How it works?
As stated from the site http://www.dwheeler.com/flawfinder/, Flawfinder works by using a built-in database of C/C++ functions with well-known problems, such as buffer overflow risks (e.g., strcpy(), strcat(), gets(), sprintf(), and the scanf() family), format string problems ([v][f]printf(), [v]snprintf(), and syslog()), race conditions (such as access(), chown(), chgrp(), chmod(), tmpfile(), tmpnam(), tempnam(), and mktemp()), potential shell metacharacter dangers (most of the exec() family, system(), popen()), and poor random number acquisition (such as random()). The good thing is that you don't have to create this database - it comes with the tool.
Flawfinder then takes the source code text, and matches the source code text against those names, while ignoring text inside comments and strings (except for flawfinder directives).
Simple as normal.
gento@localhost~:$sudo apt-get install flawfinder
How to use?
The testing can be done with the offcial test.c
I have create a simple C program, to read input from stdio and output it to a temp.txt The code as below :
int nbytes = 50;
char outputFilename = "temp.txt";
puts ("Coded by gento_");
puts ("Please enter the text. Your input will be stored in temp.txt : ");
string_input = (char *) malloc (nbytes + 1);
bytes_read = getline (&string_input, &nbytes, stdin);
fp = fopen(outputFilename, "w");
puts ("ERROR : Cannot write to tmp.txt. Please check the folder and file permission ");
if (bytes_read == -1)
puts ("The input that you typed:");
The test result of flawfinder as below :