Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/caja-extensions-1.24.1/gksu/libcaja-gksu.c Examining data/caja-extensions-1.24.1/image-converter/caja-image-converter.c Examining data/caja-extensions-1.24.1/image-converter/caja-image-converter.h Examining data/caja-extensions-1.24.1/image-converter/caja-image-resizer.c Examining data/caja-extensions-1.24.1/image-converter/caja-image-resizer.h Examining data/caja-extensions-1.24.1/image-converter/caja-image-rotator.c Examining data/caja-extensions-1.24.1/image-converter/caja-image-rotator.h Examining data/caja-extensions-1.24.1/image-converter/image-converter.c Examining data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c Examining data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.h Examining data/caja-extensions-1.24.1/open-terminal/open-terminal.c Examining data/caja-extensions-1.24.1/sendto/caja-nste.c Examining data/caja-extensions-1.24.1/sendto/caja-nste.h Examining data/caja-extensions-1.24.1/sendto/caja-sendto-command.c Examining data/caja-extensions-1.24.1/sendto/caja-sendto-module.c Examining data/caja-extensions-1.24.1/sendto/caja-sendto-plugin.h Examining data/caja-extensions-1.24.1/sendto/plugins/caja-burn/caja-burn.c Examining data/caja-extensions-1.24.1/sendto/plugins/emailclient/emailclient.c Examining data/caja-extensions-1.24.1/sendto/plugins/gajim/gajim.c Examining data/caja-extensions-1.24.1/sendto/plugins/nst-common.c Examining data/caja-extensions-1.24.1/sendto/plugins/nst-common.h Examining data/caja-extensions-1.24.1/sendto/plugins/pidgin/pidgin.c Examining data/caja-extensions-1.24.1/sendto/plugins/removable-devices/removable-devices.c Examining data/caja-extensions-1.24.1/sendto/plugins/upnp/upnp.c Examining data/caja-extensions-1.24.1/share/caja-share.c Examining data/caja-extensions-1.24.1/share/caja-share.h Examining data/caja-extensions-1.24.1/share/shares.c Examining data/caja-extensions-1.24.1/share/shares.h Examining data/caja-extensions-1.24.1/wallpaper/caja-wallpaper-command.c Examining data/caja-extensions-1.24.1/wallpaper/caja-wallpaper-extension.c Examining data/caja-extensions-1.24.1/wallpaper/caja-wallpaper-extension.h Examining data/caja-extensions-1.24.1/xattr-tags/caja-xattr-tags-extension.c Examining data/caja-extensions-1.24.1/xattr-tags/caja-xattr-tags-extension.h FINAL RESULTS: data/caja-extensions-1.24.1/share/caja-share.c:239:3: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod (path, new_mode); data/caja-extensions-1.24.1/share/caja-share.c:346:11: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod (path, new_mode) != 0) data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:294:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*terminal_exec + strlen (*terminal_exec), quoted_cmd); data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:331:35: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. working_directory = g_strdup (g_get_home_dir ()); data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:338:35: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. working_directory = g_strdup (g_get_home_dir ()); data/caja-extensions-1.24.1/sendto/caja-sendto-command.c:195:8: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. g_get_tmp_dir(), g_get_user_name()); data/caja-extensions-1.24.1/sendto/caja-sendto-command.c:198:6: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. g_get_tmp_dir(), g_get_user_name(), data/caja-extensions-1.24.1/share/caja-share.c:178:28: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return g_build_filename (g_get_home_dir (), ".mate2", "mate-file-manager-share-modified-permissions", NULL); data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:239:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *port = s == NULL ? 0 : atoi(s); /* FIXME: getservbyname ? */ data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:293:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (*terminal_exec + strlen (*terminal_exec), " -e "); data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:376:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). orig_cwd = open (".", O_RDONLY); data/caja-extensions-1.24.1/share/caja-share.c:203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[50]; data/caja-extensions-1.24.1/share/caja-share.c:287:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/caja-extensions-1.24.1/share/shares.c:430:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[1]; data/caja-extensions-1.24.1/share/shares.c:598:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[7]; data/caja-extensions-1.24.1/share/shares.c:659:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[2]; data/caja-extensions-1.24.1/image-converter/caja-image-resizer.c:170:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). basename[strlen (basename) - strlen (extension)] = '\0'; data/caja-extensions-1.24.1/image-converter/caja-image-resizer.c:170:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). basename[strlen (basename) - strlen (extension)] = '\0'; data/caja-extensions-1.24.1/image-converter/caja-image-resizer.c:307:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (gtk_entry_get_text (priv->name_entry)) == 0) { data/caja-extensions-1.24.1/image-converter/caja-image-rotator.c:167:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). basename[strlen (basename) - strlen (extension)] = '\0'; data/caja-extensions-1.24.1/image-converter/caja-image-rotator.c:167:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). basename[strlen (basename) - strlen (extension)] = '\0'; data/caja-extensions-1.24.1/image-converter/caja-image-rotator.c:306:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (gtk_entry_get_text (priv->name_entry)) == 0) { data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:178:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (result == NULL || strlen (result) == 0) { data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:235:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h_end = h + strlen(h); data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:292:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *terminal_exec = g_realloc (*terminal_exec, strlen (*terminal_exec) + strlen (quoted_cmd) + 4 + 1); data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:292:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *terminal_exec = g_realloc (*terminal_exec, strlen (*terminal_exec) + strlen (quoted_cmd) + 4 + 1); data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:293:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy (*terminal_exec + strlen (*terminal_exec), " -e "); data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:294:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy (*terminal_exec + strlen (*terminal_exec), quoted_cmd); data/caja-extensions-1.24.1/sendto/caja-sendto-command.c:40:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define SOEXT_LEN (strlen (SOEXT)) data/caja-extensions-1.24.1/sendto/caja-sendto-command.c:728:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = g_malloc0 (strlen (url) - i + 3 * i + 1); data/caja-extensions-1.24.1/sendto/plugins/gajim/gajim.c:425:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (send_to) != 0){ data/caja-extensions-1.24.1/share/caja-share.c:491:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (newname) == 0) data/caja-extensions-1.24.1/share/caja-share.c:916:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). share_name = uri + strlen (NETWORK_SHARE_PREFIX); data/caja-extensions-1.24.1/xattr-tags/caja-xattr-tags-extension.c:61:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (str); ANALYSIS SUMMARY: Hits = 34 Lines analyzed = 8710 in approximately 0.25 seconds (34516 lines/second) Physical Source Lines of Code (SLOC) = 6071 Hits@level = [0] 1 [1] 18 [2] 8 [3] 5 [4] 1 [5] 2 Hits@level+ = [0+] 35 [1+] 34 [2+] 16 [3+] 8 [4+] 3 [5+] 2 Hits/KSLOC@level+ = [0+] 5.76511 [1+] 5.6004 [2+] 2.63548 [3+] 1.31774 [4+] 0.494153 [5+] 0.329435 Dot directories skipped = 3 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.