Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lxml-4.6.1/src/lxml/includes/etree_defs.h
Examining data/lxml-4.6.1/src/lxml/includes/lxml-version.h
Examining data/lxml-4.6.1/src/lxml/sax.c
Examining data/lxml-4.6.1/src/lxml/_elementpath.c
Examining data/lxml-4.6.1/src/lxml/lxml_endian.h
Examining data/lxml-4.6.1/src/lxml/objectify.c
Examining data/lxml-4.6.1/src/lxml/etree_api.h
Examining data/lxml-4.6.1/src/lxml/etree.c
Examining data/lxml-4.6.1/src/lxml/html/diff.c
Examining data/lxml-4.6.1/src/lxml/html/clean.c
Examining data/lxml-4.6.1/src/lxml/lxml.etree_api.h
Examining data/lxml-4.6.1/src/lxml/etree.h
Examining data/lxml-4.6.1/src/lxml/builder.c
Examining data/lxml-4.6.1/src/lxml/lxml.etree.h

FINAL RESULTS:

data/lxml-4.6.1/src/lxml/_elementpath.c:807:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/builder.c:807:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/etree.c:921:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/etree.c:49644:14:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
      (void)(sprintf(__pyx_v_c_message, __pyx_v_msg, __pyx_v_c_element));
data/lxml-4.6.1/src/lxml/etree.c:49751:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    (void)(sprintf(__pyx_v_c_message, ((char const *)"%s, element '%s'"), __pyx_v_c_text, __pyx_v_c_element));
data/lxml-4.6.1/src/lxml/html/clean.c:807:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/html/diff.c:807:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/objectify.c:870:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/sax.c:807:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/lxml-4.6.1/src/lxml/builder.c:8371:18:  [3] (random) setstate:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            if (!setstate) PyErr_Clear();
data/lxml-4.6.1/src/lxml/builder.c:8372:18:  [3] (random) setstate:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/lxml-4.6.1/src/lxml/builder.c:8372:58:  [3] (random) setstate:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/lxml-4.6.1/src/lxml/builder.c:8377:29:  [3] (random) setstate:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                } else if (!setstate || PyErr_Occurred()) {
data/lxml-4.6.1/src/lxml/builder.c:8397:16:  [3] (random) setstate:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    Py_XDECREF(setstate);
data/lxml-4.6.1/src/lxml/sax.c:12468:18:  [3] (random) setstate:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            if (!setstate) PyErr_Clear();
data/lxml-4.6.1/src/lxml/sax.c:12469:18:  [3] (random) setstate:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/lxml-4.6.1/src/lxml/sax.c:12469:58:  [3] (random) setstate:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/lxml-4.6.1/src/lxml/sax.c:12474:29:  [3] (random) setstate:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                } else if (!setstate || PyErr_Occurred()) {
data/lxml-4.6.1/src/lxml/sax.c:12494:16:  [3] (random) setstate:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    Py_XDECREF(setstate);
data/lxml-4.6.1/src/lxml/_elementpath.c:760:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ascii_chars[128];
data/lxml-4.6.1/src/lxml/_elementpath.c:18085:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/_elementpath.c:18089:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[200];
data/lxml-4.6.1/src/lxml/builder.c:760:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ascii_chars[128];
data/lxml-4.6.1/src/lxml/builder.c:9204:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/builder.c:9208:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[200];
data/lxml-4.6.1/src/lxml/etree.c:874:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ascii_chars[128];
data/lxml-4.6.1/src/lxml/etree.c:109866:18:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          (void)(memcpy(__pyx_v_c_buffer, __pyx_v_c_start, __pyx_v_remaining));
data/lxml-4.6.1/src/lxml/etree.c:110179:18:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          (void)(memcpy(__pyx_v_c_buffer, __pyx_v_c_start, __pyx_v_c_requested));
data/lxml-4.6.1/src/lxml/etree.c:116793:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      (void)(memcpy(__pyx_v_sax, (&htmlDefaultSAXHandler), (sizeof(htmlDefaultSAXHandler))));
data/lxml-4.6.1/src/lxml/etree.c:130543:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                __pyx_t_3 = __Pyx_decode_c_string(((char const *)(__pyx_v_c_attributes[3])), 0, __pyx_v_c_len, NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_3)) __PYX_ERR(3, 383, __pyx_L9_error)
data/lxml-4.6.1/src/lxml/etree.c:145191:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char __pyx_v_tmp[12];
data/lxml-4.6.1/src/lxml/etree.c:145798:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    __pyx_t_2 = ((((unsigned char const )(__pyx_v_cur[0])) >= 0x80) != 0);
data/lxml-4.6.1/src/lxml/etree.c:224697:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  __pyx_v_f = fopen(__pyx_t_8, ((char const *)"w"));
data/lxml-4.6.1/src/lxml/etree.c:225125:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  __pyx_v_f = fopen(__pyx_t_8, ((char const *)"w"));
data/lxml-4.6.1/src/lxml/etree.c:261761:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char DIGIT_PAIRS_10[2*10*10+1] = {
data/lxml-4.6.1/src/lxml/etree.c:261773:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char DIGIT_PAIRS_8[2*8*8+1] = {
data/lxml-4.6.1/src/lxml/etree.c:261783:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char DIGITS_HEX[2*16+1] = {
data/lxml-4.6.1/src/lxml/etree.c:261878:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char digits[sizeof(xmlElementType)*3+2];
