Duplicate of https://sourceforge.net/p/flawfinder/patches/4/
Typos in flawfinder.py
Abnormal termination on valgrind
False positive: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20).
Unnecessary warning for strlen of constant string
Add a closing tag (</li>) (#62)
Fix typos in markdown docs (#64)
Merge branch 'master' of https://github.com/david-a-wheeler/flawfinder
Fix typos
README.md: Clarify version number note
Version 2.0.19
entrypoint.sh: Make minor improvements (#54)
Rename GitHub Action Flawfinder -> flawfinder_scan
README.md: Tweak GitHub actions description
print warning messages to stderr (#58)
Update readme (#55)
entrypoint.sh: Don't require output filename to be escaped
Grant shell script exeuction permission
Update workflow
Add Github Action required files and test workflow.
specify upload sarif file path
update actions files and readme.
Merge pull request #51 from yongyan-gh/users/yongyan-gh/addGHAction
scan specific file so the workflow will not report any error
update readme
Merge branch 'master' of https://github.com/david-a-wheeler/flawfinder
Release version 2.0.18
Fix Sarif output relationship target id format.
Merge pull request #52 from yongyan-gh/users/yongyan-gh/fixSarifOutput
Update flawfinder.1 date
Update ChangeLog
New version 2.0.17
Code style improvement: use "VAR in (...)"
makefile: fix "distribute" target to keep flawfinder.py
ChangeLog: Improve and note new version number
Change version 2.0.15->2.0.16
Update test correct results (new version number)
flawfinder.1: Minor man page cleanup
Make --error-level more obvious in the man page
flawfinder.1: minor reformatting
Document SARIF defails in man page
Ensure SARIF includes flawfinder's current version
ChangeLog: Note major changes (with credits!!)
Track curly brace level in extract_c_parameters
Fix makefile install/uninstall
Merge pull request #44 from myersg86/master
export sarif report
Move sariflogger.py into flawfinder.py
flawfinder.py should be executable
Merge branch 'sarifOutput'
Make Git patch works
Merge pull request #40 from IntidSammers/master
Add main entry point
Merge pull request #37 from ben-edna/feature/cross-platform-setup
Use entry_points instead of scripts
Make proper python module (add .py extension)
Add .pc and .sc extensions
Add default rule level to csv
Add Sarif rule id
Update tests for new .csv results
Fix encoding error message misspelling
Merge pull request #31 from squaresurf/fix-msg
Update test files
Merge pull request #29 from sylveon/load-library-ex-enhancements
Move safe_search to globals and add LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR to the list of safe flags
Check for ps2pdf before using it
Update tests for new version#
Change version# to 2.0.15
Enhance detection and diagnostics of LoadLibrary(Ex)
Update ChangeLog for 2.0.15
Version 2.0.14
Fix makefile problem and version numbers
Tell users how to disable false positives
Remove InitialCriticalSection
Ignore LoadLibraryEx if LOAD_LIBRARY_SEARCH_SYSTEM32
Update ChangeLog
boost::system is interpreted as a shell execution
I've tweaked the master branch so "system::" is ignored. That was simple to do and I think resolves the false positive.
Ignore "system::" to reduce false positives
Add .hpp support for C++
UnicodeDecodeError: 'utf-8' codec can't decode byte
Add test
Merge pull request #21 from duongdominhchau/master
Treat ' as digit separator when file extension is .cpp, .cxx, .cc
Last-minute tweaks for release
Provide better error feedback on encoding problems
Flawfinder's quite clueless about namespaces. I suspect we could simply tweak it to ignore namespace statements, or at least boost::system. ignoring Mainstays declarations is probably ignoring namespace declarations is probably the way to go.
-F parameter helps
boost::system is interpreted as a shell execution
Note character encoding in README, note cvt2utf
Make sub-'make' call POSIX compliant
Move all test related files into a subdirectory