoking from editors is easier. * Tries to autoremove some false positives. In particular, a function name followed immediately by "=" (ignoring whitespace) is automatically considered to be a variable and NOT a function, and thus doesn't register as a hit. There are exotic cases where this won't be correct, but they're pretty unlikely in real code. * Added a "--falsepositive" (-F) option, which tries to remove many more likely false positives.
Revision 1.4 / (download) - annotate - [select for diffs], Sat Feb 14 14:21:17 2004 UTC (8 years, 3 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base,
pkgsrc-2004Q2,
pkgsrc-2004Q1-base,
pkgsrc-2004Q1
Changes since 1.3: +3 -3
lines
Diff to previous 1.3 (colored)
Update to 1.24:
2003-10-29 David A. Wheeler
* Fixed an incredibly obscure parsing error that caused some
false positives. If a constant C string, after the closing
double-quote, is followed by a \ and newline (instead of a comma),
the string might not be recognized as a constant string
(thus triggering warnings about non-constant values in some cases).
This kind of formatting is quite ugly and rare.
My thanks to Sascha Nitsch (sascha, at spsn.ath.cx) for pointing
this bug out and giving me a test case to work with.
* Added a warning for readlink. The implementation and warning
are mine, but the idea of warning about readlink came from
Stefan Kost (kost, at imn.htwk-leipzig.de). Thanks!!
2003-09-27 David A. Wheeler
* Released version 1.23. Minor bugfixes.
2003-09-27 David A. Wheeler
* Fixed subtle bug - in some circumstances single character constants
wouldn't be parsed correctly. My thanks to Scott Renfro
<scottdonotspam, at renfro.org> for notifying me about this bug.
Scott Renfro also sent me a patch; I didn't use it
(the patch didn't handle other cases), but I'm grateful since it
illustrated the problem.
* Fixed documentation bug in man page.
The option "--minlevel=X" must be preceded by two dashes,
as are all GNU-style long options. The man page accidentally only
had one dash in the summary (it was correct elsewhere); it now
correctly shows both dashes.
* Modified man page to list filename extensions that are
interpreted as C/C++.
* Removed index.html from distribution - it's really only for the
website.
Revision 1.3 / (download) - annotate - [select for diffs], Sun Mar 9 18:11:05 2003 UTC (9 years, 2 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2003Q4-base,
pkgsrc-2003Q4
Changes since 1.2: +3 -3
lines
Diff to previous 1.2 (colored)
Update to 1.22. This release changes the output format slightly to improve integration with other tools, and improves the RPM packaging.
Revision 1.2 / (download) - annotate - [select for diffs], Mon Sep 23 15:19:37 2002 UTC (9 years, 8 months ago) by wiz
Branch: MAIN
CVS Tags: netbsd-1-6-1-base,
netbsd-1-6-1
Changes since 1.1: +3 -3
lines
Diff to previous 1.1 (colored)
Update to 1.21:
* Improved the default output so it creates multiple formatted lines
instead of single very long lines for each hit.
Use the new "--singleline" (-S) option to get the original
"long line" format.
* Removed duplicate "getpass" entry in the ruleset;
this didn't hurt anything, but was unnecessary.
Thanks to the user who gave me that feedback, wish I'd kept your
email address so I could credit you properly :-).
* Added a short tutorial to man page.
* Fixed initial upper/lower case on many entries in the ruleset.
* Allow "--input" as a synonym for "--inputs".
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Jul 14 13:02:23 2002 UTC (9 years, 10 months ago) by wiz
Branch: TNF
CVS Tags: pkgviews-base,
pkgviews,
pkgsrc-base,
netbsd-1-6-RELEASE-base,
netbsd-1-6
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Initial import of flawfinder-1.20. flawfinder is a program that examines source code and reports possible security weaknesses (``flaws'') sorted by risk level. It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Jul 14 13:02:23 2002 UTC (9 years, 10 months ago) by wiz
Branch: MAIN
Initial revision