data/lxml-4.6.1/src/lxml/etree.c:262276:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char digits[sizeof(Py_ssize_t)*3+2];
data/lxml-4.6.1/src/lxml/etree.c:262384:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char *)result_udata + char_pos * result_ukind, udata, (size_t) (ulength * result_ukind));
data/lxml-4.6.1/src/lxml/etree.c:262473:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char digits[sizeof(int)*3+2];
data/lxml-4.6.1/src/lxml/etree.c:265946:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char digits[sizeof(xmlXPathObjectType)*3+2];
data/lxml-4.6.1/src/lxml/etree.c:266077:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char warning[200];
data/lxml-4.6.1/src/lxml/etree.c:268213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/etree.c:268217:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[200];
data/lxml-4.6.1/src/lxml/html/clean.c:760:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ascii_chars[128];
data/lxml-4.6.1/src/lxml/html/clean.c:20696:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/html/clean.c:20700:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[200];
data/lxml-4.6.1/src/lxml/html/diff.c:760:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ascii_chars[128];
data/lxml-4.6.1/src/lxml/html/diff.c:22086:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char *)result_udata + char_pos * result_ukind, udata, (size_t) (ulength * result_ukind));
data/lxml-4.6.1/src/lxml/html/diff.c:26595:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/html/diff.c:26599:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[200];
data/lxml-4.6.1/src/lxml/lxml_endian.h:10:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    union {uint32_t i; char c[4];} x = {0x01020304};
data/lxml-4.6.1/src/lxml/objectify.c:823:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ascii_chars[128];
data/lxml-4.6.1/src/lxml/objectify.c:38775:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char *)result_udata + char_pos * result_ukind, udata, (size_t) (ulength * result_ukind));
data/lxml-4.6.1/src/lxml/objectify.c:39372:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char DIGIT_PAIRS_10[2*10*10+1] = {
data/lxml-4.6.1/src/lxml/objectify.c:39384:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char DIGIT_PAIRS_8[2*8*8+1] = {
data/lxml-4.6.1/src/lxml/objectify.c:39394:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char DIGITS_HEX[2*16+1] = {
data/lxml-4.6.1/src/lxml/objectify.c:39489:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char digits[sizeof(Py_ssize_t)*3+2];
data/lxml-4.6.1/src/lxml/objectify.c:40656:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char warning[200];
data/lxml-4.6.1/src/lxml/objectify.c:42231:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/objectify.c:42235:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[200];
data/lxml-4.6.1/src/lxml/sax.c:760:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ascii_chars[128];
data/lxml-4.6.1/src/lxml/sax.c:14063:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ctversion[4], rtversion[4];
data/lxml-4.6.1/src/lxml/sax.c:14067:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[200];
data/lxml-4.6.1/src/lxml/_elementpath.c:684:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/_elementpath.c:805:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/_elementpath.c:18133:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/builder.c:684:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/builder.c:805:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/builder.c:9283:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/etree.c:798:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/etree.c:919:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/etree.c:19564:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __pyx_t_3 = __Pyx_decode_c_string(__pyx_t_4, 0, strlen(__pyx_t_4), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_3)) __PYX_ERR(6, 41, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:19594:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __pyx_t_5 = __Pyx_decode_c_string(__pyx_t_4, 0, strlen(__pyx_t_4), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(6, 43, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:19787:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __pyx_t_3 = __Pyx_decode_c_string(__pyx_t_4, 0, strlen(__pyx_t_4), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_3)) __PYX_ERR(6, 61, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:19847:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __pyx_t_5 = __Pyx_decode_c_string(__pyx_t_4, 0, strlen(__pyx_t_4), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(6, 64, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:22640:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __pyx_t_5 = __Pyx_decode_c_string(__pyx_t_4, 0, strlen(__pyx_t_4), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(6, 309, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:35054:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __pyx_t_2 = __Pyx_decode_c_string(((char const *)__pyx_v_s), 0, strlen(((char const *)__pyx_v_s)), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(6, 1506, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:35172:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __pyx_v_slen = (__pyx_v_slen + strlen(((char const *)__pyx_v_spos)));
data/lxml-4.6.1/src/lxml/etree.c:40421:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  __pyx_v_size = strlen(__pyx_v_self->_c_message);
data/lxml-4.6.1/src/lxml/etree.c:49617:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      __pyx_v_text_size = strlen(__pyx_v_msg);
