New checker flawfinder for C/C++.

HaikalM · Apr 25, 2017 · 2cfb29d · 2cfb29d
1 parent 8e82ea7
commit 2cfb29d
Show file tree

Hide file tree

Showing 4 changed files with 162 additions and 21 deletions.
diff --git a/doc/syntastic-checkers.txt b/doc/syntastic-checkers.txt
@@ -532,12 +532,13 @@ The following checkers are available for C (filetype "c"):
     4. Clang-Tidy...............|syntastic-c-clang_tidy|
     5. Cppcheck.................|syntastic-c-cppcheck|
     6. cppclean.................|syntastic-c-cppclean|
-    7. GCC......................|syntastic-c-gcc|
-    8. make.....................|syntastic-c-make|
-    9. OClint...................|syntastic-c-oclint|
-    10. PC-Lint.................|syntastic-c-pc_lint|
-    11. Sparse..................|syntastic-c-sparse|
-    12. Splint..................|syntastic-c-splint|
+    7. Flawfinder...............|syntastic-c-flawfinder|
+    8. GCC......................|syntastic-c-gcc|
+    9. make.....................|syntastic-c-make|
+    10. OClint..................|syntastic-c-oclint|
+    11. PC-Lint.................|syntastic-c-pc_lint|
+    12. Sparse..................|syntastic-c-sparse|
+    13. Splint..................|syntastic-c-splint|
 
 ------------------------------------------------------------------------------
 1. AVR-GCC                                                *syntastic-c-avrgcc*
@@ -719,7 +720,33 @@ accepts the standard options described at |syntastic-config-makeprg|.
 See also: |syntastic-cpp-cppclean|.
 
 ------------------------------------------------------------------------------
-7. GCC                                                       *syntastic-c-gcc*
+7. Flawfinder                                         *syntastic-c-flawfinder*
+
+Name:        flawfinder
+Maintainer:  LCD 47 <lcd047@gmail.com>
+
+"Flawfinder" scans C/C++ source code for possible security weaknesses. See the
+project's page for more information:
+
+    https://www.dwheeler.com/flawfinder
+
+Checker options~
+
+This checker is initialised using the "makeprgBuild()" function and thus it
+accepts the standard options described at |syntastic-config-makeprg|.
+
+Additionally:
+
+                                            *'g:syntastic_c_flawfinder_thres'*
+Type: integer
+Default: 3
+Error threshold. Policy violations with a severity above this value are
+highlighted as errors, the others are considered warnings by syntastic.
+
+See also: |syntastic-cpp-flawfinder|.
+
+------------------------------------------------------------------------------
+8. GCC                                                       *syntastic-c-gcc*
 
 Name:        gcc
 Maintainer:  Gregor Uhlenheuer <kongo2002@gmail.com>
@@ -816,7 +843,7 @@ executable.
 See also: |syntastic-cpp-gcc|.
 
 ------------------------------------------------------------------------------
-8. make                                                     *syntastic-c-make*
+9. make                                                     *syntastic-c-make*
 
 Name:        make
 Maintainer:  Gregor Uhlenheuer <kongo2002@gmail.com>
@@ -827,7 +854,7 @@ This checker is initialised using the "makeprgBuild()" function and thus it
 accepts the standard options described at |syntastic-config-makeprg|.
 
 ------------------------------------------------------------------------------
-9. OClint                                                 *syntastic-c-oclint*
+10. OClint                                                *syntastic-c-oclint*
 
 Name:        oclint
 Maintainer:  "UnCO" Lin <undercooled@lavabit.com>
@@ -866,7 +893,7 @@ Config files pointed to by 'g:syntastic_oclint_config_file' are then ignored.
 See also: |syntastic-cpp-oclint|.
 
 ------------------------------------------------------------------------------
-10. PC-Lint                                              *syntastic-c-pc_lint*
+11. PC-Lint                                              *syntastic-c-pc_lint*
 
 Name:        pc_lint
 Maintainer:  Steve Bragg <steve@empresseffects.com>
@@ -893,7 +920,7 @@ current directory and in parent directories; first such file found is used.
 See also: |syntastic-cpp-pc_lint|.
 
