文章目录
Environment info
config | params |
---|---|
OS | windows 10 |
VM virtualbox version | version 7.0.2 r154219 (Qt5.15.2) |
linux OS version | ubuntu-22.04.3 |
install VM virtualbox and Linux
Mount disk to shared folder
We need a folder to import source code and save flawfinder output report
- create D:/VMstorage
- switch to root user to use sudo
$ su -
$ sudo mkdir -p /mnt/shared
$ sudo mount -t vboxsf VMstorage /mnt/shared
- Let’s take a try
$ touch 1.txt
see
install python3 and pip3
- switch to root user to use sudo , and change python3 alternatives
$ su -
$ sudo apt install python3.10
$ sudo update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 1
$ sudo update-alternatives --config python3
- install pip3
$ sudo apt install python3-pip
- install flawfinder
$ sudo pip3 install flawfinder
$ exit /* exit root user */
For python3.12 version
Notice: 3.12 will occur error: externally-managed-environment
For my experience, please use pipx to install
see how do I solve externally-managed-environmen
sudo python3 -m venv myenv /* create out env*/
sudo myenv/bin/pip install flawfinder
ls myenv/lib/python3.12/site-packages | grep flawfinder
Run flawfinder to check local source code
When Flawfinder Reads Source Code Containing Chinese Characters or Special Symbols in Comments, an Error Message Occurs. The Solution is as Follows:
- Locate flawfinder.py:
flawfinder.py is usually found in the site-packages directory within the Python installation path. - Add ,
encoding="latin-1"
to the Parameters of open, as Shown Below:
Modify theopen
function call by adding theencoding="latin-1"
parameter. The modification should look something like this:
def process_c_file(f, patch_infos):
...
try:
my_input = open(f, "r", encoding="latin-1")
...
Run flawfinder
Specify Output and Input Folders
name | path |
---|---|
input source code | /mnt/shared/xxx |
output | /mnt/shared/flawfinder/output |
$ cd /usr/local/lib/python3.10/dist-packages
$ python flawfinder.py --quiet --html <input path>.html > <output path>.html
But html format is not convenient to read, choose csv instead
Bash shell script to run flawfinder with diff path
#!/bin/bash
paths="application_library application_sample uboot audio buildroot cpvs fsbl linux mpp nrs programmer utils"
for path in $paths; do
python3 ./flawfinder.py --csv /mnt/shared/r3.13.0-rc15/$path > /mnt/shared/flawfinder/output/$path.csv
done