data/lxml-4.6.1/src/lxml/etree.c:49626:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      __pyx_v_element_size = strlen(__pyx_v_c_element);
data/lxml-4.6.1/src/lxml/etree.c:49724:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __pyx_v_text_size = strlen(__pyx_v_c_text);
data/lxml-4.6.1/src/lxml/etree.c:49733:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __pyx_v_element_size = strlen(__pyx_v_c_element);
data/lxml-4.6.1/src/lxml/etree.c:87138:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __pyx_t_5 = __Pyx_decode_c_string(__pyx_t_9, 0, strlen(__pyx_t_9), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(0, 3445, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:113197:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          __pyx_t_6 = __Pyx_decode_c_string(__pyx_t_10, 0, strlen(__pyx_t_10), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_6)) __PYX_ERR(2, 645, __pyx_L8_error)
data/lxml-4.6.1/src/lxml/etree.c:113241:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          __pyx_t_14 = __Pyx_decode_c_string(__pyx_t_10, 0, strlen(__pyx_t_10), NULL, NULL, PyUnicode_DecodeLatin1); if (unlikely(!__pyx_t_14)) __PYX_ERR(2, 648, __pyx_L10_except_error)
data/lxml-4.6.1/src/lxml/etree.c:126259:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  __pyx_t_2 = __Pyx_decode_c_string(__pyx_t_9, 0, strlen(__pyx_t_9), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(2, 1882, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:146211:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      __pyx_t_5 = strlen(((char const *)__pyx_v_tmp)); 
data/lxml-4.6.1/src/lxml/etree.c:149212:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      __pyx_t_6 = __Pyx_decode_c_string(__pyx_v_c_enc, 0, strlen(__pyx_v_c_enc), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_6)) __PYX_ERR(9, 789, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:149553:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        __pyx_t_5 = __Pyx_decode_c_string(__pyx_t_15, 0, strlen(__pyx_t_15), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(9, 810, __pyx_L4_error)
data/lxml-4.6.1/src/lxml/etree.c:150454:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      __pyx_t_7 = __Pyx_decode_c_string(__pyx_t_17, 0, strlen(__pyx_t_17), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_7)) __PYX_ERR(9, 876, __pyx_L4_error)
data/lxml-4.6.1/src/lxml/etree.c:187411:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __pyx_t_13 = __Pyx_decode_c_string(__pyx_t_14, 0, strlen(__pyx_t_14), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_13)) __PYX_ERR(10, 612, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:198981:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  __pyx_t_4 = __Pyx_decode_c_string(__pyx_t_8, 0, strlen(__pyx_t_8), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_4)) __PYX_ERR(4, 254, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:206399:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  __pyx_t_5 = __Pyx_decode_c_string(((char const *)__pyx_t_4), 0, strlen(((char const *)__pyx_t_4)), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_5)) __PYX_ERR(4, 914, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:253740:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      __pyx_t_1 = __Pyx_decode_c_string(((char const *)__pyx_t_11), 0, strlen(((char const *)__pyx_t_11)), NULL, NULL, PyUnicode_DecodeASCII); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 257, __pyx_L13_error)
data/lxml-4.6.1/src/lxml/etree.c:253818:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      __pyx_t_9 = __Pyx_decode_c_string(((char const *)__pyx_t_11), 0, strlen(((char const *)__pyx_t_11)), NULL, NULL, PyUnicode_DecodeLatin1); if (unlikely(!__pyx_t_9)) __PYX_ERR(0, 259, __pyx_L15_except_error)
data/lxml-4.6.1/src/lxml/etree.c:253908:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  __pyx_t_1 = __Pyx_decode_c_string(LXML_VERSION_STRING, 0, strlen(LXML_VERSION_STRING), NULL, NULL, PyUnicode_DecodeASCII); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 266, __pyx_L1_error)
data/lxml-4.6.1/src/lxml/etree.c:261958:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t slen = strlen(cstring);
data/lxml-4.6.1/src/lxml/etree.c:268298:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/html/clean.c:684:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/html/clean.c:805:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/html/clean.c:20744:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/html/diff.c:684:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/html/diff.c:805:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/html/diff.c:26643:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/objectify.c:747:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/objectify.c:868:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/objectify.c:42279:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/lxml-4.6.1/src/lxml/sax.c:684:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/lxml-4.6.1/src/lxml/sax.c:805:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/lxml-4.6.1/src/lxml/sax.c:14148:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));

ANALYSIS SUMMARY:

Hits = 113
Lines analyzed = 402403 in approximately 10.53 seconds (38231 lines/second)
Physical Source Lines of Code (SLOC) = 241705
Hits@level = [0]   1 [1]  48 [2]  46 [3]  10 [4]   9 [5]   0
Hits@level+ = [0+] 114 [1+] 113 [2+]  65 [3+]  19 [4+]   9 [5+]   0
Hits/KSLOC@level+ = [0+] 0.471649 [1+] 0.467512 [2+] 0.268923 [3+] 0.0786082 [4+] 0.0372355 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.