Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gpg-remailer-3.04.05/cleartextmail/mailcommand.cc
Examining data/gpg-remailer-3.04.05/cleartextmail/label.cc
Examining data/gpg-remailer-3.04.05/cleartextmail/cleartextmail1.cc
Examining data/gpg-remailer-3.04.05/cleartextmail/processheaders.cc
Examining data/gpg-remailer-3.04.05/cleartextmail/writemailcontents.cc
Examining data/gpg-remailer-3.04.05/cleartextmail/cleartextmail.h
Examining data/gpg-remailer-3.04.05/enums/enums.h
Examining data/gpg-remailer-3.04.05/gpg/run.cc
Examining data/gpg-remailer-3.04.05/gpg/encrypt.cc
Examining data/gpg-remailer-3.04.05/gpg/gpg.h
Examining data/gpg-remailer-3.04.05/gpg/gpg1.cc
Examining data/gpg-remailer-3.04.05/gpg/collector.cc
Examining data/gpg-remailer-3.04.05/gpg/decrypt.cc
Examining data/gpg-remailer-3.04.05/gpg/verify.cc
Examining data/gpg-remailer-3.04.05/gpgmail/mailcommand.cc
Examining data/gpg-remailer-3.04.05/gpgmail/label.cc
Examining data/gpg-remailer-3.04.05/gpgmail/processheaders.cc
Examining data/gpg-remailer-3.04.05/gpgmail/writemailcontents.cc
Examining data/gpg-remailer-3.04.05/gpgmail/gpgmail1.cc
Examining data/gpg-remailer-3.04.05/gpgmail/makeboundary.cc
Examining data/gpg-remailer-3.04.05/gpgmail/gpgmail.h
Examining data/gpg-remailer-3.04.05/headers/headers.h
Examining data/gpg-remailer-3.04.05/headers/mailheader.cc
Examining data/gpg-remailer-3.04.05/headers/headers1.cc
Examining data/gpg-remailer-3.04.05/headers/fillxheaders.cc
Examining data/gpg-remailer-3.04.05/headers/getheader.cc
Examining data/gpg-remailer-3.04.05/logexception/logexception.h
Examining data/gpg-remailer-3.04.05/logexception/msg.cc
Examining data/gpg-remailer-3.04.05/mail/writecontents.cc
Examining data/gpg-remailer-3.04.05/mail/mail1.cc
Examining data/gpg-remailer-3.04.05/mail/writeheaders.cc
Examining data/gpg-remailer-3.04.05/mail/pgpmessage.cc
Examining data/gpg-remailer-3.04.05/mail/filter.cc
Examining data/gpg-remailer-3.04.05/mail/mail.h
Examining data/gpg-remailer-3.04.05/mail/hexchar.cc
Examining data/gpg-remailer-3.04.05/mail/operatorfun.cc
Examining data/gpg-remailer-3.04.05/mail/inspect.cc
Examining data/gpg-remailer-3.04.05/mailer/mailer.h
Examining data/gpg-remailer-3.04.05/mailerbase/contentheader.cc
Examining data/gpg-remailer-3.04.05/mailerbase/sendmail.cc
Examining data/gpg-remailer-3.04.05/mailerbase/setrecipients.cc
Examining data/gpg-remailer-3.04.05/mailerbase/mailerbase1.cc
Examining data/gpg-remailer-3.04.05/mailerbase/mailerbase.h
Examining data/gpg-remailer-3.04.05/mailerbase/headers.cc
Examining data/gpg-remailer-3.04.05/mailerbase/cleanupheader.cc
Examining data/gpg-remailer-3.04.05/main.cc
Examining data/gpg-remailer-3.04.05/preamble.cc
Examining data/gpg-remailer-3.04.05/remailer/setreplyto.cc
Examining data/gpg-remailer-3.04.05/remailer/collect.cc
Examining data/gpg-remailer-3.04.05/remailer/setdebug.cc
Examining data/gpg-remailer-3.04.05/remailer/multipart.cc
Examining data/gpg-remailer-3.04.05/remailer/data.cc
Examining data/gpg-remailer-3.04.05/remailer/copytoboundary2.cc
Examining data/gpg-remailer-3.04.05/remailer/remailer.h
Examining data/gpg-remailer-3.04.05/remailer/simple.cc
Examining data/gpg-remailer-3.04.05/remailer/configfield.cc
Examining data/gpg-remailer-3.04.05/remailer/checkrelax.cc
Examining data/gpg-remailer-3.04.05/remailer/encryptiontype.cc
Examining data/gpg-remailer-3.04.05/remailer/setfilenames.cc
Examining data/gpg-remailer-3.04.05/remailer/writereencrypted.cc
Examining data/gpg-remailer-3.04.05/remailer/multifield.cc
Examining data/gpg-remailer-3.04.05/remailer/checkmembers.cc
Examining data/gpg-remailer-3.04.05/remailer/mailcontents.cc
Examining data/gpg-remailer-3.04.05/remailer/setcleartext.cc
Examining data/gpg-remailer-3.04.05/remailer/remailer1.cc
Examining data/gpg-remailer-3.04.05/remailer/setlog.cc
Examining data/gpg-remailer-3.04.05/remailer/multipartsigned.cc
Examining data/gpg-remailer-3.04.05/remailer/reencrypt.cc
Examining data/gpg-remailer-3.04.05/remailer/copysignature.cc
Examining data/gpg-remailer-3.04.05/remailer/signaturefilter.cc
