Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openssn-1.4/src/submarine.h
Examining data/openssn-1.4/src/files.cpp
Examining data/openssn-1.4/src/helicopter.h
Examining data/openssn-1.4/src/message.cpp
Examining data/openssn-1.4/src/main.h
Examining data/openssn-1.4/src/targetmotionanalysis.h
Examining data/openssn-1.4/src/draw.cpp
Examining data/openssn-1.4/src/boatpositionlog.h
Examining data/openssn-1.4/src/winfunctions.cpp
Examining data/openssn-1.4/src/submarine.cpp
Examining data/openssn-1.4/src/gameclock.h
Examining data/openssn-1.4/src/adcap.h
Examining data/openssn-1.4/src/menu.h
Examining data/openssn-1.4/src/towedarray.cpp
Examining data/openssn-1.4/src/sonar.h
Examining data/openssn-1.4/src/contact.cpp
Examining data/openssn-1.4/src/map.cpp
Examining data/openssn-1.4/src/message.h
Examining data/openssn-1.4/src/main.cpp
Examining data/openssn-1.4/src/radar.cpp
Examining data/openssn-1.4/src/mission.cpp
Examining data/openssn-1.4/src/menu.cpp
Examining data/openssn-1.4/src/coord.h
Examining data/openssn-1.4/src/stack.cpp
Examining data/openssn-1.4/src/SFont.h
Examining data/openssn-1.4/src/adcap.cpp
Examining data/openssn-1.4/src/esm.h
Examining data/openssn-1.4/src/contact.h
Examining data/openssn-1.4/src/control.h
Examining data/openssn-1.4/src/dstack.cpp
Examining data/openssn-1.4/src/dfont.h
Examining data/openssn-1.4/src/control.cpp
Examining data/openssn-1.4/src/stack.h
Examining data/openssn-1.4/src/sonar.cpp
Examining data/openssn-1.4/src/mission.h
Examining data/openssn-1.4/src/winfunctions.h
Examining data/openssn-1.4/src/esm.cpp
Examining data/openssn-1.4/src/boatpositionlog.cpp
Examining data/openssn-1.4/src/helicopter.cpp
Examining data/openssn-1.4/src/targetmotionanalysis.cpp
Examining data/openssn-1.4/src/radar.h
Examining data/openssn-1.4/src/coord.cpp
Examining data/openssn-1.4/src/towedarray.h
Examining data/openssn-1.4/src/map.h
Examining data/openssn-1.4/src/files.h
Examining data/openssn-1.4/src/dstack.h
Examining data/openssn-1.4/src/draw.h
Examining data/openssn-1.4/src/sound.cpp
Examining data/openssn-1.4/src/gameclock.cpp
Examining data/openssn-1.4/src/sound.h
Examining data/openssn-1.4/src/dfont.cpp
FINAL RESULTS:
data/openssn-1.4/src/files.cpp:22:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(location, "%s/%s", data_dir, filename);
data/openssn-1.4/src/files.cpp:26:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(location, "%s/%s", DATADIR, filename);
data/openssn-1.4/src/files.cpp:60:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(location, "%s/%s", OPTDIR, filename);
data/openssn-1.4/src/helicopter.cpp:72:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%d %d %d %d %d %d %f %s %s",
data/openssn-1.4/src/main.cpp:1488:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "Type: %s ", current_target->ClassName );
data/openssn-1.4/src/main.cpp:1490:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, current_target->ClassType);
data/openssn-1.4/src/message.cpp:61:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer[x-1], buffer[x]);
data/openssn-1.4/src/message.cpp:63:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer[19], temp_string);
data/openssn-1.4/src/main.cpp:2875:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL)); //Seed the random generator
data/openssn-1.4/src/control.cpp:737:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[120];
data/openssn-1.4/src/control.cpp:755:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%i",(int)Subs[0].Heading);
data/openssn-1.4/src/control.cpp:764:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%i",(int)Subs[0].DesiredHeading);
data/openssn-1.4/src/control.cpp:788:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%i", (int)Subs[0].Depth);
data/openssn-1.4/src/control.cpp:797:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%i", (int)Subs[0].DesiredDepth);
data/openssn-1.4/src/control.cpp:811:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%d", int(Subs->Speed));
data/openssn-1.4/src/control.cpp:820:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%i", (int)Subs->DesiredSpeed);
data/openssn-1.4/src/control.h:108:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[120];
data/openssn-1.4/src/esm.cpp:361:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[120];
data/openssn-1.4/src/esm.cpp:423:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "BEARING %i SS %i", bearing,
data/openssn-1.4/src/esm.h:99:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[120];
