Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libwfut-0.2.3/tools/wfut.cpp
Examining data/libwfut-0.2.3/python/WFUT.cxx
Examining data/libwfut-0.2.3/libwfut/platform.h
Examining data/libwfut-0.2.3/libwfut/ChannelFileList.h
Examining data/libwfut-0.2.3/libwfut/Encoder.cpp
Examining data/libwfut-0.2.3/libwfut/ChannelWriter.cpp
Examining data/libwfut-0.2.3/libwfut/tinystr.cpp
Examining data/libwfut-0.2.3/libwfut/tinyxmlerror.cpp
Examining data/libwfut-0.2.3/libwfut/types.h
Examining data/libwfut-0.2.3/libwfut/ChannelParser.cpp
Examining data/libwfut-0.2.3/libwfut/FileWriter.cpp
Examining data/libwfut-0.2.3/libwfut/Encoder.h
Examining data/libwfut-0.2.3/libwfut/FileParser.cpp
Examining data/libwfut-0.2.3/libwfut/crc32.cpp
Examining data/libwfut-0.2.3/libwfut/MirrorParser.cpp
Examining data/libwfut-0.2.3/libwfut/tinyxml.h
Examining data/libwfut-0.2.3/libwfut/FileIO.h
Examining data/libwfut-0.2.3/libwfut/crc32.h
Examining data/libwfut-0.2.3/libwfut/tinyxmlparser.cpp
Examining data/libwfut-0.2.3/libwfut/tinyxml.cpp
Examining data/libwfut-0.2.3/libwfut/IO.cpp
Examining data/libwfut-0.2.3/libwfut/platform.cpp
Examining data/libwfut-0.2.3/libwfut/WFUT.cpp
Examining data/libwfut-0.2.3/libwfut/tinystr.h
Examining data/libwfut-0.2.3/libwfut/WFUT.h
Examining data/libwfut-0.2.3/libwfut/IO.h
Examining data/libwfut-0.2.3/libwfut/header.h
Examining data/libwfut-0.2.3/libwfut/ChannelIO.h
FINAL RESULTS:
data/libwfut-0.2.3/libwfut/platform.cpp:85:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return chmod(file.c_str(), mode);
data/libwfut-0.2.3/libwfut/Encoder.cpp:9:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libwfut-0.2.3/libwfut/Encoder.cpp:9:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libwfut-0.2.3/libwfut/WFUT.cpp:215:94: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
WFUTError WFUTClient::calculateUpdates(const ChannelFileList &server, const ChannelFileList &system, const ChannelFileList &local, ChannelFileList &updates, const std::string &prefix) {
data/libwfut-0.2.3/libwfut/WFUT.cpp:217:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const FileMap &system_map = system.getFiles();
data/libwfut-0.2.3/libwfut/WFUT.h:132:53: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const ChannelFileList &system,
data/libwfut-0.2.3/libwfut/platform.cpp:43:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%swfut%d.tmp",path,rand());
data/libwfut-0.2.3/libwfut/tinyxml.cpp:130:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( buffer, str.c_str() );
data/libwfut-0.2.3/libwfut/tinyxml.h:56:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TIXML_LOG printf
data/libwfut-0.2.3/python/WFUT.cxx:686:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/libwfut-0.2.3/python/WFUT.cxx:825:25: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define PyOS_snprintf _snprintf
data/libwfut-0.2.3/python/WFUT.cxx:827:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define PyOS_snprintf snprintf
data/libwfut-0.2.3/python/WFUT.cxx:844:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(buf, sizeof(buf), fmt, ap);
data/libwfut-0.2.3/tools/wfut.cpp:205:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ChannelFileList local, system, server, updates, tmplist;
data/libwfut-0.2.3/tools/wfut.cpp:247:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (wfut.getLocalList(system_wfut, system)) {
data/libwfut-0.2.3/tools/wfut.cpp:252:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (channel == ".") channel = system.getName();
data/libwfut-0.2.3/tools/wfut.cpp:280:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (wfut.calculateUpdates(server, system, local, updates, local_root)) {
data/libwfut-0.2.3/tools/wfut.cpp:131:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, short_options, long_options, &opt_index);
data/libwfut-0.2.3/tools/wfut.cpp:193:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libwfut-0.2.3/libwfut/Encoder.cpp:31:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/libwfut-0.2.3/libwfut/Encoder.cpp:80:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/libwfut-0.2.3/libwfut/IO.cpp:61:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *tp = fopen(target_filename.c_str(), "wb");
data/libwfut-0.2.3/libwfut/IO.cpp:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libwfut-0.2.3/libwfut/WFUT.cpp:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libwfut-0.2.3/libwfut/WFUT.cpp:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libwfut-0.2.3/libwfut/WFUT.cpp:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libwfut-0.2.3/libwfut/crc32.cpp:13:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename.c_str(), "rb");
data/libwfut-0.2.3/libwfut/platform.cpp:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH];
data/libwfut-0.2.3/libwfut/platform.cpp:37:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(path, ".\\");
data/libwfut-0.2.3/libwfut/platform.cpp:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_PATH];
