Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bitwise-0.41/inc/shunting-yard.h
Examining data/bitwise-0.41/inc/bitwise.h
Examining data/bitwise-0.41/inc/stack.h
Examining data/bitwise-0.41/src/misc.c
Examining data/bitwise-0.41/src/cmd.c
Examining data/bitwise-0.41/src/shunting-yard.c
Examining data/bitwise-0.41/src/help.c
Examining data/bitwise-0.41/src/interactive.c
Examining data/bitwise-0.41/src/main.c
Examining data/bitwise-0.41/src/stack.c
Examining data/bitwise-0.41/tests/test-shunting-yard.c
FINAL RESULTS:
data/bitwise-0.41/inc/bitwise.h:99:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fd, __VA_ARGS__); \
data/bitwise-0.41/src/main.c:68:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
pos += sprintf(&binary[pos], "%s", color_white);
data/bitwise-0.41/src/main.c:74:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
pos += sprintf(&binary[pos], "%s", color_blue);
data/bitwise-0.41/src/main.c:78:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
pos += sprintf(&binary[pos], "%s", color_magenta);
data/bitwise-0.41/src/main.c:101:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PACKAGE " " VERSION "\n");
data/bitwise-0.41/src/misc.c:97:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/bitwise-0.41/src/misc.c:164:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ret = sscanf(buf, "%" PRIu64, value);
data/bitwise-0.41/src/misc.c:167:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ret = sscanf(buf, "%" PRIX64, value);
data/bitwise-0.41/src/misc.c:170:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
ret = sscanf(buf, "%" PRIo64, value);
data/bitwise-0.41/src/misc.c:211:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
rc = sprintf(buf, "%" PRIu64, val);
data/bitwise-0.41/src/misc.c:214:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
rc = sprintf(buf, "%" PRIx64, val);
data/bitwise-0.41/src/misc.c:217:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
rc = sprintf(buf, "%" PRIo64, val);
data/bitwise-0.41/src/misc.c:238:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, "Decimal: %" PRIu64, val);
data/bitwise-0.41/src/misc.c:241:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, "Hexadecimal: 0x%" PRIx64, val);
data/bitwise-0.41/src/misc.c:244:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, "Octal: 0%" PRIo64, val);
data/bitwise-0.41/src/misc.c:290:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ret = sprintf(buf, "%" PRIu64, val);
data/bitwise-0.41/src/misc.c:303:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ret = sprintf(buf, "%" PRIu64, val);
data/bitwise-0.41/src/main.c:146:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "vhisw:", long_options, &option_index);
data/bitwise-0.41/src/cmd.c:99:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *tokens[MAX_TOKENS];
data/bitwise-0.41/src/cmd.c:148:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result_string[256];
data/bitwise-0.41/src/interactive.c:125:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binary_field[DBL_BINARY_WIN_LEN];
data/bitwise-0.41/src/interactive.c:266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[64];
data/bitwise-0.41/src/main.c:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_size[16];
data/bitwise-0.41/src/main.c:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binary[512];
data/bitwise-0.41/src/main.c:128:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen("log.txt", "w");
data/bitwise-0.41/src/misc.c:221:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Not implemeted");
data/bitwise-0.41/src/misc.c:247:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos = sprintf(buf, "Binary: ");
data/bitwise-0.41/src/misc.c:280:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(buf, "%.2lf PB", f_val / PB);
data/bitwise-0.41/src/misc.c:282:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(buf, "%.2lf TB", f_val / TB);
data/bitwise-0.41/src/misc.c:284:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(buf, "%.2lf GB", f_val / GB);
data/bitwise-0.41/src/misc.c:286:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(buf, "%.2lf MB", f_val / MB);
data/bitwise-0.41/src/misc.c:288:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(buf, "%.2lf Kb", f_val / kB);
data/bitwise-0.41/src/misc.c:293:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(buf, "%.2lf PiB", f_val / PiB);
data/bitwise-0.41/src/misc.c:295:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(buf, "%.2lf TiB", f_val / TiB);
data/bitwise-0.41/src/misc.c:297:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(buf, "%.2lf GiB", f_val / GiB);
data/bitwise-0.41/src/misc.c:299:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(buf, "%.2lf MiB", f_val / MiB);
data/bitwise-0.41/src/misc.c:301:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ret = sprintf(buf, "%.2lf KiB", f_val / KiB);
data/bitwise-0.41/src/shunting-yard.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_token[MAX_TOKEN_SIZE];
data/bitwise-0.41/src/cmd.c:37:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(cmds[i].name, cmd_name, strlen(cmds[i].name)))
data/bitwise-0.41/src/cmd.c:90:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++)
data/bitwise-0.41/src/help.c:46:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwprintw(help_win, 0, COLS / 2 - strlen(help_header), "%s",
data/bitwise-0.41/src/interactive.c:570:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvprintw(0, (COLS - strlen(title)) / 2, "%s", title);
data/bitwise-0.41/src/interactive.c:572:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwprintw(fields_win, 0, (cols + 6 - strlen(width_str)) / 2, "%s",
data/bitwise-0.41/src/main.c:182:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expr_len += strlen(argv[i]);
data/bitwise-0.41/src/main.c:192:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&expression[expr_pos], argv[i], expr_len - expr_pos);
data/bitwise-0.41/src/main.c:193:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
expr_pos += strlen(argv[i]);
data/bitwise-0.41/src/shunting-yard.c:172:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c += token.value ? strlen(token.value) : 1;
ANALYSIS SUMMARY:
Hits = 47
Lines analyzed = 2605 in approximately 0.07 seconds (36152 lines/second)
Physical Source Lines of Code (SLOC) = 2140
Hits@level = [0] 30 [1] 9 [2] 20 [3] 1 [4] 17 [5] 0
Hits@level+ = [0+] 77 [1+] 47 [2+] 38 [3+] 18 [4+] 17 [5+] 0
Hits/KSLOC@level+ = [0+] 35.9813 [1+] 21.9626 [2+] 17.757 [3+] 8.41121 [4+] 7.94393 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.