data/openssn-1.4/src/files.cpp:27:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
my_file = fopen(location, "r");
data/openssn-1.4/src/files.cpp:61:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
my_file = fopen(location, "r");
data/openssn-1.4/src/helicopter.cpp:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/openssn-1.4/src/helicopter.cpp:65:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
my_file = fopen(from_file, "r");
data/openssn-1.4/src/helicopter.cpp:88:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/openssn-1.4/src/helicopter.h:43:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ClassName[CLASS_NAME_SIZE];
data/openssn-1.4/src/helicopter.h:44:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ClassType[CLASS_TYPE_SIZE];
data/openssn-1.4/src/main.cpp:1201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[128];
data/openssn-1.4/src/main.cpp:1202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], *status;
data/openssn-1.4/src/main.cpp:1212:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "data/ships%d.dat", mission_number);
data/openssn-1.4/src/main.cpp:1216:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
my_file = fopen(ship_file, "r");
data/openssn-1.4/src/main.cpp:1229:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "data/mission%d.dat", mission_number);
data/openssn-1.4/src/main.cpp:1232:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mission_file = fopen(mission_name, "r");
data/openssn-1.4/src/main.cpp:1291:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "ships/class%d.shp", new_helicopter->ShipClass);
data/openssn-1.4/src/main.cpp:1362:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "ships/class%d.shp", new_ship->ShipClass);
data/openssn-1.4/src/main.cpp:1448:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/openssn-1.4/src/main.cpp:1467:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, " Target");
data/openssn-1.4/src/main.cpp:1469:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Heading: %d", (int) current_target->Heading);
data/openssn-1.4/src/main.cpp:1472:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Spead: %d knots", (int) current_target->Speed);
data/openssn-1.4/src/main.cpp:1478:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Range: %2.1f miles", range);
data/openssn-1.4/src/main.cpp:1482:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Bearing: %2.0lf", bearing);
data/openssn-1.4/src/main.cpp:1485:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Depth: %d feet", (int) current_target->Depth);
data/openssn-1.4/src/main.cpp:2009:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[256];
data/openssn-1.4/src/main.cpp:2025:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "WEAPONS");
data/openssn-1.4/src/main.cpp:2027:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, " Torpedos: %d", Subs->TorpedosOnBoard);
data/openssn-1.4/src/main.cpp:2029:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "Noise Makers: %d", Subs->NoiseMakers);
data/openssn-1.4/src/main.cpp:2031:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "'T' to load torpedo");
data/openssn-1.4/src/main.cpp:2033:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "'N' to load noise maker");
data/openssn-1.4/src/main.cpp:2035:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "'U' to unload device");
data/openssn-1.4/src/main.cpp:2037:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "'F' to fire");
data/openssn-1.4/src/main.cpp:2077:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "Tube %d", index + 1);
data/openssn-1.4/src/main.cpp:2845:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[120];
data/openssn-1.4/src/main.cpp:2893:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mission_number = atoi(argv[status + 1]);
data/openssn-1.4/src/main.cpp:2971:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "OpenSSN version %2.1f", VERSION);
data/openssn-1.4/src/main.cpp:2976:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "[%i] ", timecompression);
data/openssn-1.4/src/main.cpp:2997:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "Now - Wanted");
data/openssn-1.4/src/main.cpp:2999:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "S: [%3i] - [%3i]", (int)Subs->Speed, Subs->DesiredSpeed);
data/openssn-1.4/src/main.cpp:3001:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "H: [%3i] - [%3i]", (int)Subs->Heading, Subs->DesiredHeading);
data/openssn-1.4/src/main.cpp:3003:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "D: [%4i] - [%4i]", (int)Subs->Depth, Subs->DesiredDepth);
