Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/globus-rsl-11.1/globus_i_rsl_parser.h
Examining data/globus-rsl-11.1/globus_rsl_parser.h
Examining data/globus-rsl-11.1/globus_rsl_assist.c
Examining data/globus-rsl-11.1/globus_rsl.h
Examining data/globus-rsl-11.1/test/parse-rsl-bad.c
Examining data/globus-rsl-11.1/test/parse-rsl.c
Examining data/globus-rsl-11.1/globus_rsl_parser.c
Examining data/globus-rsl-11.1/globus_rsl_scanner.c
Examining data/globus-rsl-11.1/globus_rsl_assist.h
Examining data/globus-rsl-11.1/globus_rsl.c
Examining data/globus-rsl-11.1/globus_rsl_scanner.h
Examining data/globus-rsl-11.1/dummy.c
FINAL RESULTS:
data/globus-rsl-11.1/globus_rsl.c:875:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_string,
data/globus-rsl-11.1/globus_rsl.c:939:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_string, literal_ptr);
data/globus-rsl-11.1/globus_rsl.c:2051:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*string_value, left);
data/globus-rsl-11.1/globus_rsl.c:2052:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(*string_value, right);
data/globus-rsl-11.1/globus_rsl_parser.c:718:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/globus-rsl-11.1/globus_rsl_parser.c:1863:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parse_state->error_structure->message,"%s: %s",
data/globus-rsl-11.1/globus_rsl.h:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[GLOBUS_SPECIFICATION_PARSE_ERROR_MESSAGE_LENGTH];
data/globus-rsl-11.1/globus_rsl_parser.c:1029:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/globus-rsl-11.1/globus_rsl_parser.c:1046:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/globus-rsl-11.1/globus_rsl_parser.c:1223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/globus-rsl-11.1/globus_rsl_parser.c:1934:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, parse_state->myinputptr, n);
data/globus-rsl-11.1/globus_rsl.c:874:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(globus_rsl_relation_get_attribute(ast_node)) + 1);
data/globus-rsl-11.1/globus_rsl.c:938:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(literal_ptr) + 1);
data/globus-rsl-11.1/globus_rsl.c:2049:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(left) +
data/globus-rsl-11.1/globus_rsl.c:2050:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(right) + 1);
data/globus-rsl-11.1/globus_rsl_parser.c:910:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/globus-rsl-11.1/globus_rsl_parser.c:1903:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parse_state.myinputlim = buf + strlen(buf);
data/globus-rsl-11.1/globus_rsl_scanner.c:762:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/globus-rsl-11.1/globus_rsl_scanner.c:2065:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return globus_rsl_scan_bytes(yystr,strlen(yystr) ,yyscanner);
ANALYSIS SUMMARY:
Hits = 19
Lines analyzed = 8682 in approximately 0.20 seconds (43282 lines/second)
Physical Source Lines of Code (SLOC) = 4948
Hits@level = [0] 25 [1] 8 [2] 5 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 44 [1+] 19 [2+] 11 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 8.89248 [1+] 3.83994 [2+] 2.22312 [3+] 1.21261 [4+] 1.21261 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.