Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gobby-0.6.0~20170204~e5c2d1/code/application.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/application.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/application-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/application-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/auth-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/auth-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/autosave-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/autosave-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/browser-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/browser-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/browser-context-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/browser-context-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/edit-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/edit-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-export-html.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-export-html.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-new.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-new.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-file.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-file.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-location.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-location.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-multiple.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-multiple.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-save-all.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-save-all.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-save.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-save.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/folder-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/folder-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/help-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/subscription-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/subscription-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/synchronization-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/synchronization-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/user-join-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/user-join-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/view-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/view-commands.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/help-commands.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/applicationactions.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/applicationactions.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/browser.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/browser.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/certificatemanager.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/certificatemanager.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/chatsessionview.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/chatsessionview.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/chattablabel.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/chattablabel.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/closableframe.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/closableframe.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/connectionmanager.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/connectionmanager.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/credentialsgenerator.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/credentialsgenerator.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/documentinfostorage.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/documentinfostorage.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/filechooser.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/filechooser.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/folder.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/foldermanager.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/foldermanager.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/gobject/gobby-undo-manager.c
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/gobject/gobby-undo-manager.h
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/huebutton.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/huebutton.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/knownhoststorage.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/knownhoststorage.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/nodewatch.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/nodewatch.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/noteplugin.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/preferences.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/selfhoster.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/selfhoster.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/server.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/server.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/sessionuserview.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/sessionuserview.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/sessionview.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/sessionview.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/statusbar.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/statusbar.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/tablabel.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/tablabel.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textsessionuserview.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textsessionuserview.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textsessionview.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/texttablabel.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/texttablabel.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textundogrouping.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textundogrouping.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/titlebar.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/titlebar.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/toolbar.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/toolbar.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/userjoin.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/userjoin.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/userlist.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/userlist.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/windowactions.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/windowactions.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/folder.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/menumanager.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/menumanager.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/noteplugin.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/preferences.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textsessionview.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/connection-dialog.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/connection-dialog.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/connection-info-dialog.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/connection-info-dialog.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/document-location-dialog.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/document-location-dialog.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/entry-dialog.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/entry-dialog.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/find-dialog.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/find-dialog.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/goto-dialog.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/goto-dialog.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/initial-dialog.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/initial-dialog.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/open-location-dialog.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/open-location-dialog.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/password-dialog.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/password-dialog.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/preferences-dialog.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/preferences-dialog.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/main.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-delete.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-delete.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-export-html.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-new.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-new.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open-multiple.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open-multiple.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-save.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-save.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-subscribe-path.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-subscribe-path.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operations.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operations.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-export-html.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/resources/ui/menu.ui.h
Examining data/gobby-0.6.0~20170204~e5c2d1/code/resources/ui/toolbar.ui.h
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/asyncoperation.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/asyncoperation.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/closebutton.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/closebutton.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/config.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/config.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/defaultaccumulator.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/file.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/file.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/historyentry.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/historyentry.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/i18n.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/i18n.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/serialize.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/serialize.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/uri.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/uri.hpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/window.cpp
Examining data/gobby-0.6.0~20170204~e5c2d1/code/window.hpp
FINAL RESULTS:
data/gobby-0.6.0~20170204~e5c2d1/code/core/selfhoster.cpp:280:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_server.open(m_preferences.user.port, &keepalive,
data/gobby-0.6.0~20170204~e5c2d1/code/core/server.cpp:44:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Gobby::Server::open(unsigned int port,
data/gobby-0.6.0~20170204~e5c2d1/code/core/server.hpp:35:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(unsigned int port,
data/gobby-0.6.0~20170204~e5c2d1/code/core/windowactions.cpp:22:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(map.add_action("open")),
data/gobby-0.6.0~20170204~e5c2d1/code/core/windowactions.hpp:33:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const Glib::RefPtr<Gio::SimpleAction> open;
data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-export-html.cpp:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[n];
data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open.cpp:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuffer[CONVERT_BUFFER_SIZE];
data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open.hpp:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SIZE];
data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-save.cpp:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newlinebuf[2] = { '\r', '\n' };
data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-save.hpp:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_buffer[BUFFER_SIZE];
data/gobby-0.6.0~20170204~e5c2d1/code/util/historyentry.cpp:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_buffer[BUFFER_SIZE];
data/gobby-0.6.0~20170204~e5c2d1/code/util/serialize.hpp:171:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char data_type[N];
data/gobby-0.6.0~20170204~e5c2d1/code/commands/auth-commands.cpp:231:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
password_len = strlen(password);
data/gobby-0.6.0~20170204~e5c2d1/code/commands/view-commands.cpp:58:36: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
g_assert(action->get_state_type().equal(
data/gobby-0.6.0~20170204~e5c2d1/code/core/preferences.hpp:493:27: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return current_variant.equal(default_variant);
ANALYSIS SUMMARY:
Hits = 15
Lines analyzed = 27755 in approximately 0.62 seconds (45124 lines/second)
Physical Source Lines of Code (SLOC) = 19779
Hits@level = [0] 0 [1] 3 [2] 12 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 15 [1+] 15 [2+] 12 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.75838 [1+] 0.75838 [2+] 0.606704 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.