How to Install Python 3 and Flawfinder for Static Analysis in a Windows Environment

已于 2024-08-27 14:48:30 修改
阅读量525 收藏 5
点赞数 13
分类专栏: buildroot 分析工具 經驗談 文章标签: python
于 2024-08-26 16:49:48 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/agathakuan/article/details/141567381
版权

文章目录

Environment info

configparams
OSwindows 10
VM virtualbox versionversion 7.0.2 r154219 (Qt5.15.2)
linux OS versionubuntu-22.04.3

install VM virtualbox and Linux

Mount disk to shared folder

We need a folder to import source code and save flawfinder output report

  1. create D:/VMstorage
  2. switch to root user to use sudo
$ su -
$ sudo mkdir -p /mnt/shared
$ sudo mount -t vboxsf VMstorage /mnt/shared
  1. Let’s take a try
$ touch 1.txt

see 在这里插入图片描述

install python3 and pip3

  1. switch to root user to use sudo , and change python3 alternatives
$ su -
$ sudo apt install python3.10
$ sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 1
$ sudo update-alternatives --config python3
  1. install pip3
    $ sudo apt install python3-pip
  2. install flawfinder
$ sudo pip3 install flawfinder
$ exit /* exit root user */

For python3.12 version

Notice: 3.12 will occur error: externally-managed-environment
For my experience, please use pipx to install
see how do I solve externally-managed-environmen

sudo python3 -m venv myenv /* create out env*/
sudo myenv/bin/pip install flawfinder
ls myenv/lib/python3.12/site-packages  | grep flawfinder

Run flawfinder to check local source code

When Flawfinder Reads Source Code Containing Chinese Characters or Special Symbols in Comments, an Error Message Occurs. The Solution is as Follows:

  1. Locate flawfinder.py:
    flawfinder.py is usually found in the site-packages directory within the Python installation path.
  2. Add , encoding="latin-1" to the Parameters of open, as Shown Below:
    Modify the open function call by adding the encoding="latin-1" parameter. The modification should look something like this:
def process_c_file(f, patch_infos):
    ...
        try:
            my_input = open(f, "r", encoding="latin-1")
    ...

Run flawfinder

Specify Output and Input Folders

namepath
input source code/mnt/shared/xxx
output/mnt/shared/flawfinder/output
$ cd  /usr/local/lib/python3.10/dist-packages
$ python flawfinder.py --quiet --html <input path>.html > <output path>.html

But html format is not convenient to read, choose csv instead
Bash shell script to run flawfinder with diff path

#!/bin/bash

paths="application_library application_sample uboot audio buildroot cpvs fsbl linux mpp nrs programmer utils"

for path in $paths; do
	python3 ./flawfinder.py --csv /mnt/shared/r3.13.0-rc15/$path > /mnt/shared/flawfinder/output/$path.csv
done

