David A. Wheeler
David A. Wheeler
After line 154 I added: ~~~~ } else if (t === DocumentApp.ElementType.INLINE_DRAWING) { textElements.push(' (NOTE: INLINE_DRAWING NOT SUPPORTED)'); ~~~~
Anything can be improved. What specifically do you suggest?
Plugins are reasonable, the issue will be ensuring security. I want to make sure that users do not accidentally start running random code they did not approve of.
I'm quite familiar with data-flow, control flow, etc. Doing that would be essentially a rewrite from scratch. If we were going to do data-flow, we'd also want control flow, type...
Hmm, this definitely needs some refinement. Since it's in a widely-supported standard, and these symbols are unlikely to have any other meaning, we could certainly tweak flawfinder to deal with...
Flawfinder is a lexing-only tool, so I don't see how we can handle this case. To do more requires actually reading the code into some sort of data structure, which...
Oh, it definitely applies. If the `fmt` is from an attacker, the attacker could use `%n` to write to arbitrary memory, or reveal data that's not supposed to be revealed....
This looks like the text isn't actually UTF-8 in the file being analyzed. Have you verified that the file being examined actually complies with UTF-8? If it doesn't comply with...
Please run "iconv" or some other tool that does byte-by-byte checking. I think the editors just look at a few lines, and they may accept badly formatted data anyway. Python3...
Also: if the character is just a *literal* 0x81 byte, that is not valid UTF-8.