Factbites
Where results make sense
About us   |   Why use us?   |   Reviews   |   PR   |   Contact us  

Topic: Flawfinder


Related Topics
Code review
The Cathedral and the Bazaar
Software inspection
Fagan inspection
Peer review
Pterosauria

In the News (Sun 3 Jun 12)
EXECUTIVE POWER
Iran
ANALYSIS
Pakistan
Family compact

  
  Flawfinder - Wikipedia, the free encyclopedia
Flawfinder is a programming tool that examines C or C++ source code looking for security weaknesses.
Flawfinder is implemented in Python, and was developed by David A. Wheeler.
FlawFinder, Flawfinder and Computer Security Specialists are also Trademarks of Flawfinder.com.
en.wikipedia.org /wiki/Flawfinder   (173 words)

  
 linux software and linux documentation for all your needs : usinglinux.org
Flawfinder knows about gettext (a common library for internationalized programs) and will treat constant strings passed through gettext as though they were constant strings; this reduces the number of false hits in internationalized programs.
Flawfinder has a number of options, which can be grouped into options that control its own documentation, select which hits to display, select the output format, and perform hitlist management.
Flawfinder can be fooled by user-defined functions or method names that happen to be the same as those defined as ‘‘hits’’ in its database, and will often trigger on definitions (as well as uses) of functions with the same name.
www.usinglinux.org /man/flawfinder.1.html   (2321 words)

  
 Flawfinder Home Page
Flawfinder is released under the General Public License (GPL) version 2, and thus is open source software (as defined by the Open Source Definition) and Free Software (as defined by the Free Software Foundation's GNU project).
Flawfinder is available via FreeBSD's Ports system (see this FreeBSD ports query for flawfinder and flawfinder info for security-related ports).
Flawfinder is written in Python, to simplify the task of writing and extending it.
www.dwheeler.com /flawfinder   (3167 words)

  
 Flawfinder   (Site not responding. Last check: 2007-11-04)
Flawfinder is a python program by David Wheeler which scans code for known security vulnerabilities.
Flawfinder scans each file specified on the command line and produces a report when scanning is complete.
Recently I have extended flawfinder to take arbitrary rulesets which are specified on the command line.
www.codespelunking.org /pages/cs_flawfinder.html   (115 words)

  
 'Flawfinder' available for use   (Site not responding. Last check: 2007-11-04)
Flawfinder will miss some security problems, and point out issues that aren't really security problems, but nevertheless I think it can help track down security problems in code so that the code can be fixed.
You can download flawfinder from: http://www.dwheeler.com/flawfinder Flawfinder is in its very early stages - I'm labelling it version "0.12".
After I wrote flawfinder - and just before I released it - I found out that Secure Software Solutions was also writing a program (RATS) to perform this same task, also to be released under the GPL.
old.lwn.net /2001/0524/a/flawfinder.php3   (237 words)

  
 LWN: flawfinder 1.25 released
Flawfinder searches through C/C++ source code looking for potential security flaws.
Flawfinder is open source software / Free Software, released under the GPL.
Flawfinder now has 137 rules that it checks automatically.
www.lwn.net /Articles/87725/?format=printable   (194 words)

  
 Flawfinder 1.22, le chasseur de failles
Flawfinder devrait être le compagnon de tous les développeurs, cet outil permet d’auditer de manière automatique un code source afin d’y trouver des erreurs de programmation pouvant être sources de vulnérabilités.
Flawfinder, développé en python est un outils permettant d’auditer un code source écrit en C ou C++ afin d’y trouver les bugs que pourrait exploiter un pirater afin de mener une action malveillante sur le programme vulnérable.
Flawfinder possède sa propre base de données de fonctions C & C++ qui lorsqu’elles sont mal utilisées peuvent poser des problèmes de sécurité.
www.vulnerabilite.com /actu/20020310204957flawfinder.html   (307 words)

  
 LWN - Security
Any functions specified in a flawfinder database are known as hits and will cause any references to them in the source to be examined to be flagged.
Flawfinder and RATS join another application its4, which was noted by LWN.net late last year.
The developers [of flawfinder and RATS] didn't know about each other's efforts until just before their releases, but they have agreed to coordinate in some way to create a "best of breed" source code scanner.
lwn.net /2001/0524/security.php3   (1022 words)

  
 [Sigunix] [article] Source Code Scanners for Better Code   (Site not responding. Last check: 2007-11-04)
FlawFinder is also pretty fast, covering thousands of lines of C code on a typical desktop machine in a matter of seconds.
For example, in tests using intentionally insecure code, FlawFinder was able to distinguish between strcpy() from a constant sized string and variable length strings, the difference between vulnerabilities and false hits.
FlawFinder found two unique problems worth reporting, but missed the note about the fixed size declaration of "char buf[ 1024 ]" at line 37, which could become a problem (and it does on some platforms).
acm.cwru.edu /pipermail/sigunix/2001-October/000584.html   (1857 words)