Examining data/gpg-remailer-3.04.05/remailer/mail.cc
Examining data/gpg-remailer-3.04.05/remailer/hasboundary.cc
Examining data/gpg-remailer-3.04.05/remailer/filetoreencrypt.cc
Examining data/gpg-remailer-3.04.05/remailer/destructor.cc
Examining data/gpg-remailer-3.04.05/remailer/findboundary.cc
Examining data/gpg-remailer-3.04.05/remailer/setsigrequired.cc
Examining data/gpg-remailer-3.04.05/remailer/copytoboundary.cc
Examining data/gpg-remailer-3.04.05/remailer/setkeepfiles.cc
Examining data/gpg-remailer-3.04.05/remailer/decrypt.cc
Examining data/gpg-remailer-3.04.05/remailer/step.cc
Examining data/gpg-remailer-3.04.05/remailer/setsuffixnr.cc
Examining data/gpg-remailer-3.04.05/remailer/envelopeok.cc
Examining data/gpg-remailer-3.04.05/remailer/preparations.cc
Examining data/gpg-remailer-3.04.05/remailer/setumask.cc
Examining data/gpg-remailer-3.04.05/remailer/strtounsigned.cc
Examining data/gpg-remailer-3.04.05/usage.cc
Examining data/gpg-remailer-3.04.05/version.cc
Examining data/gpg-remailer-3.04.05/VERSION.h
FINAL RESULTS:
data/gpg-remailer-3.04.05/remailer/setlog.cc:17:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(name.c_str(), S_IRUSR | S_IWUSR);
data/gpg-remailer-3.04.05/remailer/setsuffixnr.cc:7:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random)
data/gpg-remailer-3.04.05/remailer/setsuffixnr.cc:23:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(random ? "random" : "via --nr") << ")\n";
data/gpg-remailer-3.04.05/cleartextmail/writemailcontents.cc:6:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Exception::open(in, mailData);
data/gpg-remailer-3.04.05/cleartextmail/writemailcontents.cc:9:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Exception::open(out, d_mailName);
data/gpg-remailer-3.04.05/gpg/collector.cc:7:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Exception::open(outStream, out);
data/gpg-remailer-3.04.05/gpg/run.cc:20:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Exception::open(inStream, in);
data/gpg-remailer-3.04.05/gpgmail/writemailcontents.cc:6:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Exception::open(in, mailData);
data/gpg-remailer-3.04.05/gpgmail/writemailcontents.cc:9:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Exception::open(out, d_mailName);
data/gpg-remailer-3.04.05/mail/hexchar.cc:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/gpg-remailer-3.04.05/mail/writecontents.cc:8:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LogException::open(out, contentsName);
data/gpg-remailer-3.04.05/mail/writeheaders.cc:6:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LogException::open(out, hdrsName);
data/gpg-remailer-3.04.05/remailer/copysignature.cc:13:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LogException::open(sig, d_signatureName);
data/gpg-remailer-3.04.05/remailer/copytoboundary2.cc:8:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LogException::open(out, destName);
data/gpg-remailer-3.04.05/remailer/filetoreencrypt.cc:12:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LogException::open(io.decrypted, d_decryptedName); // decrypted.1
data/gpg-remailer-3.04.05/remailer/filetoreencrypt.cc:13:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LogException::open(io.toReencrypt, d_reencryptName); // reencrypt.1
data/gpg-remailer-3.04.05/remailer/multipartsigned.cc:62:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LogException::open(data, d_multipartSignedDataName);
data/gpg-remailer-3.04.05/remailer/setlog.cc:16:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d_log.open(name);
data/gpg-remailer-3.04.05/remailer/setumask.cc:14:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(umaskValue);
ANALYSIS SUMMARY:
Hits = 19
Lines analyzed = 2173 in approximately 0.10 seconds (21388 lines/second)
Physical Source Lines of Code (SLOC) = 1494
Hits@level = [0] 0 [1] 1 [2] 15 [3] 2 [4] 0 [5] 1
Hits@level+ = [0+] 19 [1+] 19 [2+] 18 [3+] 3 [4+] 1 [5+] 1
Hits/KSLOC@level+ = [0+] 12.7175 [1+] 12.7175 [2+] 12.0482 [3+] 2.00803 [4+] 0.669344 [5+] 0.669344
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.