 ------------------------------------------------------------------------------
-11. Sparse                                                *syntastic-c-sparse*
+12. Sparse                                                *syntastic-c-sparse*
 
 Name:        sparse
 Maintainer:  Daniel Walker <dwalker@fifo99.com>
@@ -925,7 +952,7 @@ your vimrc: >
 This allows "Sparse" to read "GCC"'s private include files.
 
 ------------------------------------------------------------------------------
-12. Splint                                                *syntastic-c-splint*
+13. Splint                                                *syntastic-c-splint*
 
 Name:        splint
 Maintainer:  LCD 47 <lcd047@gmail.com>
@@ -983,10 +1010,11 @@ The following checkers are available for C++ (filetype "cpp"):
     4. Cppcheck.................|syntastic-cpp-cppcheck|
     5. cppclean.................|syntastic-cpp-cppclean|
     6. Cpplint..................|syntastic-cpp-cpplint|
-    7. GCC......................|syntastic-cpp-gcc|
-    8. OClint...................|syntastic-cpp-oclint|
-    9. PC-Lint..................|syntastic-cpp-pc_lint|
-    10. Vera++..................|syntastic-cpp-verapp|
+    7. Flawfinder...............|syntastic-cpp-flawfinder|
+    8. GCC......................|syntastic-cpp-gcc|
+    9. OClint...................|syntastic-cpp-oclint|
+    10. PC-Lint.................|syntastic-cpp-pc_lint|
+    11. Vera++..................|syntastic-cpp-verapp|
 
 ------------------------------------------------------------------------------
 1. AVR-GCC                                              *syntastic-cpp-avrgcc*
@@ -1190,7 +1218,33 @@ However, if your "cpplint" was installed with "pip", the script's name is
     let g:syntastic_cpp_cpplint_exec = "cpplint"
 <
 ------------------------------------------------------------------------------
-7. GCC                                                     *syntastic-cpp-gcc*
+7. Flawfinder                                       *syntastic-cpp-flawfinder*
+
+Name:        flawfinder
+Maintainer:  LCD 47 <lcd047@gmail.com>
+
+"Flawfinder" scans C/C++ source code for possible security weaknesses. See the
+project's page for more information:
+
+    https://www.dwheeler.com/flawfinder
+
+Checker options~
+
+This checker is initialised using the "makeprgBuild()" function and thus it
+accepts the standard options described at |syntastic-config-makeprg|.
+
+Additionally:
+
+                                          *'g:syntastic_cpp_flawfinder_thres'*
+Type: integer
+Default: 3
+Error threshold. Policy violations with a severity above this value are
+highlighted as errors, the others are considered warnings by syntastic.
+
+See also: |syntastic-c-flawfinder|.
+
+------------------------------------------------------------------------------
+8. GCC                                                     *syntastic-cpp-gcc*
 
 Name:        gcc
 Maintainer:  Gregor Uhlenheuer <kongo2002@gmail.com>
@@ -1287,7 +1341,7 @@ executable.
 See also: |syntastic-c-gcc|.
 
 ------------------------------------------------------------------------------
-8. OClint                                               *syntastic-cpp-oclint*
+9. OClint                                               *syntastic-cpp-oclint*
 
 Name:        oclint
 Maintainer:  "UnCO" Lin <undercooled@lavabit.com>
@@ -1327,7 +1381,7 @@ Config files pointed to by 'g:syntastic_oclint_config_file' are then ignored.
 See also: |syntastic-c-oclint|.
 
 ------------------------------------------------------------------------------
-9. PC-Lint                                             *syntastic-cpp-pc_lint*
+10. PC-Lint                                            *syntastic-cpp-pc_lint*
 
 Name:        pc_lint
 Maintainer:  Steve Bragg <steve@empresseffects.com>
@@ -1354,7 +1408,7 @@ current directory and in parent directories; first such file found is used.
 See also: |syntastic-c-pc_lint|.
 
