Open zyga opened 3 years ago
What would you suggest?
One "simple" approach is to just ignore everything inside attribute(), since it doesn't actually call anything it just declares attributes.
I'm not deeply familiar with the internals of flawfinder. One suggestion would be to pre-process the input text and then figure out this is an attribute and not a function call. I'm not sure if this is something that is in scope. Another suggestion is to special case __attribute__
and simply ignore it.
Although it'd take a little effort, it would be possible to skip everything inside attribute.
I don't know if attribute is used often enough in code to worthwhile; it's not practical for flawfinder to never report a false positive.
I've tried flawfinder on my
zt
library:This refers to https://github.com/zyga/libzt/blob/main/zt.c#L35 - reproduced below for simplicity: