Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/lwatch-0.6.2/src/settings.c Examining data/lwatch-0.6.2/src/defaults.h Examining data/lwatch-0.6.2/src/acolors.c Examining data/lwatch-0.6.2/src/settings.h Examining data/lwatch-0.6.2/src/log.h Examining data/lwatch-0.6.2/src/strpcre.h Examining data/lwatch-0.6.2/src/strpcre.c Examining data/lwatch-0.6.2/src/lwatch.c Examining data/lwatch-0.6.2/src/yparse.c Examining data/lwatch-0.6.2/src/control.c Examining data/lwatch-0.6.2/src/control.h Examining data/lwatch-0.6.2/src/yparse.h Examining data/lwatch-0.6.2/src/data.h Examining data/lwatch-0.6.2/src/daemon.c Examining data/lwatch-0.6.2/src/log.c Examining data/lwatch-0.6.2/src/daemon.h Examining data/lwatch-0.6.2/src/acolors.h FINAL RESULTS: data/lwatch-0.6.2/src/control.c:44:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, s, ap); data/lwatch-0.6.2/src/log.c:55:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/lwatch-0.6.2/src/strpcre.c:112:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptmp, str); data/lwatch-0.6.2/src/strpcre.c:123:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ptmp, s2); data/lwatch-0.6.2/src/strpcre.c:241:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cstr, "^%02i%s^%02i%s^%02i%s^%02i%s^01\n", data/lwatch-0.6.2/src/settings.c:142:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "vC:f:i:o:Osdht", opt, &idx)) != EOF) { data/lwatch-0.6.2/src/acolors.c:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numer[3]; data/lwatch-0.6.2/src/acolors.c:116:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val = atoi(numer); data/lwatch-0.6.2/src/daemon.c:54:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pidfd = open(pid_file, data/lwatch-0.6.2/src/daemon.c:58:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pidfd = open(pid_file, data/lwatch-0.6.2/src/daemon.c:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pid_string[PID_LENGTH]; data/lwatch-0.6.2/src/daemon.c:130:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int devnull = open("/dev/null", O_RDWR); data/lwatch-0.6.2/src/lwatch.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[BUFSIZE + 1]; data/lwatch-0.6.2/src/lwatch.c:79:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). io_check(fd = open(lw_conf.in_file, O_RDONLY), lw_conf.in_file); data/lwatch-0.6.2/src/lwatch.c:126:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). io_check(fd = open(lw_conf.in_file, O_RDONLY), lw_conf.in_file); data/lwatch-0.6.2/src/settings.c:217:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). io_fcheck(yyin = fopen(lw_conf.conf_file, "r"), lw_conf.conf_file); data/lwatch-0.6.2/src/settings.c:253:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lw_actions[no_actions], paction, sizeof(struct s_action)); data/lwatch-0.6.2/src/strpcre.c:130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctrl[4]; data/lwatch-0.6.2/src/strpcre.c:136:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ctrl, "^%02i", HL_COLOR); data/lwatch-0.6.2/src/yparse.c:976:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errmsg[MAXMSG+1]; data/lwatch-0.6.2/src/yparse.c:979:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mymsg[MAXMSG+1]; data/lwatch-0.6.2/src/yparse.c:1104:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"input_file"); data/lwatch-0.6.2/src/yparse.c:1115:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"output_file"); data/lwatch-0.6.2/src/yparse.c:1126:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"rule_action"); data/lwatch-0.6.2/src/yparse.c:1138:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"show_unparsed"); data/lwatch-0.6.2/src/yparse.c:1149:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"cfg_ver"); data/lwatch-0.6.2/src/yparse.c:1160:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"use_syslog"); data/lwatch-0.6.2/src/yparse.c:1171:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"log_level"); data/lwatch-0.6.2/src/yparse.c:1182:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"date_color"); data/lwatch-0.6.2/src/yparse.c:1193:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"host_color"); data/lwatch-0.6.2/src/yparse.c:1204:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"serv_color"); data/lwatch-0.6.2/src/yparse.c:1217:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"mesg_color"); data/lwatch-0.6.2/src/yparse.c:1228:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"date_color"); data/lwatch-0.6.2/src/yparse.c:1239:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"host_color"); data/lwatch-0.6.2/src/yparse.c:1250:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"serv_color"); data/lwatch-0.6.2/src/yparse.c:1263:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"mesg_color"); data/lwatch-0.6.2/src/yparse.c:1274:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mymsg,"highlight_color"); data/lwatch-0.6.2/src/control.h:36:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define io_check(res,str) if((res)==-1) die("%s%s[%i] %s\n",str,strlen(str)?": ":"",errno,strerror(errno)) data/lwatch-0.6.2/src/control.h:37:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define io_fcheck(res,str) if((res)==NULL) die("%s%s[%i] %s\n",str,strlen(str)?": ":"",errno,strerror(errno)) data/lwatch-0.6.2/src/control.h:38:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define sig_check(res,str) if((res)==SIG_ERR) die("%s%sCannot set signal handler\n",str,strlen(str)?": ":""); data/lwatch-0.6.2/src/daemon.c:110:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_log(LOG_DEBUG, "Write PID %s(%d) to file fd=%d\n", pid_string, strlen(pid_string), pidfd); data/lwatch-0.6.2/src/daemon.c:111:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = write(pidfd, (void *)pid_string, strlen(pid_string)); data/lwatch-0.6.2/src/lwatch.c:140:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). io_check(res = read(fd, (void *)rbuf, BUFSIZE), "read input"); data/lwatch-0.6.2/src/strpcre.c:108:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptmp = (char *)malloc(strlen(str) + 1); data/lwatch-0.6.2/src/strpcre.c:110:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). die("Cannot allocate %i byte(s) in newstr()\n", strlen(str) + 1); data/lwatch-0.6.2/src/strpcre.c:118:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptmp = (char *)realloc((void *)s1, strlen(s1) + strlen(s2) + 1); data/lwatch-0.6.2/src/strpcre.c:118:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptmp = (char *)realloc((void *)s1, strlen(s1) + strlen(s2) + 1); data/lwatch-0.6.2/src/strpcre.c:121:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(s1) + strlen(s2) + 1); data/lwatch-0.6.2/src/strpcre.c:121:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(s1) + strlen(s2) + 1); data/lwatch-0.6.2/src/strpcre.c:137:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (pcre_exec(act->re, act->rh, pmatch, strlen(pmatch), start_match, 0, (int *)&re_matches, RE_NMATCHES) > 0) { data/lwatch-0.6.2/src/strpcre.c:139:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pres = (char *)malloc(strlen(pmatch) + 7); /* ^cc ^00 NULL */ data/lwatch-0.6.2/src/strpcre.c:184:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = pcre_exec(parser.pre, parser.prh, input, strlen(input), 0, 0, data/lwatch-0.6.2/src/strpcre.c:207:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). match, strlen(match), 0, 0, data/lwatch-0.6.2/src/strpcre.c:239:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(date_s) + strlen(host_s) + strlen(serv_s) + strlen(mesg_s) + 17; data/lwatch-0.6.2/src/strpcre.c:239:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(date_s) + strlen(host_s) + strlen(serv_s) + strlen(mesg_s) + 17; data/lwatch-0.6.2/src/strpcre.c:239:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(date_s) + strlen(host_s) + strlen(serv_s) + strlen(mesg_s) + 17; data/lwatch-0.6.2/src/strpcre.c:239:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(date_s) + strlen(host_s) + strlen(serv_s) + strlen(mesg_s) + 17; data/lwatch-0.6.2/src/yparse.c:893:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/lwatch-0.6.2/src/yparse.c:2226:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes(yystr,strlen(yystr) ); ANALYSIS SUMMARY: Hits = 59 Lines analyzed = 4103 in approximately 0.13 seconds (32715 lines/second) Physical Source Lines of Code (SLOC) = 2808 Hits@level = [0] 56 [1] 22 [2] 31 [3] 1 [4] 5 [5] 0 Hits@level+ = [0+] 115 [1+] 59 [2+] 37 [3+] 6 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 40.9544 [1+] 21.0114 [2+] 13.1766 [3+] 2.13675 [4+] 1.78063 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.