Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/html5-parser-0.4.9/gumbo/attribute.c
Examining data/html5-parser-0.4.9/gumbo/attribute.h
Examining data/html5-parser-0.4.9/gumbo/char_ref.c
Examining data/html5-parser-0.4.9/gumbo/char_ref.h
Examining data/html5-parser-0.4.9/gumbo/error.c
Examining data/html5-parser-0.4.9/gumbo/error.h
Examining data/html5-parser-0.4.9/gumbo/gumbo.h
Examining data/html5-parser-0.4.9/gumbo/gumbo_edit.c
Examining data/html5-parser-0.4.9/gumbo/gumbo_edit.h
Examining data/html5-parser-0.4.9/gumbo/insertion_mode.h
Examining data/html5-parser-0.4.9/gumbo/parser.c
Examining data/html5-parser-0.4.9/gumbo/parser.h
Examining data/html5-parser-0.4.9/gumbo/replacement.h
Examining data/html5-parser-0.4.9/gumbo/string_buffer.c
Examining data/html5-parser-0.4.9/gumbo/string_buffer.h
Examining data/html5-parser-0.4.9/gumbo/string_piece.c
Examining data/html5-parser-0.4.9/gumbo/string_piece.h
Examining data/html5-parser-0.4.9/gumbo/svg_attrs.c
Examining data/html5-parser-0.4.9/gumbo/svg_tags.c
Examining data/html5-parser-0.4.9/gumbo/tag.c
Examining data/html5-parser-0.4.9/gumbo/tag_enum.h
Examining data/html5-parser-0.4.9/gumbo/tag_perf.h
Examining data/html5-parser-0.4.9/gumbo/tag_sizes.h
Examining data/html5-parser-0.4.9/gumbo/tag_strings.h
Examining data/html5-parser-0.4.9/gumbo/token_type.h
Examining data/html5-parser-0.4.9/gumbo/tokenizer.c
Examining data/html5-parser-0.4.9/gumbo/tokenizer.h
Examining data/html5-parser-0.4.9/gumbo/tokenizer_states.h
Examining data/html5-parser-0.4.9/gumbo/utf8.c
Examining data/html5-parser-0.4.9/gumbo/utf8.h
Examining data/html5-parser-0.4.9/gumbo/util.c
Examining data/html5-parser-0.4.9/gumbo/util.h
Examining data/html5-parser-0.4.9/gumbo/vector.c
Examining data/html5-parser-0.4.9/gumbo/vector.h
Examining data/html5-parser-0.4.9/mem-leak-check.c
Examining data/html5-parser-0.4.9/src/as-libxml.c
Examining data/html5-parser-0.4.9/src/as-libxml.h
Examining data/html5-parser-0.4.9/src/as-python-tree.c
Examining data/html5-parser-0.4.9/src/as-python-tree.h
Examining data/html5-parser-0.4.9/src/attr_enum.h
Examining data/html5-parser-0.4.9/src/attr_perf.h
Examining data/html5-parser-0.4.9/src/attr_sizes.h
Examining data/html5-parser-0.4.9/src/attr_strings.h
Examining data/html5-parser-0.4.9/src/data-types.h
Examining data/html5-parser-0.4.9/src/python-wrapper.c
Examining data/html5-parser-0.4.9/src/stack.h
Examining data/html5-parser-0.4.9/test.c
FINAL RESULTS:
data/html5-parser-0.4.9/gumbo/error.c:37:23: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int bytes_written = vsnprintf(
data/html5-parser-0.4.9/gumbo/error.c:50:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int result = vsnprintf(
data/html5-parser-0.4.9/gumbo/error.c:66:21: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
bytes_written = vsnprintf(
data/html5-parser-0.4.9/gumbo/util.h:77:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define gumbo_debug(...) fprintf(stderr, __VA_ARGS__)
data/html5-parser-0.4.9/test.c:17:9: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(argw[i], 1024, L"%hs", argv[i]);
data/html5-parser-0.4.9/gumbo/parser.c:42:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char gumbo_tagset[GUMBO_TAG_LAST];
data/html5-parser-0.4.9/gumbo/string_buffer.c:83:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer->data + buffer->length, data, length);
data/html5-parser-0.4.9/gumbo/string_buffer.c:103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer->data + buffer->length, data, length);
data/html5-parser-0.4.9/gumbo/string_buffer.c:123:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, input->data, input->length);
data/html5-parser-0.4.9/gumbo/string_piece.c:44:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, source->data, source->length);
data/html5-parser-0.4.9/gumbo/svg_attrs.c:46:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char gperf_downcase[256] =
