./security/flawfinder, Python program to find flaws in C/C++ programs

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.31, Package name: flawfinder-1.31, Maintainer: pkgsrc-users

flawfinder is a program that examines source code and reports
possible security weaknesses (``flaws'') sorted by risk level. It's
very useful for quickly finding and removing at least some potential
security problems before a program is widely released to the public.


Required to run:
[lang/python27]

Master sites:

SHA1: d20f64bf75877f62f63b5115201f31d85df52373
RMD160: 8a96954f1f582e2f2b56590cadeac69c29c2dc88
Filesize: 170.066 KB

Version history: (Expand)


CVS history: (Expand)


   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-03-11 01:51:06 by Makoto Fujiwara | Files touched by this commit (2) | Package updated
Log message:
(pkgsrc)
 - Add LICENSE= gnu-gpl-v2
(upstream)
 - Update 1.27 to 1.31
----------------------
2014-08-03 David A. Wheeler <dwheeler, at, dwheeler.com>
        * Release version 1.31, a set of small improvements mostly CWE-related.
        * Note that flawfinder is officially CWE-compatible.
        * Support GNU make install conventions (prefix, bindir, DESTDIR, etc.).
          The older program-specific conventions are still supported, but
          the documentation emphasizes using the standard conventions instead.
        * Simplified installation text.
        * Added more wide character function rules.
        * Add reference to info at \ 
"http://www.dwheeler.com/secure-programs".
        * Document that hitlists should be trusted to be loaded or diffed.
          These are implented using Python's pickle module, and that module
          presumes the data is from a trustworthy source.  In the expected
          use case this is fine... but it needed to be documented.
        * Tweak/improve mappings to CWE.  E.G., strlen()
          better maps to CWE-126 (buffer over-read).  In a few cases the
          CWE mappings weren't reported as such; that is now fixed.
          CWEs are actually a hierarchy; expose a little of this so
          people can more easily search on them.
        * Improved error detection and reporting.  In particular, error
          messages are sent to standard errors, filenames listed but
          non-existent trigger a separate warning, and there's a warning
          about non-existent filenames listed on the command line that
          begin with the UTF-8 long dash sequence (users might not notice
          the difference between long dash and dash, and this can happen
          in some cases when copying and pasting).
        * Add "-H" option as synonym for "--html".

2014-07-19 David A. Wheeler <dwheeler, at, dwheeler.com>
        * Release 1.29, primarily for CWE improvements.
        * Multi-line formatting is faster and formats better.
        * Documentation about CWEs has been improved.
        * HTML format includes links from CWE identifiers to their definitions.
        * Tweak CWE mappings, e.g., strlen maps to CWE-126 (buffer over-read).
        * Option "--listrules" now gives default warning and is \ 
tab-delimited.
        * Regression test suite now also tests the generated HTML.

2014-07-13 David A. Wheeler <dwheeler, at, dwheeler.com>
        * Release 1.28
        * Common Weakness Enumeration (CWE) references are
          now included in most hits
        * Handle files not ending in newline (thanks to Alexis Wilke)
        * Documentation clarifications
        * Added support for "git diff" in patchfile processing
        * Handles unbalanced double-quotes in sprintf
        * Fix incorrect time executed report
        * Fix bug to allow "flawfinder ." (fix bug#3)
        * Fix ignore directive when filenames differ (fix bug#6)
   2014-05-17 18:10:50 by Thomas Klausner | Files touched by this commit (152)
Log message:
Bump applications PKGREVISIONs for python users that might be using
python3, since the default changed from python33 to python34.

I probably bumped too many. I hope I got them all.
   2014-01-25 11:45:22 by Thomas Klausner | Files touched by this commit (94)
Log message:
No need to have two variables for the same logic.
Replace PYTHON_PATCH_SCRIPTS with REPLACE_PYTHON.
   2012-10-23 20:17:02 by Aleksej Saushev | Files touched by this commit (368)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
   2012-03-15 12:53:45 by OBATA Akio | Files touched by this commit (170) | Package updated
Log message:
Bump PKGREVISION from default python to 2.7.
   2010-02-10 20:17:48 by Joerg Sonnenberger | Files touched by this commit (205)
Log message:
Bump revision for PYTHON_VERSION_DEFAULT change.
   2010-01-27 18:21:29 by Joerg Sonnenberger | Files touched by this commit (1)
Log message:
DESTDIR support