]> git.madduck.net Git - etc/vim.git/blob - autoload/ale/handlers/flawfinder.vim

madduck's git repository

Every one of the projects in this repository is available at the canonical URL git://git.madduck.net/madduck/pub/<projectpath> — see each project's metadata for the exact URL.

All patches and comments are welcome. Please squash your changes to logical commits before using git-format-patch and git-send-email to patches@git.madduck.net. If you'd read over the Git project's submission guidelines and adhered to them, I'd be especially grateful.

SSH access, as well as push access can be individually arranged.

If you use my repositories frequently, consider adding the following snippet to ~/.gitconfig and using the third clone URL listed for each project:

[url "git://git.madduck.net/madduck/"]
  insteadOf = madduck:

projects / etc / vim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Squashed '.vim/bundle/ale/' content from commit 22185c4c
[etc/vim.git] / autoload / ale / handlers / flawfinder.vim
1 scriptencoding utf-8
2 " Author: Christian Gibbons <cgibbons@gmu.edu>
3 " Description: This file defines a handler function that should work for the
4 " flawfinder format with the -CDQS flags.
5
6 " Swiped this function from the GCC handler. Not sure if needed, but doesn't
7 " hurt to have it.
8 function! s:RemoveUnicodeQuotes(text) abort
9     let l:text = a:text
10     let l:text = substitute(l:text, '[`´‘’]', '''', 'g')
11     let l:text = substitute(l:text, '\v\\u2018([^\\]+)\\u2019', '''\1''', 'g')
12     let l:text = substitute(l:text, '[“”]', '"', 'g')
13
14     return l:text
15 endfunction
16
17 function! ale#handlers#flawfinder#HandleFlawfinderFormat(buffer, lines) abort
18     " Look for lines like the following.
19     "
20     " <stdin>:12:4:  [2] (buffer) char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120).  Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length.
21     " <stdin>:31:4:  [1] (buffer) strncpy:Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120).
22     let l:pattern = '\v^([a-zA-Z]?:?[^:]+):(\d+):(\d+)?:? ( \[[0-5]\] [^:]+):(.+)$'
23     let l:output = []
24
25     for l:match in ale#util#GetMatches(a:lines, l:pattern)
26         " Use severity level to determine if it should be considered a warning
27         " or error.
28         let l:severity = str2nr(matchstr(split(l:match[4])[0], '[0-5]'))
29
30         let l:item = {
31         \   'lnum': str2nr(l:match[2]),
32         \   'col': str2nr(l:match[3]),
33         \   'type': (l:severity < ale#Var(a:buffer, 'c_flawfinder_error_severity'))
34         \       ? 'W' : 'E',
35         \   'text': s:RemoveUnicodeQuotes(join(split(l:match[4])[1:]) . ': ' . l:match[5]),
36         \}
37
38         " If the filename is something like <stdin>, <nofile> or -, then
39         " this is an error for the file we checked.
40         if l:match[1] isnot# '-' && l:match[1][0] isnot# '<'
41             let l:item['filename'] = l:match[1]
42         endif
43
44         call add(l:output, l:item)
45     endfor
46
47     return l:output
48 endfunction
vim configuration

Legalese

All content available in this repository is copyright © martin f. krafft, unless otherwise noted.

All files and their content are released under the terms of the Artistic Licence 2.0, unless otherwise noted.

The operator of this repository shall not be held liable for offending content in pages linking to or linked from these page, nor does he endorse their content unless stated otherwise.