Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gpaste-3.38.3/src/client/gpaste-client.c
Examining data/gpaste-3.38.3/src/daemon/gpaste-daemon.c
Examining data/gpaste-3.38.3/src/libgpaste/client/gpaste-client-item.c
Examining data/gpaste-3.38.3/src/libgpaste/client/gpaste-client-item.h
Examining data/gpaste-3.38.3/src/libgpaste/client/gpaste-client.c
Examining data/gpaste-3.38.3/src/libgpaste/client/gpaste-client.h
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-clipboard.c
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-clipboard.h
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-clipboards-manager.c
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-clipboards-manager.h
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-history.c
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-history.h
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-image-item.c
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-image-item.h
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-item-enums.c
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-item-enums.h
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-item.c
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-item.h
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-password-item.c
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-password-item.h
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-special-atom.c
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-special-atom.h
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-text-item.c
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-text-item.h
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-update-enums.c
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-update-enums.h
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-uris-item.c
Examining data/gpaste-3.38.3/src/libgpaste/core/gpaste-uris-item.h
Examining data/gpaste-3.38.3/src/libgpaste/daemon/gpaste-bus-object.c
Examining data/gpaste-3.38.3/src/libgpaste/daemon/gpaste-bus-object.h
Examining data/gpaste-3.38.3/src/libgpaste/daemon/gpaste-bus.c
Examining data/gpaste-3.38.3/src/libgpaste/daemon/gpaste-bus.h
Examining data/gpaste-3.38.3/src/libgpaste/daemon/gpaste-daemon.c
Examining data/gpaste-3.38.3/src/libgpaste/daemon/gpaste-daemon.h
Examining data/gpaste-3.38.3/src/libgpaste/daemon/gpaste-search-provider.c
Examining data/gpaste-3.38.3/src/libgpaste/daemon/gpaste-search-provider.h
Examining data/gpaste-3.38.3/src/libgpaste/gnome-shell-client/gpaste-gnome-shell-client.c
Examining data/gpaste-3.38.3/src/libgpaste/gnome-shell-client/gpaste-gnome-shell-client.h
Examining data/gpaste-3.38.3/src/libgpaste/gpaste-gdbus-defines.h
Examining data/gpaste-3.38.3/src/libgpaste/gpaste-gdbus-macros.h
Examining data/gpaste-3.38.3/src/libgpaste/gpaste-gsettings-keys.h
Examining data/gpaste-3.38.3/src/libgpaste/gpaste-gtk-compat.h
Examining data/gpaste-3.38.3/src/libgpaste/gpaste-macros.h
Examining data/gpaste-3.38.3/src/libgpaste/gpaste.h
Examining data/gpaste-3.38.3/src/libgpaste/io/gpaste-file-backend.c
Examining data/gpaste-3.38.3/src/libgpaste/io/gpaste-file-backend.h
Examining data/gpaste-3.38.3/src/libgpaste/io/gpaste-storage-backend.c
Examining data/gpaste-3.38.3/src/libgpaste/io/gpaste-storage-backend.h
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-keybinder.c
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-keybinder.h
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-keybinding.c
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-keybinding.h
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-make-password-keybinding.c
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-make-password-keybinding.h
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-pop-keybinding.c
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-pop-keybinding.h
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-show-history-keybinding.c
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-show-history-keybinding.h
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-sync-clipboard-to-primary-keybinding.c
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-sync-clipboard-to-primary-keybinding.h
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-sync-primary-to-clipboard-keybinding.c
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-sync-primary-to-clipboard-keybinding.h
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-ui-keybinding.c
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-ui-keybinding.h
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-upload-keybinding.c
Examining data/gpaste-3.38.3/src/libgpaste/keybinder/gpaste-upload-keybinding.h
Examining data/gpaste-3.38.3/src/libgpaste/screensaver-client/gpaste-screensaver-client.c
Examining data/gpaste-3.38.3/src/libgpaste/screensaver-client/gpaste-screensaver-client.h
Examining data/gpaste-3.38.3/src/libgpaste/settings-ui/gpaste-settings-ui-panel.c
Examining data/gpaste-3.38.3/src/libgpaste/settings-ui/gpaste-settings-ui-panel.h
Examining data/gpaste-3.38.3/src/libgpaste/settings-ui/gpaste-settings-ui-stack.c
Examining data/gpaste-3.38.3/src/libgpaste/settings-ui/gpaste-settings-ui-stack.h
Examining data/gpaste-3.38.3/src/libgpaste/settings-ui/gpaste-settings-ui-widget.c
Examining data/gpaste-3.38.3/src/libgpaste/settings-ui/gpaste-settings-ui-widget.h
Examining data/gpaste-3.38.3/src/libgpaste/settings/gpaste-settings.c
Examining data/gpaste-3.38.3/src/libgpaste/settings/gpaste-settings.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-about.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-about.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-backup-history.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-backup-history.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-delete-history.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-delete-history.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-delete-item.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-delete-item.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-edit-item.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-edit-item.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-empty-history.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-empty-history.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-empty-item.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-empty-item.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-header.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-header.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-history-action.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-history-action.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-history-actions.