Reference

https://dwheeler.com/flawfinder/

Chia-Te Kuan
关注
  • 13
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
[AI in security]-216 开源威胁情报线索【仅供学习研究使用】
学-> 思->用
08-08 1494
暗网大屏:https://gcokedsa123.grafana.net/dashboard/snapshot/2OJ9OtmtitwiGcIqwIVhvzgmTKDBtTkF?9.深信服安全中心 https://wiki.sec.sangfor.com.cn/index/abroad。微步测绘:https://x.threatbook.com/v5/mapping。火花:https://ti.venuseye.com.cn/#/home。
5 Common Challenges When Building Chatbots with Dialogflow
光剑书架上的书
08-13 431
作者:禅与计算机程序设计艺术This article provides an overview of the challenges involved in building chatbots using Dialogflow and Google Cloud Platform (GCP). We will go through each challenge in detail to provide a detailed understanding of how these issues can be add
python语音识别_Python语音识别终极指南
cumei1658的博客
07-12 1700
python语音识别Have you ever wondered how to add speech recognition to your Python project? If so, then keep reading! It’s easier than you might think. 您是否曾经想过如何在Python项目中添加语音识别? 如果是这样,请继续阅读! 它比您想象的要容易。 ...
OWASP: How to use flawfinder output to improve your source code
最新发布
agathakuan的博客
08-27 692
Flawfinder is a commonly used static source code analysis tool that can check code according to CWE guidelines and provide modification suggestions.Recap: How to Install Python 3 and Flawfinder for Static Analysis in a Windows Environment2021 list-of-mappe
Python深度学习-快速指南
cunzai1985的博客
09-22 2603
Python深度学习-快速指南 (Python Deep Learning - Quick Guide) Advertisements 广告 Previous Page 上一页 Next Page 下一页 Python深度学习-简介 (Python Deep Learning - Introduction) Deep structured learning o...
how to sikuli and robot framework
confei的专栏【飞在路上】
06-06 2360
http://blog.mykhailo.com/2011/02/how-to-sikuli-and-robot-framework.html
Packt.Python.for.Finance.2nd.Edition.2017
07-08
- **Introduction to Matplotlib**: Matplotlib is a plotting library for creating static, interactive, and animated visualizations in Python. It’s widely used for data visualization in finance and ...
Scipy - Scipy Lecture Notes
06-23
- **Matplotlib:** A plotting library for creating static, interactive, and animated visualizations in Python. - **Pandas:** Provides data structures and operations for manipulating numerical tables ...
python开发环境spyder_Spyder:科学的Python 开发环境IDE
weixin_35551678的博客
02-04 318
Some source files and icons may be under other authorship/licenses; see NOTICE.txt.Project status Build status Help support Spyder, the community-developed scientific IDE!Thanks to your...
使用 wireshark 抓本地包
热门推荐
agathakuan的博客
10-28 1万+
一般而言 windows 系統本地到本地ip 的傳輸不會經過網卡,因此無法由 wireshark 捕捉解析,本文介紹 wireshark 同步安裝 Npcap方式,藉此loopback本地ip 到 本地ip
Wireshark will decrypt the TLS (HTTPS) traffic and save the plain text: 將TLS (https) decrypt 並保存明文
agathakuan的博客
10-28 9576
使用 SSL/TLS 協議傳輸的封包在 handshake 之後以加密形式傳輸,即使wireshark 抓包也無法看到內容,本文介紹使TLS 封包解為明文的方法
http-flv 協議解析-wireshark 抓包
agathakuan的博客
02-15 1446
由於目前我從沒有找到 http-flv 協議的規格書之類的東西,僅藉由 nginx-http-flv範例中尋找規則,輔以wireshark 進行協議分析。 下一篇文章,會進行最基本的實作: 使用 HTTP-FLV 協議串流至flv.js 文章目录結果說明環境stepsrun nginx-http-flv-moduleffmpeg push在接收端用 flv.js 打開抓包結果flv.js GET requestnginx-http-flv responsehttp-flv stream 結果說明 http-
Dump audio source from wireshark
agathakuan的博客
07-05 981
Import 原始資料 > open .raw in Audacity。
Example of an Automated SBOM Generation Using Syft
agathakuan的博客
07-17 964
【代码】Example of an Automated SBOM Generation Using Syft。
[Audio]potplayer播放 G.711a or G.711mu 底躁問題
agathakuan的博客
01-29 862
potplayer播放 音頻串流G.711a or G.711mu 的底躁音會忽大忽小 現象 環境 版本 windows 10 potplayer 201209 (1.7.21396) 64 bit potplayer 200204 (1.7.21126) 64 bit 大約在播放前10秒很小聲, 第10秒之後逐漸放大,大到某一個程度之後停止。 wireshark 抓audio sample 也沒有振幅 (也就是音量)上的變化。 與之相對 vlc 等其他也可以播放 g711a,
Profiling memory, file descriptor and other process information with procfs (/proc)
agathakuan的博客
07-05 774
【代码】Profiling memory, file descriptor and other process information with procfs (/proc)
[抓包] wireshark 抓取RTP,播放/存檔語音碼流
agathakuan的博客
01-29 729
Wireshark 其實可以播放rtsp 的聲音裸流 不懂為什麼可以播audio 卻不能播video ???? contentWireshark 其實可以播放rtsp 的聲音裸流使用環境步驟RTSP 抓包Wireshark 播放 audio輸出音頻裸流播放/解析音頻裸流 使用環境 環境 版本 說明 Wireshark Version 3.4.2 (v3.4.2-0-ga889cf1b1bf9) on windows 64 bit 可能需要自行安裝audio codec dll plugin
Cross Debugging with GDB: Embedded Linux
agathakuan的博客
07-05 606
Downlaod target_debug to C:\msys64\home\imxx\ 下, this is MYSYS2 home。
using python how to write a code for detecting cat in a picture
03-31
However, I can provide you with a sample code in Python for detecting cats in an image using OpenCV library and a pre-trained Haar classifier. ``` import cv2 # Load the pre-trained Haar classifier ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值