data/openssn-1.4/src/main.cpp:3008:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%.2i:%.2i:%.2i", hours, minutes, seconds);
data/openssn-1.4/src/main.cpp:3021:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "[%i] ", timecompression);
data/openssn-1.4/src/main.cpp:3029:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "[%i] ", timecompression);
data/openssn-1.4/src/main.cpp:3038:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "[%i] ", timecompression);
data/openssn-1.4/src/main.cpp:3052:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "[%i] ", timecompression);
data/openssn-1.4/src/main.cpp:3060:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "[%i] ", timecompression);
data/openssn-1.4/src/main.cpp:3068:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "[%i] ", timecompression);
data/openssn-1.4/src/main.cpp:3108:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "[%i] ", timecompression);
data/openssn-1.4/src/main.cpp:3131:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "[%i] ", timecompression);
data/openssn-1.4/src/main.cpp:3145:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "screendump%i.bmp", screendumpcount );
data/openssn-1.4/src/menu.cpp:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mission_filename[256];
data/openssn-1.4/src/menu.cpp:86:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mission_filename, "data/mission%d.dat", new_mission);
data/openssn-1.4/src/menu.cpp:89:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mission_file = fopen(mission_path, "r");
data/openssn-1.4/src/menu.cpp:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *full_path, filename[256];
data/openssn-1.4/src/menu.cpp:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/openssn-1.4/src/menu.cpp:118:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "data/orders%d.txt", mission_number);
data/openssn-1.4/src/menu.cpp:121:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mission_file = fopen(full_path, "r");
data/openssn-1.4/src/message.h:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20][256];
data/openssn-1.4/src/radar.cpp:1104:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[120];
data/openssn-1.4/src/radar.cpp:1143:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, " %i ", bearing);
data/openssn-1.4/src/radar.cpp:1151:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, " %i ", range);
data/openssn-1.4/src/radar.h:175:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[120];
data/openssn-1.4/src/sonar.cpp:248:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[120];
data/openssn-1.4/src/sonar.cpp:265:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%4i", tempint);
data/openssn-1.4/src/sonar.cpp:269:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text,"+%3.1f",deAngle);
data/openssn-1.4/src/sonar.cpp:271:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text,"%3.1f",deAngle);
data/openssn-1.4/src/sonar.h:183:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[120];
data/openssn-1.4/src/submarine.cpp:709:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/openssn-1.4/src/submarine.h:174:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ClassName[CLASS_NAME_SIZE];
data/openssn-1.4/src/submarine.h:175:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ClassType[CLASS_TYPE_SIZE];
data/openssn-1.4/src/files.cpp:15:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
location = (char *) calloc( strlen(filename) + 64, sizeof(char) );
data/openssn-1.4/src/winfunctions.cpp:17:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
up_haystack = (char *) calloc( strlen(haystack) + 1, sizeof(char));
data/openssn-1.4/src/winfunctions.cpp:20:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
up_needle = (char *) calloc( strlen(needle) + 1, sizeof(char) );
data/openssn-1.4/src/winfunctions.cpp:27:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(haystack);
data/openssn-1.4/src/winfunctions.cpp:30:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(needle);
ANALYSIS SUMMARY:
Hits = 94
Lines analyzed = 14601 in approximately 0.37 seconds (39824 lines/second)
Physical Source Lines of Code (SLOC) = 10975
Hits@level = [0] 89 [1] 5 [2] 80 [3] 1 [4] 8 [5] 0
Hits@level+ = [0+] 183 [1+] 94 [2+] 89 [3+] 9 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 16.6743 [1+] 8.56492 [2+] 8.10934 [3+] 0.820046 [4+] 0.728929 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.