Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/belcard-1.0.2/include/belcard/belcard.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_addressing.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_calendar.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_communication.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_explanatory.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_general.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_generic.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_geographical.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_identification.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_organizational.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_params.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_parser.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_property.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_rfc6474.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_security.hpp
Examining data/belcard-1.0.2/include/belcard/belcard_utils.hpp
Examining data/belcard-1.0.2/include/belcard/vcard_grammar.hpp
Examining data/belcard-1.0.2/src/belcard.cpp
Examining data/belcard-1.0.2/src/belcard_addressing.cpp
Examining data/belcard-1.0.2/src/belcard_calendar.cpp
Examining data/belcard-1.0.2/src/belcard_communication.cpp
Examining data/belcard-1.0.2/src/belcard_explanatory.cpp
Examining data/belcard-1.0.2/src/belcard_general.cpp
Examining data/belcard-1.0.2/src/belcard_geographical.cpp
Examining data/belcard-1.0.2/src/belcard_identification.cpp
Examining data/belcard-1.0.2/src/belcard_organizational.cpp
Examining data/belcard-1.0.2/src/belcard_params.cpp
Examining data/belcard-1.0.2/src/belcard_parser.cpp
Examining data/belcard-1.0.2/src/belcard_property.cpp
Examining data/belcard-1.0.2/src/belcard_rfc6474.cpp
Examining data/belcard-1.0.2/src/belcard_security.cpp
Examining data/belcard-1.0.2/src/belcard_utils.cpp
Examining data/belcard-1.0.2/src/vcard_grammar.cpp
Examining data/belcard-1.0.2/tester/belcard-addressing-tester.cpp
Examining data/belcard-1.0.2/tester/belcard-calendar-tester.cpp
Examining data/belcard-1.0.2/tester/belcard-communication-tester.cpp
Examining data/belcard-1.0.2/tester/belcard-explanatory-tester.cpp
Examining data/belcard-1.0.2/tester/belcard-general-tester.cpp
Examining data/belcard-1.0.2/tester/belcard-geographical-tester.cpp
Examining data/belcard-1.0.2/tester/belcard-identification-tester.cpp
Examining data/belcard-1.0.2/tester/belcard-organizational-tester.cpp
Examining data/belcard-1.0.2/tester/belcard-rfc6474-tester.cpp
Examining data/belcard-1.0.2/tester/belcard-security-tester.cpp
Examining data/belcard-1.0.2/tester/belcard-tester.cpp
Examining data/belcard-1.0.2/tester/belcard-tester.hpp
Examining data/belcard-1.0.2/tester/belcard-vcard-tester.cpp
Examining data/belcard-1.0.2/tools/belcard-folder.cpp
Examining data/belcard-1.0.2/tools/belcard-parser.cpp
Examining data/belcard-1.0.2/tools/belcard-unfolder.cpp
FINAL RESULTS:
data/belcard-1.0.2/tester/belcard-tester.cpp:32:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prefix, "%s%.*s", argv[0][0] == '/' ? "" : "./", prefix_length, argv[0]);
data/belcard-1.0.2/tester/belcard-tester.cpp:55:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(lev == BCTBX_LOG_ERROR ? stderr : stdout, fmt, args);
data/belcard-1.0.2/tester/belcard-tester.cpp:61:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(lev == BCTBX_LOG_ERROR ? stderr : stdout, fmt, cap);
data/belcard-1.0.2/tester/belcard-tester.cpp:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[200];
data/belcard-1.0.2/src/belcard_utils.cpp:61:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (isspace(output[crlf + strlen(endline)])) {
data/belcard-1.0.2/src/belcard_utils.cpp:62:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output.erase(crlf, strlen(endline) + 1);
data/belcard-1.0.2/src/belcard_utils.cpp:64:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crlf += strlen(endline);
data/belcard-1.0.2/src/belcard_utils.cpp:86:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
istr.read(&vcard[0], vcard.size());
ANALYSIS SUMMARY:
Hits = 8
Lines analyzed = 5655 in approximately 0.21 seconds (26491 lines/second)
Physical Source Lines of Code (SLOC) = 3799
Hits@level = [0] 2 [1] 4 [2] 1 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 10 [1+] 8 [2+] 4 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 2.63227 [1+] 2.10582 [2+] 1.05291 [3+] 0.789681 [4+] 0.789681 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.