data/libwfut-0.2.3/libwfut/platform.cpp:47:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(filename, "w+bD");
data/libwfut-0.2.3/libwfut/platform.cpp:49:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
return tmpfile();
data/libwfut-0.2.3/libwfut/tinystr.cpp:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (newstring, instring, newlen);
data/libwfut-0.2.3/libwfut/tinystr.cpp:80:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (newstring, copy . cstring, newlen);
data/libwfut-0.2.3/libwfut/tinystr.cpp:100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (newstring, content, newlen);
data/libwfut-0.2.3/libwfut/tinystr.cpp:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (newstring, copy . c_str (), newlen);
data/libwfut-0.2.3/libwfut/tinystr.cpp:161:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_string, cstring, length ());
data/libwfut-0.2.3/libwfut/tinystr.cpp:165:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_string + length (),
data/libwfut-0.2.3/libwfut/tinystr.cpp:181:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cstring + length (),
data/libwfut-0.2.3/libwfut/tinystr.cpp:209:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_string, cstring, 1 + length ());
data/libwfut-0.2.3/libwfut/tinystr.cpp:214:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_string + length (),
data/libwfut-0.2.3/libwfut/tinystr.cpp:230:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cstring + length (),
data/libwfut-0.2.3/libwfut/tinystr.h:213:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smallstr [2];
data/libwfut-0.2.3/libwfut/tinyxml.cpp:106:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 32 ];
data/libwfut-0.2.3/libwfut/tinyxml.cpp:107:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "&#x%02X;", (unsigned) ( c & 0xff ) );
data/libwfut-0.2.3/libwfut/tinyxml.cpp:677:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*i = atoi( s );
data/libwfut-0.2.3/libwfut/tinyxml.cpp:721:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/libwfut-0.2.3/libwfut/tinyxml.cpp:722:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%d", val );
data/libwfut-0.2.3/libwfut/tinyxml.cpp:729:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libwfut-0.2.3/libwfut/tinyxml.cpp:730:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%f", val );
data/libwfut-0.2.3/libwfut/tinyxml.cpp:948:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen( value.c_str (), "r" );
data/libwfut-0.2.3/libwfut/tinyxml.cpp:971:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUF_SIZE];
data/libwfut-0.2.3/libwfut/tinyxml.cpp:993:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen( filename, "w" );
data/libwfut-0.2.3/libwfut/tinyxml.cpp:1140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [64];
data/libwfut-0.2.3/libwfut/tinyxml.cpp:1141:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%d", _value);
data/libwfut-0.2.3/libwfut/tinyxml.cpp:1147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [256];
data/libwfut-0.2.3/libwfut/tinyxml.cpp:1148:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%lf", _value);
data/libwfut-0.2.3/libwfut/tinyxml.cpp:1154:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi (value.c_str ());
data/libwfut-0.2.3/libwfut/tinyxmlparser.cpp:572:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cArr[4] = { 0, 0, 0, 0 };
data/libwfut-0.2.3/libwfut/tinyxmlparser.cpp:606:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cArr[4] = { 0, 0, 0, 0 };
data/libwfut-0.2.3/python/WFUT.cxx:637:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/libwfut-0.2.3/python/WFUT.cxx:797:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, cstr, len+1);
data/libwfut-0.2.3/python/WFUT.cxx:841:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SWIG_PYBUFFER_SIZE * 2];
data/libwfut-0.2.3/python/WFUT.cxx:1617:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/libwfut-0.2.3/python/WFUT.cxx:2004:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/libwfut-0.2.3/python/WFUT.cxx:2018:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/libwfut-0.2.3/python/WFUT.cxx:2029:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/libwfut-0.2.3/python/WFUT.cxx:2163:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pack, ptr, size);
data/libwfut-0.2.3/python/WFUT.cxx:2181:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, sobj->pack, size);
data/libwfut-0.2.3/python/WFUT.cxx:2805:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[256];
data/libwfut-0.2.3/python/WFUT.cxx:3946:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/libwfut-0.2.3/python/WFUT.cxx:3947:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "in sequence element %d ", _index);
data/libwfut-0.2.3/python/WFUT.cxx:4146:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/libwfut-0.2.3/python/WFUT.cxx:4147:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "in sequence element %d", i);
data/libwfut-0.2.3/python/WFUT.cxx:4805:40: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/libwfut-0.2.3/tools/wfut.cpp:45:67: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
