Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c
Examining data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.h
Examining data/malcontent-0.9.0/libmalcontent-ui/malcontent-ui.h
Examining data/malcontent-0.9.0/libmalcontent-ui/restrict-applications-dialog.c
Examining data/malcontent-0.9.0/libmalcontent-ui/restrict-applications-dialog.h
Examining data/malcontent-0.9.0/libmalcontent-ui/restrict-applications-selector.c
Examining data/malcontent-0.9.0/libmalcontent-ui/restrict-applications-selector.h
Examining data/malcontent-0.9.0/libmalcontent-ui/user-controls.c
Examining data/malcontent-0.9.0/libmalcontent-ui/user-controls.h
Examining data/malcontent-0.9.0/libmalcontent/app-filter-private.h
Examining data/malcontent-0.9.0/libmalcontent/app-filter.c
Examining data/malcontent-0.9.0/libmalcontent/app-filter.h
Examining data/malcontent-0.9.0/libmalcontent/gconstructor.h
Examining data/malcontent-0.9.0/libmalcontent/init.c
Examining data/malcontent-0.9.0/libmalcontent/malcontent.h
Examining data/malcontent-0.9.0/libmalcontent/manager.c
Examining data/malcontent-0.9.0/libmalcontent/manager.h
Examining data/malcontent-0.9.0/libmalcontent/session-limits-private.h
Examining data/malcontent-0.9.0/libmalcontent/session-limits.c
Examining data/malcontent-0.9.0/libmalcontent/session-limits.h
Examining data/malcontent-0.9.0/libmalcontent/tests/app-filter.c
Examining data/malcontent-0.9.0/libmalcontent/tests/session-limits.c
Examining data/malcontent-0.9.0/malcontent-control/application.c
Examining data/malcontent-0.9.0/malcontent-control/application.h
Examining data/malcontent-0.9.0/malcontent-control/carousel.c
Examining data/malcontent-0.9.0/malcontent-control/carousel.h
Examining data/malcontent-0.9.0/malcontent-control/main.c
Examining data/malcontent-0.9.0/malcontent-control/user-image.c
Examining data/malcontent-0.9.0/malcontent-control/user-image.h
Examining data/malcontent-0.9.0/malcontent-control/user-selector.c
Examining data/malcontent-0.9.0/malcontent-control/user-selector.h
Examining data/malcontent-0.9.0/pam/pam_malcontent.c
Examining data/malcontent-0.9.0/pam/tests/pam_malcontent.c
FINAL RESULTS:
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:32:56: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
gs_content_rating_system_to_str (GsContentRatingSystem system)
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:80:59: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
gs_utils_content_rating_age_to_str (GsContentRatingSystem system, guint age)
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:468:59: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
gs_utils_content_rating_get_values (GsContentRatingSystem system)
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:470:30: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
g_return_val_if_fail ((int) system < GS_CONTENT_RATING_SYSTEM_LAST, NULL);
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:480:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
esrb_ages[0] = get_esrb_string (content_rating_strings[system][0], _("Early Childhood"));
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:481:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
esrb_ages[1] = get_esrb_string (content_rating_strings[system][1], _("Everyone"));
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:482:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
esrb_ages[2] = get_esrb_string (content_rating_strings[system][2], _("Everyone 10+"));
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:483:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
esrb_ages[3] = get_esrb_string (content_rating_strings[system][3], _("Teen"));
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:484:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
esrb_ages[4] = get_esrb_string (content_rating_strings[system][4], _("Mature"));
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:485:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
esrb_ages[5] = get_esrb_string (content_rating_strings[system][5], _("Adults Only"));
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:491:54: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return g_strdupv ((gchar **) content_rating_strings[system]);
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:514:57: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
gs_utils_content_rating_get_ages (GsContentRatingSystem system, gsize *length_out)
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:516:30: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
g_return_val_if_fail ((int) system < GS_CONTENT_RATING_SYSTEM_LAST, NULL);
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:523:65: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
*length_out = g_strv_length ((gchar **) content_rating_strings[system]);
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.c:524:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return content_rating_ages[system];
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.h:78:66: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
gchar *gs_utils_content_rating_age_to_str (GsContentRatingSystem system,
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.h:81:69: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const gchar *gs_content_rating_system_to_str (GsContentRatingSystem system);
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.h:82:67: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
gchar **gs_utils_content_rating_get_values (GsContentRatingSystem system);
data/malcontent-0.9.0/libmalcontent-ui/gs-content-rating.h:83:70: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const guint *gs_utils_content_rating_get_ages (GsContentRatingSystem system, gsize *length_out);
data/malcontent-0.9.0/libmalcontent/app-filter.c:806:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (builder, &local_builder, sizeof (local_builder));
data/malcontent-0.9.0/libmalcontent/session-limits.c:416:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (builder, &local_builder, sizeof (local_builder));
data/malcontent-0.9.0/libmalcontent/tests/app-filter.c:244:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&fixture->stack_builder, &local_builder, sizeof (local_builder));
data/malcontent-0.9.0/libmalcontent/tests/session-limits.c:204:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&fixture->stack_builder, &local_builder, sizeof (local_builder));
data/malcontent-0.9.0/libmalcontent-ui/restrict-applications-selector.c:386:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (id_a) - strlen (id_b);
data/malcontent-0.9.0/libmalcontent-ui/restrict-applications-selector.c:386:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (id_a) - strlen (id_b);
data/malcontent-0.9.0/libmalcontent/app-filter.c:301:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize app_id_len = strlen (app_id);
data/malcontent-0.9.0/libmalcontent/app-filter.c:308:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp (filter->app_list[i] + strlen ("app/"), app_id, app_id_len) == 0 &&
data/malcontent-0.9.0/libmalcontent/app-filter.c:309:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filter->app_list[i][strlen ("app/") + app_id_len] == '/')
data/malcontent-0.9.0/libmalcontent/app-filter.c:391:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old_flatpak_app[strlen (old_flatpak_app) - strlen (".desktop")] = '\0';
data/malcontent-0.9.0/libmalcontent/app-filter.c:391:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old_flatpak_app[strlen (old_flatpak_app) - strlen (".desktop")] = '\0';
data/malcontent-0.9.0/libmalcontent/gconstructor.h:62:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/malcontent-0.9.0/libmalcontent/gconstructor.h:70:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/malcontent-0.9.0/libmalcontent/gconstructor.h:82:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/malcontent-0.9.0/libmalcontent/gconstructor.h:89:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/malcontent-0.9.0/libmalcontent/manager.c:249:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uid_str = object_path + strlen ("/org/freedesktop/Accounts/User");
ANALYSIS SUMMARY:
Hits = 35
Lines analyzed = 12227 in approximately 0.32 seconds (37627 lines/second)
Physical Source Lines of Code (SLOC) = 7684
Hits@level = [0] 0 [1] 12 [2] 4 [3] 0 [4] 19 [5] 0
Hits@level+ = [0+] 35 [1+] 35 [2+] 23 [3+] 19 [4+] 19 [5+] 0
Hits/KSLOC@level+ = [0+] 4.55492 [1+] 4.55492 [2+] 2.99323 [3+] 2.47267 [4+] 2.47267 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.