Add missing CWE(s) to FF1057's warning text (david-a-wheeler#72)

* Add missing CWE(s) to FF1057's warning text * Return generic helpURI if there are no CWEs It can happen (by human error) that a rule may be missing CWEs in the warning text. So, to guard against that, if there are no CWEs, FlawFinder will generate and return a generic URI.
dkt01 · Jul 20, 2023 · 56ffb9f · 56ffb9f
1 parent fcb8df1
commit 56ffb9f
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/flawfinder.py b/flawfinder.py
@@ -587,6 +587,8 @@ def fingerprint(self):
     # Help uri for each defined rule. e.g. "https://dwheeler.com/flawfinder#FF1002"
     # return first CWE link for now
     def helpuri(self):
+        if self.cwes() == '':
+            return 'https://dwheeler.com/flawfinder#{}'.format(self.ruleid)
         cwe = re.split(',|!', self.cwes())[0] + ")"
         return link_cwe_pattern.sub(
                 r'https://cwe.mitre.org/data/definitions/\2.html',
@@ -1500,7 +1502,7 @@ def found_system(hit):
      "access", "", {}, "FF1056"),
 
     "InitializeCriticalSection":
-    (normal, 3, "Exceptions can be thrown in low-memory situations",
+    (normal, 3, "Exceptions can be thrown in low-memory situations (CWE-248, CWE-400)",
      "Use InitializeCriticalSectionAndSpinCount instead",
      "misc", "", {}, "FF1057"),