Revision: 76000
http://sourceforge.net/p/brlcad/code/76000
Author: brlcad
Date: 2020-06-02 07:00:20 +0000 (Tue, 02 Jun 2020)
Log Message:
-----------
provide flawfinder an explicit list of files, shaves 17sec down to 12sec.
excluding realpath_bsd since it's not our code, even though the reports is a
genuine security concern with readlink. the 3rd party code is properly
nul-terminating and checking return codes, but it is vulnerable to TOCTOU
attacks and buffer truncation. don't have a good answer other than finding
better/different 3rd party code without this vulnerability. ugh.
Modified Paths:
--------------
brlcad/trunk/regress/flawfinder.sh
Modified: brlcad/trunk/regress/flawfinder.sh
===================================================================
--- brlcad/trunk/regress/flawfinder.sh 2020-06-02 06:35:28 UTC (rev 75999)
+++ brlcad/trunk/regress/flawfinder.sh 2020-06-02 07:00:20 UTC (rev 76000)
@@ -58,7 +58,8 @@
exit 0
fi
-run ${PATH_TO_THIS}/../misc/flawfinder --followdotdir --minlevel=5
--singleline --neverignore --falsepositive --quiet ${PATH_TO_THIS}/../src/[^o]*
+SRCFILES="`find src -type f \( -name \*.c -o -name \*.cpp -o -name \*.cxx -o
-name \*.cc -o -name \*.h -o -name \*.y -o -name \*.l \) -not -regex
'.*src/other.*' -not -regex '.*~' -not -regex '.*\.log' -not -regex
'.*Makefile.*' -not -regex '.*cache.*' -not -regex '.*\.svn.*' -not -regex
'.*src/libbu/realpath_bsd.c.*'`"
+run ${PATH_TO_THIS}/../misc/flawfinder --context --followdotdir --minlevel=5
--singleline --neverignore --falsepositive --quiet ${SRCFILES} | grep -v running
NUMBER_WRONG=0
if test "x`grep \"No hits found.\" $LOGFILE`" = "x" ; then
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
_______________________________________________
BRL-CAD Source Commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/brlcad-commits
