Comments (13)
The tool would be generally be more effective if it generated and used a data flow and control flow graph, though perhaps that should be a different project (it's not clear how much overlap the two would have).
from flawfinder.
Have you heard about variants for computation tree logic?
from flawfinder.
Yes. I expect it's a big effort to build on, though to be fair I haven't recently looked at the libraries to do that. Perhaps a lot is now available.
from flawfinder.
How do you think about corresponding source code analysis possibilities based on the semantic patch language (Coccinelle software)?
from flawfinder.
Can the following example of a small script for the semantic patch language give you an useful impression for the possible source code analysis capabilities?
@b9219fafb2784ece9f554dfb5e692d96_find_call@
expression e;
identifier an_interesting_function;
position p;
@@
e = an_interesting_function@p(...);
@script:python@
p << b9219fafb2784ece9f554dfb5e692d96_find_call.p;
@@
coccilib.report.print_report(p[0],
"WARNING: Reconsider this function call.")
from flawfinder.
There are a number of tools that try to analyze C/C++ code more deeply. Compilers (such as GCC and clang) have to do this (clang generates LLVM; LLVM unforunately is not stable). Cppcheck delves in further, as does the clang static analyzer. They have more information... but writing the system to properly USE that information is non-trivial.
from flawfinder.
- How manageable do you find software development efforts between the mentioned approaches?
- Have you got any known concerns for the involved software complexity in mind?
from flawfinder.
I'm quite aware of many of these things. I have a web page about these kinds of tools: https://dwheeler.com/essays/static-analysis-tools.html
The sophistication of a tool is not necessarily related to the difficulty of using that tool. A tool that spends a lot of effort to reduce false positives can be more complex, yet easier for users. Of course, a more complex tool takes more work to develop & probably to maintain. I'm a big fan of using tools to analyze software to find its vulnerabilities ahead-of-time. In some ways flawfinder is a way to encourage use of these kinds of tools in general; it's a freely-available tool that does some analysis & reporting. If others want to create more sophisticated tools, great!
from flawfinder.
- I find your tool overview impressive.
- 🔮 Can any more improvements be exchanged between involved software components?
from flawfinder.
I'm sure anything can be improved :-).
from flawfinder.
I plan to close this. I think that "higher level" technology is great, but basically it's a wholly different tool & better implemented as a separate program.
from flawfinder.
🔮 Will the software development discussion become more constructive under other circumstances (also for this issue)?
from flawfinder.
If you have a specific recommendation, or even better a pull request, please propose it! Pull requests preferred.
from flawfinder.
Related Issues (20)
- Add a --ignore option
- Invalid helpUri generated HOT 1
- SARIF artifact location paths HOT 3
- Character Encoding Error on UTF-8 Encoded Source File with U+0441 HOT 18
- Warn when PQExec is called with a non-constant to warn about SQL injection in PostgreSQL
- --csv option wont output hits to csv file from mac terminal
- FF1057 is missing CWE attribution in the warning text HOT 1
- Flawfinder does scan the directory with symlinks and exits quietly with error code HOT 1
- binary/hex integer literals with separators lead to parse error HOT 2
- Flawfinder reports abseil::StrCat the same as std:strcat HOT 1
- Can I Modfy more CWE? HOT 1
- SARIF output malformed due to incorrect URI, which causes GitHub upload to fail HOT 1
- Supported python versions HOT 1
- Allow skipping bad characters HOT 4
- flawfinder mis-identifies symbols named "system" as CWE-78
- Declaration of simple C++ method named "read()" triggers CWE-
- Grouping issues by vulnerability title
- Add a smell score for each file
- Improve sscanf and friend vulnerability context
- False positive when a variable is named "system"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flawfinder.