Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/globus-net-manager-1.4/register.c
Examining data/globus-net-manager-1.4/module.c
Examining data/globus-net-manager-1.4/xio_driver/globus_xio_net_manager_driver.c
Examining data/globus-net-manager-1.4/xio_driver/globus_xio_net_manager_driver.h
Examining data/globus-net-manager-1.4/attr/array_delete.c
Examining data/globus-net-manager-1.4/attr/init.c
Examining data/globus-net-manager-1.4/attr/destroy.c
Examining data/globus-net-manager-1.4/attr/array_from_string.c
Examining data/globus-net-manager-1.4/attr/array_copy.c
Examining data/globus-net-manager-1.4/attr/globus_net_manager_attr.h
Examining data/globus-net-manager-1.4/unregister.c
Examining data/globus-net-manager-1.4/globus_net_manager.h
Examining data/globus-net-manager-1.4/logging/globus_net_manager_logging.c
Examining data/globus-net-manager-1.4/logging/globus_net_manager_logging.h
Examining data/globus-net-manager-1.4/python/globus_net_manager_python.h
Examining data/globus-net-manager-1.4/python/globus_net_manager_python.c
Examining data/globus-net-manager-1.4/test/xio_driver_cntl_test.c
Examining data/globus-net-manager-1.4/test/python_test.c
Examining data/globus-net-manager-1.4/test/activate_deactivate_test.c
Examining data/globus-net-manager-1.4/test/globus_net_manager_null.h
Examining data/globus-net-manager-1.4/test/xio_driver_test.c
Examining data/globus-net-manager-1.4/test/context_test.c
Examining data/globus-net-manager-1.4/test/attr_test.c
Examining data/globus-net-manager-1.4/test/globus_net_manager_null.c
Examining data/globus-net-manager-1.4/test/globus_test_tap.h
Examining data/globus-net-manager-1.4/context/post_connect.c
Examining data/globus-net-manager-1.4/context/post_accept.c
Examining data/globus-net-manager-1.4/context/post_listen.c
Examining data/globus-net-manager-1.4/context/init.c
Examining data/globus-net-manager-1.4/context/globus_net_manager_context.h
Examining data/globus-net-manager-1.4/context/destroy.c
Examining data/globus-net-manager-1.4/context/pre_connect.c
Examining data/globus-net-manager-1.4/context/pre_accept.c
Examining data/globus-net-manager-1.4/context/post_close.c
Examining data/globus-net-manager-1.4/context/pre_close.c
Examining data/globus-net-manager-1.4/context/end_listen.c
Examining data/globus-net-manager-1.4/context/pre_listen.c
FINAL RESULTS:
data/globus-net-manager-1.4/test/globus_test_tap.h:18:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/globus-net-manager-1.4/xio_driver/globus_xio_net_manager_driver.c:396:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
out_len += sprintf(output + out_len, "task-id=%s;", attr->task_id);
data/globus-net-manager-1.4/xio_driver/globus_xio_net_manager_driver.c:402:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
out_len += sprintf(output + out_len, "%s=%s;",
data/globus-net-manager-1.4/xio_driver/globus_xio_net_manager_driver.c:602:27: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
offset += sprintf(p+offset, "%s=%s;",
data/globus-net-manager-1.4/logging/globus_net_manager_logging.c:100:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(attrs[i].value, "a");
data/globus-net-manager-1.4/python/globus_net_manager_python.c:747:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char **[1]) {local_contact_out},
data/globus-net-manager-1.4/test/xio_driver_test.c:22:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
globus_bool_t open;
data/globus-net-manager-1.4/test/xio_driver_test.c:89:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
while ((!passive.open) && (passive.result == GLOBUS_SUCCESS))
data/globus-net-manager-1.4/attr/array_from_string.c:85:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(attr_string) > 0)
data/globus-net-manager-1.4/xio_driver/globus_xio_net_manager_driver.c:585:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(attrs[i].name) + strlen(attrs[i].value) + 2;
data/globus-net-manager-1.4/xio_driver/globus_xio_net_manager_driver.c:585:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(attrs[i].name) + strlen(attrs[i].value) + 2;
ANALYSIS SUMMARY:
Hits = 11
Lines analyzed = 10185 in approximately 0.23 seconds (43607 lines/second)
Physical Source Lines of Code (SLOC) = 7314
Hits@level = [0] 25 [1] 3 [2] 4 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 36 [1+] 11 [2+] 8 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 4.92207 [1+] 1.50396 [2+] 1.09379 [3+] 0.546896 [4+] 0.546896 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.