  
 Flawfinder
Jun 7 2004, 11:52 PM Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first.
In fact, note that flawfinder doesn't really ``understand'' the semantics of the code at all - it primarily does simple text pattern matching (though it does ignore comments and strings as it should).
Nevertheless, flawfinder can be a very useful aid in finding and removing security vulnerabilities.
www.governmentsecurity.org /archive/t9295.html   (1195 words)

  
 flawfinder updated to 0.19
Once I released flawfinder last week, I got a flurry of patches and a bug report from several different sources.
I've re-released flawfinder, bumping its version number to 0.19; the new version fixes a subtle bug (when gettext() surrounds multi-line strings) and adds various small improvements.
Flawfinder (now version 0.19) is available at: http://www.dwheeler.com/flawfinder
lists.virus.org /secprog-0111/msg00000.html   (91 words)

  
 David A. Wheeler's Blog   (Site not responding. Last check: 2007-11-04)
Flawfinder is a simple program that examines C/C++ source code and reports on likely security flaws in the program, ranked by risk level.
Added lengthy text to the manual to explain exactly how to use flawfinder with vim and emacs.
Just go to the flawfinder home page to get the latest version.
www.dwheeler.com /blog/2004/05/31   (194 words)

  
 [No title]
Note that flawfinder uses simple lexical analysis; eliminating many more false positives would require deeper code analysis (to examine type information, buffer size declarations, etc.).
To deal with this, now flawfinder NEVER opens a file type that isn't a file or directory, and it skips symbolic links by default (though this can be changed), no matter if they're listed at the top or inside a directory descendent.
Flawfinder has always had this ability (since 0.12), but now it's documented.
www.dwheeler.com /flawfinder/ChangeLog   (3051 words)

  
 [Savannah-dev] Re: Suggestion: add automated support for "flawfinder".
Flawfinder is a lint-like program that > searches for common security flaws in C/C++ programs and > reports them.
Also we would ask you to provide documentation and support for flawfinder for the next 12 months.
Previous by thread: [Savannah-dev] Suggestion: add automated support for "flawfinder".
mail.gnu.org /archive/html/savannah-dev/2002-07/msg00002.html   (210 words)

  
 Bug#117657: marked as done (ITP: flawfinder -- examines source code and look for security weaknesses)
Your message dated Tue, 30 Oct 2001 14:57:09 -0500 with message-id and subject line Bug#117657: fixed in flawfinder 0.17-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
Flawfinder intentionally works similarly to another program, ITS4, which is not open source.
lists.debian.org /debian-wnpp/2001/10/msg00483.html   (305 words)

  
 Problem running Flawfinder with Python - Python
Problem running Flawfinder with Python, a discussion topic in our Python forum.
Flawfinder required Python 1.5 or better so I loaded Python
If "flawfinder" is a Python script, check the first line of it
www.thescripts.com /forum/thread19808.html   (148 words)

  
 Flawfinder 1.22   (Site not responding. Last check: 2007-11-04)
Aug 7 2003, 01:38 PM Flawfinder is a program that examines source code and reports possible security weaknesses (``flaws'') sorted by risk level.
It's very useful for quickly finding and removing at least some potential security problems before a program is widely released to the public (or if youve recieved code you think might be a bit dodgy!)
Flawfinder works on Unix-like systems today (it's been tested on GNU/Linux), and it should be easy to port to Windows systems.
www.governmentsecurity.org /archive/t1187.html   (133 words)

  
 TU-Graz Newsarchiv - Flawfinder 1.25 - A program that scans source code looking for   (Site not responding. Last check: 2007-11-04)
Flawfinder 1.25 - A program that scans source code looking for
It will provide a list of potential security flaws, sorted by risk, with the most potentially dangerous flaws shown first.
Lengthy text has been added to the manual to explain exactly how to use flawfinder with Vim and Emacs.
newsarchiv.tugraz.at /browse/tu-graz.freshmeat/msg28356.html   (320 words)

  
 Gmane -- Mail To News And Back Again
This feature should not be used by people who have no clue what they are doing.
FEATURES=flawfinder Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first.
Only it can process c/cpp/php/pl vs flawfinder c/cpp.
article.gmane.org /gmane.linux.gentoo.hardened/1204   (705 words)

  
 .:[ packet storm ]:.   (Site not responding. Last check: 2007-11-04)
Updated the report given about having %s in scanf when a limit for %s was provided.
Flawfinder now (by default) skips symbolic links, and always skips special files, to counter attackers who insert malicious files in their source code directories.
After receiving faked replies, requesting parties store the MAC in their ARP tables and will send future packets to this invalid MAC, rendering the IP unreachable.
packetstormsecurity.org / - !http://packetstormsecurity.nl/UNIX/security/index2.html   (1720 words)

