David A. Wheeler's Blog

Sun, 13 Jul 2014

Flawfinder version 1.28 released!

I’ve released yet another new version of flawfinder - now it’s version 1.28. Flawfinder is a simple program that examines C/C++ source code and reports on likely security flaws in the program, ranked by risk level.

This new version has some new capabilities. Common Weakness Enumeration (CWE) references are now included in most hits (this makes it easier to use in conjunction with other tools, and it also makes it easier to find general information about a weakness). The new version of flawfinder also has a new option to only produce reports that match a regular expression (e.g., you can report only hits with specific CWE values). This version also adds support for the git diff format.

This new version also has a number of bug fixes. For example, it handles files not ending in newline, and it more gracefully handles handles unbalanced double-quotes in sprintf. A bug in reporting the time executed has also been fixed.

For more information, or a copy, just go to my original flawfinder home page or the flawfinder project page on SourceForge.net. Enjoy!

path: /security | Current Weblog | permanent link to this entry