David A. Wheeler's Blog
Mon, 31 May 2004
Flawfinder version 1.25 released!
I’ve released a new version of
flawfinder - version 1.25.
Flawfinder is a simple program that examines C/C++ source code and
reports on likely security flaws in the program, ranked by risk level.
You can view the
ChangeLog for the details.
Here are some of the highlights:
Added more rules for finding problems by examining the
Red Hat Linux 9 documentation (the man3 man pages),
looking for phrases like “do not use”, “security”, and “obsolete”.
Thus, added rules for
cuserid, getlogin, getpass, mkstemp, getpw, memalign, as
well as the obsolete functions gsignal, ssignal, ulimit, usleep.
Flawfinder now has 137 rules that it checks automatically.
Added lengthy text to the manual to explain exactly how to use
flawfinder with vim and emacs. This should also help
integrate flawfinder into other text editors/IDEs.
Fixed an error in —columns format, so that the output is simply
“filename:linenumber:columnnumber” when —columns (-C) is used.
Added shortcut single-letter commands (-D for —dataonly,
-Q for —quiet, -C for —columns), so that invoking from
editors is easier.
Tries to autoremove some false positives, and
added a “—falsepositive” (-F) option which tries to remove
Just go to the
flawfinder home page
to get the latest version.
path: /security | Current Weblog | permanent link to this entry