  
 Category:Source Code Scanners - SecurityForest
Flawfinder is a source code scanner for C or C++ code.
It scans source code it's given, and reports patterns that suggest a security vulnerability.
Flawfinder is written in Python and released under the General Public License (GPL).
securityforest.com /wiki/index.php/Category:Source_Code_Scanners   (350 words)

  
 Bug#117657: ITP: flawfinder -- examines source code and look for security weaknesses
Bug#117657: marked as done (ITP: flawfinder -- examines source code and look for security weaknesses)
Previous by thread: Bug#117609: ITP: xmms-alarm - xmms general plugin for using xmms as an alarm clock.
Next by thread: Bug#117657: marked as done (ITP: flawfinder -- examines source code and look for security weaknesses)
lists.debian.org /debian-wnpp/2001/10/msg00478.html   (133 words)

  
 Bugtraq: "Flawfinder" available for use
Flawfinder will miss some security problems, and point out issues that aren't
Flawfinder is in its very early stages - I'm labelling it version "0.12".
After I wrote flawfinder - and just before I released it - I found out that
seclists.org /bugtraq/2001/May/0211.html   (230 words)

  
 Flawfinder   (Site not responding. Last check: 2007-11-04)
'Flawfinder' looks through source code for potential security flaws in source code by using a built-in database of C/C++ functions with well-known problems, and providing a list of potential security flaws, sorted by risk, with the most potentially dangerous flaws shown first.
Risk level depends on both the function and the values of the parameters of the function.
Please consider donating to the FSF to help support this project.
directory.fsf.org /all/flawfinder.html   (238 words)

  
 Problem running Flawfinder with Python   (Site not responding. Last check: 2007-11-04)
> "Crose, Carol" wrote: > > > I need to test some lsof source code and have loaded Flawfinder 1.22 to test it.
Flawfinder required Python 1.5 or better so I loaded Python 2.2.3.
If "flawfinder" is a Python script, check the first line of it for text that looks something like this: #!/usr/bin/env python or perhaps #!/usr/local/bin/python You either need the python executable installed in the specified directory or, for the /usr/bin/env version, you need it installed in a folder that is in the PATH.
mail.python.org /pipermail/python-list/2003-July/172524.html   (164 words)

  
 [Savannah-dev] Suggestion: add automated support for "flawfinder".
Flawfinder is a lint-like program that searches for common security flaws in C/C++ programs and reports them.
It'd be nice if a lead developer could press a button and then receive (via the web or email) a flawfinder report listing all the potential vulnerabilities found in a current project.
Next by thread: [Savannah-dev] Re: Suggestion: add automated support for "flawfinder".
mail.gnu.org /archive/html/savannah-dev/2002-07/msg00001.html   (122 words)

  
 New version of flawfinder available (version 0.17)
Folks - a new version of "flawfinder" (my code auditing tool) is now available.
This should make it very easy to analyze entire projects, and easy to integrate flawfinder into project websites...
I use a small version number because I consider the vulnerability database to be relatively small.
lists.virus.org /secprog-0110/msg00013.html   (252 words)

  
 LinuxDevCenter.com: Clean Up Your Code with Flawfinder
Two new tools have been announced that scan C and C++ source code for potential security problems.
RATS was developed by Secure Software Solutions and Flawfinder was developed by David Wheeler.
Both tools are released under the GPL (GNU Public License) -- and Secure Software Solutions and David Wheeler have stated that they plan to coordinate future development.
www.linuxdevcenter.com /pub/a/linux/2001/05/29/insecurities.html   (816 words)

  
 Bug#117657: ITP: flawfinder -- examines source code and look for security weaknesses
Re: Bug#117657: ITP: flawfinder -- examines source code and look for security weaknesses
Next by Date: Re: Bug#117657: ITP: flawfinder -- examines source code and look for security weaknesses
Next by thread: Re: Bug#117657: ITP: flawfinder -- examines source code and look for security weaknesses
lists.debian.org /debian-devel/2001/10/msg02160.html   (105 words)

  
 TU-Graz Newsarchiv - Flawfinder 1.26 - A program that scans source code looking for
Flawfinder 1.26 - A program that scans source code looking for
by David A. Wheeler (http://freshmeat.net/~davidawheeler/) Tuesday, June 15th 2004 20:48 About: Flawfinder searches through source code looking for potential security flaws.
Previous by thread: Flawfinder 1.25 - A program that scans source code looking for
newsarchiv.tugraz.at /browse/tu-graz.freshmeat/msg29777.html   (276 words)

Try your search on: Qwika (all wikis)

Factbites
  About us   |   Why use us?   |   Reviews   |   Press   |   Contact us  
Copyright © 2005-2007 www.factbites.com Usage implies agreement with terms.