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-history-actions.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-history.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-history.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-item-action.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-item-action.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-item-skeleton.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-item-skeleton.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-item.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-item.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-new-item.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-new-item.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-panel-history.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-panel-history.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-panel.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-panel.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-reexec.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-reexec.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-search-bar.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-search-bar.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-search.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-search.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-settings.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-settings.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-shortcuts-window.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-shortcuts-window.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-switch.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-switch.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-upload-item.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-upload-item.h
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-window.c
Examining data/gpaste-3.38.3/src/libgpaste/ui/gpaste-ui-window.h
Examining data/gpaste-3.38.3/src/libgpaste/util/gpaste-util.c
Examining data/gpaste-3.38.3/src/libgpaste/util/gpaste-util.h
Examining data/gpaste-3.38.3/src/ui/gpaste-ui.c
Examining data/gpaste-3.38.3/tests/gnome-shell-client/test-gnome-shell-client.c
FINAL RESULTS:
data/gpaste-3.38.3/src/daemon/gpaste-daemon.c:24:5: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl (PKGLIBEXECDIR "/gpaste-daemon", "gpaste-daemon", NULL);
data/gpaste-3.38.3/src/client/gpaste-client.c:49:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(*argc, *argv, "d:hores:vz", long_options, NULL)) != -1)
data/gpaste-3.38.3/src/libgpaste/core/gpaste-uris-item.c:100:82: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
g_autofree gchar *display_string_with_newlines = g_paste_util_replace (uris, g_get_home_dir (), "~");
data/gpaste-3.38.3/src/client/gpaste-client.c:102:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc (stdin)) != EOF)
data/gpaste-3.38.3/src/libgpaste/core/gpaste-clipboard.c:225:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint64 length = strlen (to_add);
data/gpaste-3.38.3/src/libgpaste/core/gpaste-clipboard.c:229:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strlen (stripped))
data/gpaste-3.38.3/src/libgpaste/core/gpaste-clipboard.c:360:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (str);
data/gpaste-3.38.3/src/libgpaste/core/gpaste-history.c:1175:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[strlen (name) - 4] = '\0';
data/gpaste-3.38.3/src/libgpaste/core/gpaste-image-item.c:124:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->additional_size += strlen (priv->checksum) + 1 + gdk_pixbuf_get_byte_length (image);
data/gpaste-3.38.3/src/libgpaste/core/gpaste-item.c:273:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->size -= (strlen (priv->display_string) + 1);
data/gpaste-3.38.3/src/libgpaste/core/gpaste-item.c:280:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->size += strlen (display_string) + 1;
data/gpaste-3.38.3/src/libgpaste/core/gpaste-item.c:306:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->size += strlen (gsv->data);
data/gpaste-3.38.3/src/libgpaste/core/gpaste-item.c:427:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->size = strlen (priv->value) + 1;
data/gpaste-3.38.3/src/libgpaste/core/gpaste-password-item.c:62:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_paste_item_add_size (item, strlen (name) - ((priv->name) ? strlen(priv->name) : 0));
data/gpaste-3.38.3/src/libgpaste/core/gpaste-password-item.c:62:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_paste_item_add_size (item, strlen (name) - ((priv->name) ? strlen(priv->name) : 0));
data/gpaste-3.38.3/src/libgpaste/core/gpaste-uris-item.c:117:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_paste_item_add_size (self, strlen (_uris[i]) + 1);
data/gpaste-3.38.3/src/libgpaste/daemon/gpaste-daemon.c:245:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stripped) != 0)
data/gpaste-3.38.3/src/libgpaste/daemon/gpaste-daemon.c:800:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_paste_daemon_private_do_add (priv, url, strlen (url), &err);
data/gpaste-3.38.3/src/libgpaste/daemon/gpaste-search-provider.c:75:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (search) < 3 || !priv->client)
data/gpaste-3.38.3/src/libgpaste/io/gpaste-file-backend.c:36:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!g_output_stream_write_all (stream, mime, strlen (mime), NULL, NULL /* cancellable */, NULL /* error */) ||
data/gpaste-3.38.3/src/libgpaste/io/gpaste-file-backend.c:38:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!g_output_stream_write_all (stream, text, strlen (text), NULL, NULL /* cancellable */, NULL /* error */) ||
data/gpaste-3.38.3/src/libgpaste/io/gpaste-file-backend.c:89:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!g_output_stream_write_all (stream, kind, strlen (kind), NULL, NULL /* cancellable */, NULL /* error */) ||
data/gpaste-3.38.3/src/libgpaste/io/gpaste-file-backend.c:91:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!g_output_stream_write_all (stream, uuid, strlen (uuid), NULL, NULL /* cancellable */, NULL /* error */) ||
data/gpaste-3.38.3/src/libgpaste/io/gpaste-file-backend.c:94:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!g_output_stream_write_all (stream, text, strlen (text), NULL, NULL /* cancellable */, NULL /* error */) ||
ANALYSIS SUMMARY:
Hits = 24
Lines analyzed = 21551 in approximately 0.54 seconds (40207 lines/second)
Physical Source Lines of Code (SLOC) = 13723
Hits@level = [0] 58 [1] 21 [2] 0 [3] 2 [4] 1 [5] 0
Hits@level+ = [0+] 82 [1+] 24 [2+] 3 [3+] 3 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 5.97537 [1+] 1.74889 [2+] 0.218611 [3+] 0.218611 [4+] 0.0728704 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.