 ------------------------------------------------------------------------------
-10. Vera++                                              *syntastic-cpp-verapp*
+11. Vera++                                              *syntastic-cpp-verapp*
 
 Name:        verapp
 Maintainer:  Lucas Verney <phyks@phyks.me>

diff --git a/plugin/syntastic.vim b/plugin/syntastic.vim
@@ -19,7 +19,7 @@ if has('reltime')
     lockvar! g:_SYNTASTIC_START
 endif
 
-let g:_SYNTASTIC_VERSION = '3.8.0-49'
+let g:_SYNTASTIC_VERSION = '3.8.0-50'
 lockvar g:_SYNTASTIC_VERSION
 
 " Sanity checks {{{1

diff --git a/syntax_checkers/c/flawfinder.vim b/syntax_checkers/c/flawfinder.vim
@@ -0,0 +1,61 @@
+"============================================================================
+"File:        flawfinder.vim
+"Description: Syntax checking plugin for syntastic
+"Maintainer:  LCD 47 <lcd047 at gmail dot com>
+"License:     This program is free software. It comes without any warranty,
+"             to the extent permitted by applicable law. You can redistribute
+"             it and/or modify it under the terms of the Do What The Fuck You
+"             Want To Public License, Version 2, as published by Sam Hocevar.
+"             See http://sam.zoy.org/wtfpl/COPYING for more details.
+"
+"============================================================================
+
+if exists('g:loaded_syntastic_c_flawfinder_checker')
+    finish
+endif
+let g:loaded_syntastic_c_flawfinder_checker = 1
+
+if !exists('g:syntastic_c_flawfinder_sort')
+    let g:syntastic_c_flawfinder_sort = 1
+endif
+
+if !exists('g:syntastic_c_flawfinder_thres')
+    let g:syntastic_c_flawfinder_thres = 3
+endif
+
+let s:save_cpo = &cpo
+set cpo&vim
+
+function! SyntaxCheckers_c_flawfinder_GetHighlightRegex(item)
+    let term = matchstr(a:item['text'], '\m^(\S\+)\s\+\zs\S\+\ze:')
+    return term !=# '' ? '\V\<' . escape(term, '\') . '\>' : ''
+endfunction
+
+function! SyntaxCheckers_c_flawfinder_GetLocList() dict
+    let makeprg = self.makeprgBuild({
+        \ 'args_after': '--columns --dataonly --singleline --quiet' })
+
+    let errorformat = '%f:%l:%c:  [%n] %m'
+
+    let loclist = SyntasticMake({
+        \ 'makeprg': makeprg,
+        \ 'errorformat': errorformat,
+        \ 'subtype': 'Style',
+        \ 'returns': [0] })
+
+    for e in loclist
+        let e['type'] = e['nr'] < g:syntastic_{self.getFiletype()}_flawfinder_thres ? 'W' : 'E'
+        let e['nr'] = 0
+    endfor
+
+    return loclist
+endfunction
+
+call g:SyntasticRegistry.CreateAndRegisterChecker({
+    \ 'filetype': 'c',
+    \ 'name': 'flawfinder' })
+
+let &cpo = s:save_cpo
+unlet s:save_cpo
+
+" vim: set sw=4 sts=4 et fdm=marker:
diff --git a/syntax_checkers/cpp/flawfinder.vim b/syntax_checkers/cpp/flawfinder.vim
@@ -0,0 +1,26 @@
+"============================================================================
+"File:        flawfinder.vim
+"Description: Syntax checking plugin for syntastic
+"Maintainer:  Benjamin Bannier <bbannier at gmail dot com>
+"License:     This program is free software. It comes without any warranty,
+"             to the extent permitted by applicable law. You can redistribute
+"             it and/or modify it under the terms of the Do What The Fuck You
+"             Want To Public License, Version 2, as published by Sam Hocevar.
+"             See http://sam.zoy.org/wtfpl/COPYING for more details.
+"============================================================================
+
+if exists('g:loaded_syntastic_cpp_flawfinder_checker')
+    finish
+endif
+let g:loaded_syntastic_cpp_flawfinder_checker = 1
+
+if !exists('g:syntastic_cpp_flawfinder_thres')
+    let g:syntastic_cpp_flawfinder_thres = 3
+endif
+
+call g:SyntasticRegistry.CreateAndRegisterChecker({
+    \ 'filetype': 'cpp',
+    \ 'name': 'flawfinder',
+    \ 'redirect': 'c/flawfinder'})
+
+" vim: set sw=4 sts=4 et fdm=marker: