Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider rewriting this to use joern or alternative #56

Open
prabhu opened this issue Jul 20, 2021 · 1 comment
Open

Consider rewriting this to use joern or alternative #56

prabhu opened this issue Jul 20, 2021 · 1 comment

Comments

@prabhu
Copy link

prabhu commented Jul 20, 2021

Hi,

This is a nice little project. However, as you might know, regexes are not that great for finding flaws. Would you consider rewriting this tool to use a data-flow analysis platform like Joern? Joern is also open-source. Below is a link to the query database which should give an idea.

https://queries.joern.io

Thanks in advance.
@david-a-wheeler
Copy link
Owner

I'm quite familiar with data-flow, control flow, etc. Doing that would be essentially a rewrite from scratch. If we were going to do data-flow, we'd also want control flow, type information, etc.

I don't see any advantage to modifying flawfinder to do this vs. starting a completely new project. In fact, it'd be easier to start from scratch.

Also, note that Flawfinder can work on partial code, including some code that won't compile and/or link. Flawfinder also doesn't require any dependencies (other than Python itself).

So I'd love to see such tools (there are already some!). But that seems like a separate project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prabhu @david-a-wheeler