static void recordUpdate(const FileObject &fo, const std::string &tmpfile) {
data/libwfut-0.2.3/tools/wfut.cpp:47:18: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (!os_exists(tmpfile)) {
data/libwfut-0.2.3/tools/wfut.cpp:49:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(tmpfile.c_str(), "wt");
data/libwfut-0.2.3/tools/wfut.cpp:49:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fp = fopen(tmpfile.c_str(), "wt");
data/libwfut-0.2.3/tools/wfut.cpp:57:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(tmpfile.c_str(), "at");
data/libwfut-0.2.3/tools/wfut.cpp:57:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fp = fopen(tmpfile.c_str(), "at");
data/libwfut-0.2.3/tools/wfut.cpp:70:144: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
void onDownloadComplete(const std::string &u, const std::string &f, const ChannelFileList &updates, ChannelFileList *local, const std::string &tmpfile) {
data/libwfut-0.2.3/tools/wfut.cpp:84:27: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
recordUpdate(I->second, tmpfile);
data/libwfut-0.2.3/tools/wfut.cpp:223:53: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
const std::string &tmp_wfut = local_path + "/" + tmpfile;
data/libwfut-0.2.3/libwfut/FileParser.cpp:26:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (exec && strlen(exec) >= 4 && strncmp(exec, "true", 4) == 0) file.execute = true;
data/libwfut-0.2.3/libwfut/FileParser.cpp:31:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (deleted && strlen(deleted) >= 4 && strncmp(deleted, "true", 4) == 0) file.deleted = true;
data/libwfut-0.2.3/libwfut/tinystr.cpp:51:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = strlen (instring) + 1;
data/libwfut-0.2.3/libwfut/tinystr.cpp:97:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newlen = strlen (content) + 1;
data/libwfut-0.2.3/libwfut/tinystr.cpp:196:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_size = length () + strlen (suffix) + 1;
data/libwfut-0.2.3/libwfut/tinystr.cpp:216:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (suffix) + 1);
data/libwfut-0.2.3/libwfut/tinystr.cpp:232:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (suffix) + 1);
data/libwfut-0.2.3/libwfut/tinyxml.cpp:110:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outString->append( buf, (int)strlen( buf ) );
data/libwfut-0.2.3/libwfut/tinyxml.h:289:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( _value, p, *length );
data/libwfut-0.2.3/libwfut/tinyxmlparser.cpp:502:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen( entity[i].str ) == entity[i].strLength );
data/libwfut-0.2.3/libwfut/tinyxmlparser.cpp:615:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return p + strlen( endTag );
data/libwfut-0.2.3/libwfut/tinyxmlparser.cpp:1304:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen( startTag );
data/libwfut-0.2.3/python/WFUT.cxx:390:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/libwfut-0.2.3/python/WFUT.cxx:409:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/libwfut-0.2.3/python/WFUT.cxx:685:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/libwfut-0.2.3/python/WFUT.cxx:706:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/libwfut-0.2.3/python/WFUT.cxx:711:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/libwfut-0.2.3/python/WFUT.cxx:878:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
data/libwfut-0.2.3/python/WFUT.cxx:3131:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
virtual bool equal (const SwigPyIterator &/*x*/) const
data/libwfut-0.2.3/python/WFUT.cxx:3170:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal(x);
data/libwfut-0.2.3/python/WFUT.cxx:3776:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal (const SwigPyIterator &iter) const
data/libwfut-0.2.3/python/WFUT.cxx:4830:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/libwfut-0.2.3/python/WFUT.cxx:16973:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(name)+1;
data/libwfut-0.2.3/python/WFUT.cxx:16976:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gv->name,name,size);
data/libwfut-0.2.3/python/WFUT.cxx:17038:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(const_table[j].name)) == 0) {
data/libwfut-0.2.3/python/WFUT.cxx:17049:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/libwfut-0.2.3/python/WFUT.cxx:17053:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff, methods[i].ml_doc, ldoc);
data/libwfut-0.2.3/python/WFUT.cxx:17055:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buff, "swig_ptr: ", 10);
ANALYSIS SUMMARY:
Hits = 112
Lines analyzed = 24728 in approximately 0.73 seconds (34006 lines/second)
Physical Source Lines of Code (SLOC) = 19810
Hits@level = [0] 95 [1] 28 [2] 65 [3] 2 [4] 16 [5] 1
Hits@level+ = [0+] 207 [1+] 112 [2+] 84 [3+] 19 [4+] 17 [5+] 1
Hits/KSLOC@level+ = [0+] 10.4493 [1+] 5.65371 [2+] 4.24028 [3+] 0.959112 [4+] 0.858152 [5+] 0.0504796
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.