stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/moonshot-ui-1.1.0+libsecret~2/examples/client.c
Examining data/moonshot-ui-1.1.0+libsecret~2/examples/service-selection.c
Examining data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-common.c
Examining data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-common.h
Examining data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-dbus.c
Examining data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-msrpc.c
Examining data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot.h
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-crypto-utils.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-custom-vbox.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-futils.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-id.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-idcard-store.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-idcard-widget.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identities-manager.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-dialog.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-management-view.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-manager-app.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-request.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-keyring-store.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-local-flat-file-store.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-logger.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-password-dialog.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-provisioning-common.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-server-linux.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-settings.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-trust-anchor-dialog.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-utils.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-warning-dialog.c
Examining data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-webp-parser.c
Examining data/moonshot-ui-1.1.0+libsecret~2/tests/basic.c

FINAL RESULTS:

data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-msrpc.c:91:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy (buffer, format);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-manager-app.c:3003:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf (_tmp7_, _tmp8_, _tmp10_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-manager-app.c:3015:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf (_tmp11_, _tmp12_, _tmp14_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-manager-app.c:3100:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf (_tmp21_, _tmp22_, _tmp24_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-manager-app.c:3112:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf (_tmp25_, _tmp26_, _tmp28_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-server-linux.c:752:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf (_tmp3_, _tmp4_, "show_ui: parent_app.view is null!\n");
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-webp-parser.c:427:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf (_tmp22_, _tmp23_, _tmp25_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-webp-parser.c:463:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf (_tmp32_, _tmp33_, _tmp34_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-id.c:2198:11:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	_tmp0_ = g_random_int ();
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-id.c:2202:11:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	_tmp1_ = g_random_int ();
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-utils.c:1055:15:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
				_tmp12_ = g_random_int_range ((gint32) 40, (gint32) 127);
data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-dbus.c:724:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char        hash_str[65];
data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-dbus.c:739:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(&(hash_str[out]), "%02X", ca_hash[i]);
data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-msrpc.c:92:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat (buffer, ": ");
data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-msrpc.c:120:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char exe_path[1024];
data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-dbus.c:114:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  dbus_addr_len = read(fd, dbus_addr, sizeof(dbus_addr));
data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-msrpc.c:90:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buffer = malloc (strlen (format) + 256 + 3);
data/moonshot-ui-1.1.0+libsecret~2/libmoonshot/libmoonshot-msrpc.c:98:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   (LPSTR)buffer + strlen (format) + 3,
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-id.c:976:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp14_ = strlen (_tmp13_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-id.c:1717:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					_tmp28_ = strlen ((const gchar*) _tmp27_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-id.c:1760:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		_tmp37_ = strlen ((const gchar*) _tmp36_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-dialog.c:3289:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp0_ = strlen (self);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-dialog.c:3409:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp0_ = strlen (self);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-dialog.c:3599:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			_tmp26_ = strlen (_tmp25_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-dialog.c:3637:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			_tmp37_ = strlen (_tmp36_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-identity-dialog.c:3651:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		_tmp41_ = strlen (_tmp40_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-keyring-store.c:1759:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					_tmp28_ = strlen ((const gchar*) _tmp27_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-keyring-store.c:1802:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		_tmp37_ = strlen ((const gchar*) _tmp36_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-local-flat-file-store.c:1644:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp0_ = strlen (self);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-provisioning-common.c:1823:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		_tmp3_ = strlen (_tmp2_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-settings.c:351:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp0_ = strlen (self);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-utils.c:266:12:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		_tmp0_ = fgetc (self);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-utils.c:670:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp0_ = strlen (self);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-utils.c:783:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp1_ = strlen (_tmp0_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-utils.c:819:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		_tmp6_ = strlen (_tmp5_);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-utils.c:927:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp0_ = strlen (self);
data/moonshot-ui-1.1.0+libsecret~2/src/moonshot-utils.c:991:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	_tmp2_ = strlen (_tmp1_);

ANALYSIS SUMMARY:

Hits = 37
Lines analyzed = 42363 in approximately 1.89 seconds (22390 lines/second)
Physical Source Lines of Code (SLOC) = 39118
Hits@level = [0]  17 [1]  22 [2]   4 [3]   3 [4]   8 [5]   0
Hits@level+ = [0+]  54 [1+]  37 [2+]  15 [3+]  11 [4+]   8 [5+]   0
Hits/KSLOC@level+ = [0+] 1.38044 [1+] 0.945856 [2+] 0.383455 [3+] 0.2812 [4+] 0.204509 [5+]   0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.