data/html5-parser-0.4.9/gumbo/svg_tags.c:46:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char gperf_downcase[256] =
data/html5-parser-0.4.9/gumbo/util.h:55:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, str, len);
data/html5-parser-0.4.9/gumbo/vector.c:93:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vector->data + where, data, sizeof(void*) * n_to_insert);
data/html5-parser-0.4.9/mem-leak-check.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024*1024] = {0};
data/html5-parser-0.4.9/src/as-libxml.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50] = {0};
data/html5-parser-0.4.9/src/as-libxml.c:210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_TAG_NAME_SZ] = {0};
data/html5-parser-0.4.9/src/as-libxml.c:219:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, elem->original_tag.data, tag_sz);
data/html5-parser-0.4.9/src/as-libxml.c:418:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(xmlParserVersion);
data/html5-parser-0.4.9/src/as-python-tree.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_TAG_NAME_SZ];
data/html5-parser-0.4.9/test.c:13:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t *argw[1024] = {0};
data/html5-parser-0.4.9/gumbo/parser.c:2773:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int prompt_attr_length = (int) strlen(prompt_attr->value);
data/html5-parser-0.4.9/gumbo/parser.c:4554:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&kGumboDefaultOptions, buffer, strlen(buffer));
data/html5-parser-0.4.9/gumbo/string_buffer.c:93:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < count; ++i) total_len += strlen(va_arg(ap, const char*));
data/html5-parser-0.4.9/gumbo/string_buffer.c:101:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(data);
data/html5-parser-0.4.9/gumbo/string_buffer.h:79:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gumbo_string_buffer_put(buffer, data, strlen(data));
data/html5-parser-0.4.9/gumbo/tag.c:103:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return gumbo_tagn_enum(tagname, strlen(tagname));
data/html5-parser-0.4.9/gumbo/tokenizer.c:371:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t text_len = strlen(text);
data/html5-parser-0.4.9/gumbo/tokenizer.c:783:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(attr->name) == tag_state->_buffer.length &&
data/html5-parser-0.4.9/gumbo/util.h:53:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str) + 1;
data/html5-parser-0.4.9/mem-leak-check.c:43:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t sz = read(STDIN_FILENO, buf, (sizeof(buf) / sizeof(buf[0])) - 1);
data/html5-parser-0.4.9/src/as-libxml.c:132:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(aname);
data/html5-parser-0.4.9/src/as-libxml.c:154:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (colon && strlen(colon + 1) > 0) {
data/html5-parser-0.4.9/src/as-libxml.c:168:114: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr_name = xmlDictLookup(doc->dict, BAD_CAST aname, (pd->sanitize_names ? sanitize_name((char*)aname) : strlen(aname))); // we deliberately discard const, for performance
data/html5-parser-0.4.9/src/as-libxml.c:226:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag_sz = pd->sanitize_names ? sanitize_name((char*)tag) : strlen(tag);
data/html5-parser-0.4.9/src/as-libxml.c:303:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans = xmlNewCDataBlock(doc, BAD_CAST node_text, (int)strlen(node_text));
data/html5-parser-0.4.9/src/as-python-tree.c:79:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t alen = strlen(aname);
ANALYSIS SUMMARY:
Hits = 37
Lines analyzed = 39019 in approximately 1.34 seconds (29210 lines/second)
Physical Source Lines of Code (SLOC) = 35699
Hits@level = [0] 6 [1] 16 [2] 16 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 43 [1+] 37 [2+] 21 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 1.20452 [1+] 1.03644 [2+] 0.588252 [3+] 0.14006 [4+] 0.14006 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.