Comments (1)
david-a-wheeler
commented on July 2, 2024
I'm quite familiar with data-flow, control flow, etc. Doing that would be essentially a rewrite from scratch. If we were going to do data-flow, we'd also want control flow, type information, etc.
I don't see any advantage to modifying flawfinder to do this vs. starting a completely new project. In fact, it'd be easier to start from scratch.
Also, note that Flawfinder can work on partial code, including some code that won't compile and/or link. Flawfinder also doesn't require any dependencies (other than Python itself).
So I'd love to see such tools (there are already some!). But that seems like a separate project.
from flawfinder.
Related Issues (20)
- Add a --ignore option
- Invalid helpUri generated HOT 1
- SARIF artifact location paths HOT 3
- Character Encoding Error on UTF-8 Encoded Source File with U+0441 HOT 18
- Warn when PQExec is called with a non-constant to warn about SQL injection in PostgreSQL
- --csv option wont output hits to csv file from mac terminal
- FF1057 is missing CWE attribution in the warning text HOT 1
- Flawfinder does scan the directory with symlinks and exits quietly with error code HOT 1
- binary/hex integer literals with separators lead to parse error HOT 2
- Flawfinder reports abseil::StrCat the same as std:strcat HOT 1
- Can I Modfy more CWE? HOT 1
- SARIF output malformed due to incorrect URI, which causes GitHub upload to fail HOT 1
- Supported python versions HOT 1
- Allow skipping bad characters HOT 4
- flawfinder mis-identifies symbols named "system" as CWE-78
- Declaration of simple C++ method named "read()" triggers CWE-
- Grouping issues by vulnerability title
- Add a smell score for each file
- Improve sscanf and friend vulnerability context
- False positive when a variable is named "system"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flawfinder.