Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/complexity-1.10+dfsg/tests/sample.c
Examining data/complexity-1.10+dfsg/src/complexity.h
Examining data/complexity-1.10+dfsg/src/tokenize.c
Examining data/complexity-1.10+dfsg/src/score.c
Examining data/complexity-1.10+dfsg/src/complexity.c
Examining data/complexity-1.10+dfsg/src/char-types.h
Examining data/complexity-1.10+dfsg/build-aux/snippet/warn-on-use.h
Examining data/complexity-1.10+dfsg/build-aux/snippet/c++defs.h
Examining data/complexity-1.10+dfsg/build-aux/snippet/_Noreturn.h
Examining data/complexity-1.10+dfsg/build-aux/snippet/arg-nonnull.h
FINAL RESULTS:
data/complexity-1.10+dfsg/src/complexity.c:189:21: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
width = snprintf(fmt, sizeof(fmt), fmtfmt, width);
data/complexity-1.10+dfsg/src/complexity.c:190:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt, min_score, hi_score, ct, stars);
data/complexity-1.10+dfsg/src/complexity.c:192:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(deffmt, min_score, hi_score, ct);
data/complexity-1.10+dfsg/src/complexity.c:240:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(summary_fmt SUMMARY_TABLE);
data/complexity-1.10+dfsg/src/complexity.c:272:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(line_fmt, val, scores[ix]->st_line_ct,
data/complexity-1.10+dfsg/src/complexity.c:282:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(lnct_fmt, ttl_line_ct);
data/complexity-1.10+dfsg/src/complexity.c:339:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
res = popen(bf, "r");
data/complexity-1.10+dfsg/src/score.c:107:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, msgfmt, sc->st_line_ct, sc->pname, sc->st_fstate->fs_fname,
data/complexity-1.10+dfsg/src/score.c:158:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(trace_fp, line_score,
data/complexity-1.10+dfsg/src/score.c:285:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(trace_fp, line_score,
data/complexity-1.10+dfsg/src/score.c:425:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(trace_fp, line_score,
data/complexity-1.10+dfsg/src/complexity.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char high_buf[1024];
data/complexity-1.10+dfsg/src/complexity.c:188:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[64];
data/complexity-1.10+dfsg/src/complexity.c:316:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, unifcmd, cmdlen);
data/complexity-1.10+dfsg/src/complexity.c:323:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, len);
data/complexity-1.10+dfsg/src/complexity.c:431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/complexity-1.10+dfsg/src/complexity.c:557:64: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
.fs_fp = HAVE_OPT(UNIFDEF) ? popen_unifdef(fname) : fopen(fname, "r"),
data/complexity-1.10+dfsg/src/complexity.h:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[256];
data/complexity-1.10+dfsg/src/complexity.h:152:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(st->pname, fs->tkn_text, fs->tkn_len);
data/complexity-1.10+dfsg/src/score.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char invbuf[32];
data/complexity-1.10+dfsg/src/score.c:103:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(invbuf, "%d is not a valid token", ev);
data/complexity-1.10+dfsg/src/complexity.c:304:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = cmdlen = strlen(unifcmd) + 1;
data/complexity-1.10+dfsg/src/complexity.c:307:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += 1 + strlen(ov[i]);
data/complexity-1.10+dfsg/src/complexity.c:322:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/complexity-1.10+dfsg/src/complexity.c:331:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t bfsz = cmdlen + strlen(fname);
data/complexity-1.10+dfsg/src/complexity.c:567:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int proc_ct = strlen(fname) + 1;
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 2935 in approximately 0.10 seconds (30182 lines/second)
Physical Source Lines of Code (SLOC) = 2063
Hits@level = [0] 12 [1] 5 [2] 10 [3] 0 [4] 11 [5] 0
Hits@level+ = [0+] 38 [1+] 26 [2+] 21 [3+] 11 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 18.4198 [1+] 12.603 [2+] 10.1794 [3+] 5.33204 [4+] 5.33204 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.