Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/caja-extensions-1.24.1/gksu/libcaja-gksu.c
Examining data/caja-extensions-1.24.1/image-converter/caja-image-converter.c
Examining data/caja-extensions-1.24.1/image-converter/caja-image-converter.h
Examining data/caja-extensions-1.24.1/image-converter/caja-image-resizer.c
Examining data/caja-extensions-1.24.1/image-converter/caja-image-resizer.h
Examining data/caja-extensions-1.24.1/image-converter/caja-image-rotator.c
Examining data/caja-extensions-1.24.1/image-converter/caja-image-rotator.h
Examining data/caja-extensions-1.24.1/image-converter/image-converter.c
Examining data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c
Examining data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.h
Examining data/caja-extensions-1.24.1/open-terminal/open-terminal.c
Examining data/caja-extensions-1.24.1/sendto/caja-nste.c
Examining data/caja-extensions-1.24.1/sendto/caja-nste.h
Examining data/caja-extensions-1.24.1/sendto/caja-sendto-command.c
Examining data/caja-extensions-1.24.1/sendto/caja-sendto-module.c
Examining data/caja-extensions-1.24.1/sendto/caja-sendto-plugin.h
Examining data/caja-extensions-1.24.1/sendto/plugins/caja-burn/caja-burn.c
Examining data/caja-extensions-1.24.1/sendto/plugins/emailclient/emailclient.c
Examining data/caja-extensions-1.24.1/sendto/plugins/gajim/gajim.c
Examining data/caja-extensions-1.24.1/sendto/plugins/nst-common.c
Examining data/caja-extensions-1.24.1/sendto/plugins/nst-common.h
Examining data/caja-extensions-1.24.1/sendto/plugins/pidgin/pidgin.c
Examining data/caja-extensions-1.24.1/sendto/plugins/removable-devices/removable-devices.c
Examining data/caja-extensions-1.24.1/sendto/plugins/upnp/upnp.c
Examining data/caja-extensions-1.24.1/share/caja-share.c
Examining data/caja-extensions-1.24.1/share/caja-share.h
Examining data/caja-extensions-1.24.1/share/shares.c
Examining data/caja-extensions-1.24.1/share/shares.h
Examining data/caja-extensions-1.24.1/wallpaper/caja-wallpaper-command.c
Examining data/caja-extensions-1.24.1/wallpaper/caja-wallpaper-extension.c
Examining data/caja-extensions-1.24.1/wallpaper/caja-wallpaper-extension.h
Examining data/caja-extensions-1.24.1/xattr-tags/caja-xattr-tags-extension.c
Examining data/caja-extensions-1.24.1/xattr-tags/caja-xattr-tags-extension.h
FINAL RESULTS:
data/caja-extensions-1.24.1/share/caja-share.c:239:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod (path, new_mode);
data/caja-extensions-1.24.1/share/caja-share.c:346:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod (path, new_mode) != 0)
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:294:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (*terminal_exec + strlen (*terminal_exec), quoted_cmd);
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:331:35: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
working_directory = g_strdup (g_get_home_dir ());
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:338:35: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
working_directory = g_strdup (g_get_home_dir ());
data/caja-extensions-1.24.1/sendto/caja-sendto-command.c:195:8: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_tmp_dir(), g_get_user_name());
data/caja-extensions-1.24.1/sendto/caja-sendto-command.c:198:6: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_get_tmp_dir(), g_get_user_name(),
data/caja-extensions-1.24.1/share/caja-share.c:178:28: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
return g_build_filename (g_get_home_dir (), ".mate2", "mate-file-manager-share-modified-permissions", NULL);
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:239:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*port = s == NULL ? 0 : atoi(s); /* FIXME: getservbyname ? */
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:293:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (*terminal_exec + strlen (*terminal_exec), " -e ");
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:376:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
orig_cwd = open (".", O_RDONLY);
data/caja-extensions-1.24.1/share/caja-share.c:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[50];
data/caja-extensions-1.24.1/share/caja-share.c:287:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/caja-extensions-1.24.1/share/shares.c:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[1];
data/caja-extensions-1.24.1/share/shares.c:598:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[7];
data/caja-extensions-1.24.1/share/shares.c:659:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/caja-extensions-1.24.1/image-converter/caja-image-resizer.c:170:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
basename[strlen (basename) - strlen (extension)] = '\0';
data/caja-extensions-1.24.1/image-converter/caja-image-resizer.c:170:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
basename[strlen (basename) - strlen (extension)] = '\0';
data/caja-extensions-1.24.1/image-converter/caja-image-resizer.c:307:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (priv->name_entry)) == 0) {
data/caja-extensions-1.24.1/image-converter/caja-image-rotator.c:167:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
basename[strlen (basename) - strlen (extension)] = '\0';
data/caja-extensions-1.24.1/image-converter/caja-image-rotator.c:167:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
basename[strlen (basename) - strlen (extension)] = '\0';
data/caja-extensions-1.24.1/image-converter/caja-image-rotator.c:306:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (gtk_entry_get_text (priv->name_entry)) == 0) {
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:178:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (result == NULL || strlen (result) == 0) {
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:235:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h_end = h + strlen(h);
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:292:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*terminal_exec = g_realloc (*terminal_exec, strlen (*terminal_exec) + strlen (quoted_cmd) + 4 + 1);
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:292:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*terminal_exec = g_realloc (*terminal_exec, strlen (*terminal_exec) + strlen (quoted_cmd) + 4 + 1);
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:293:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy (*terminal_exec + strlen (*terminal_exec), " -e ");
data/caja-extensions-1.24.1/open-terminal/caja-open-terminal.c:294:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy (*terminal_exec + strlen (*terminal_exec), quoted_cmd);
data/caja-extensions-1.24.1/sendto/caja-sendto-command.c:40:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SOEXT_LEN (strlen (SOEXT))
data/caja-extensions-1.24.1/sendto/caja-sendto-command.c:728:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = g_malloc0 (strlen (url) - i + 3 * i + 1);
data/caja-extensions-1.24.1/sendto/plugins/gajim/gajim.c:425:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (send_to) != 0){
data/caja-extensions-1.24.1/share/caja-share.c:491:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (newname) == 0)
data/caja-extensions-1.24.1/share/caja-share.c:916:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
share_name = uri + strlen (NETWORK_SHARE_PREFIX);
data/caja-extensions-1.24.1/xattr-tags/caja-xattr-tags-extension.c:61:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (str);
ANALYSIS SUMMARY:
Hits = 34
Lines analyzed = 8710 in approximately 0.25 seconds (34516 lines/second)
Physical Source Lines of Code (SLOC) = 6071
Hits@level = [0] 1 [1] 18 [2] 8 [3] 5 [4] 1 [5] 2
Hits@level+ = [0+] 35 [1+] 34 [2+] 16 [3+] 8 [4+] 3 [5+] 2
Hits/KSLOC@level+ = [0+] 5.76511 [1+] 5.6004 [2+] 2.63548 [3+] 1.31774 [4+] 0.494153 [5+] 0.329435
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.