Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nudoku-1.0.0/src/main.c
Examining data/nudoku-1.0.0/src/sudoku.c
Examining data/nudoku-1.0.0/src/sudoku.h
FINAL RESULTS:
data/nudoku-1.0.0/src/main.c:355:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(plain_board, stream);
data/nudoku-1.0.0/src/main.c:356:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(user_board, stream);
data/nudoku-1.0.0/src/main.c:371:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_board, user_board);
data/nudoku-1.0.0/src/main.c:403:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(plain_board, EXAMPLE_STREAM);
data/nudoku-1.0.0/src/main.c:404:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(user_board, EXAMPLE_STREAM);
data/nudoku-1.0.0/src/main.c:529:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_board, user_board);
data/nudoku-1.0.0/src/main.c:125:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "hvcs:d:")) != -1)
data/nudoku-1.0.0/src/main.c:400:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/nudoku-1.0.0/src/sudoku.c:175:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/nudoku-1.0.0/src/sudoku.c:225:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (stream[random] != '.')
data/nudoku-1.0.0/src/sudoku.c:227:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
stream[random] = '.';
data/nudoku-1.0.0/src/main.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char plain_board[STREAM_LENGTH];
data/nudoku-1.0.0/src/main.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char user_board[STREAM_LENGTH];
data/nudoku-1.0.0/src/main.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_board[STREAM_LENGTH];
data/nudoku-1.0.0/src/main.c:525:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_board[STREAM_LENGTH];
data/nudoku-1.0.0/src/main.c:544:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[256];
data/nudoku-1.0.0/src/main.c:545:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t, " with the help of %d hints", g_hint_counter);
data/nudoku-1.0.0/src/sudoku.c:30:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool is_valid_puzzle(char puzzle[STREAM_LENGTH])
data/nudoku-1.0.0/src/sudoku.c:77:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static bool is_available(char puzzle[STREAM_LENGTH], int row, int col, int num)
data/nudoku-1.0.0/src/sudoku.c:95:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int solve_recursively(char puzzle[STREAM_LENGTH], int row, int col)
data/nudoku-1.0.0/src/sudoku.c:129:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int solve(char puzzle[STREAM_LENGTH])
data/nudoku-1.0.0/src/sudoku.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbers[10] = {'1', '2', '3', '4', '5', '6', '7', '8', '9', '\0'};
data/nudoku-1.0.0/src/sudoku.h:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int solve(char puzzle[STREAM_LENGTH]);
data/nudoku-1.0.0/src/sudoku.h:16:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool is_valid_puzzle(char puzzle[STREAM_LENGTH]);
ANALYSIS SUMMARY:
Hits = 24
Lines analyzed = 915 in approximately 0.03 seconds (31551 lines/second)
Physical Source Lines of Code (SLOC) = 751
Hits@level = [0] 12 [1] 0 [2] 13 [3] 5 [4] 6 [5] 0
Hits@level+ = [0+] 36 [1+] 24 [2+] 24 [3+] 11 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 47.9361 [1+] 31.9574 [2+] 31.9574 [3+] 14.6471 [4+] 7.98935 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.