Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pd-purest-json-1.4.3/src/inc/ctw.c
Examining data/pd-purest-json-1.4.3/src/inc/kvp.c
Examining data/pd-purest-json-1.4.3/src/inc/string.c
Examining data/pd-purest-json-1.4.3/src/inc/strlist.c
Examining data/pd-purest-json-1.4.3/src/json-decode.c
Examining data/pd-purest-json-1.4.3/src/json-decode.h
Examining data/pd-purest-json-1.4.3/src/json-encode.c
Examining data/pd-purest-json-1.4.3/src/json-encode.h
Examining data/pd-purest-json-1.4.3/src/oauth.c
Examining data/pd-purest-json-1.4.3/src/oauth.h
Examining data/pd-purest-json-1.4.3/src/purest_json.c
Examining data/pd-purest-json-1.4.3/src/purest_json.h
Examining data/pd-purest-json-1.4.3/src/rest.c
Examining data/pd-purest-json-1.4.3/src/rest.h
Examining data/pd-purest-json-1.4.3/src/urlparams.c
Examining data/pd-purest-json-1.4.3/src/urlparams.h
FINAL RESULTS:
data/pd-purest-json-1.4.3/src/inc/ctw.c:222:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string, temp);
data/pd-purest-json-1.4.3/src/inc/ctw.c:561:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(val, temp);
data/pd-purest-json-1.4.3/src/inc/ctw.c:589:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(common->out_file, buf);
data/pd-purest-json-1.4.3/src/inc/ctw.c:627:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(common->proxy_user, tmp);
data/pd-purest-json-1.4.3/src/inc/ctw.c:630:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(common->proxy_pass, tmp);
data/pd-purest-json-1.4.3/src/inc/ctw.c:635:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(common->proxy, tmp);
data/pd-purest-json-1.4.3/src/inc/ctw.c:682:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(common->cert_path, directory);
data/pd-purest-json-1.4.3/src/inc/kvp.c:92:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(created->val.s, s);
data/pd-purest-json-1.4.3/src/inc/kvp.c:131:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(created_data->key, key);
data/pd-purest-json-1.4.3/src/inc/string.c:46:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cleaned_string, segment);
data/pd-purest-json-1.4.3/src/inc/string.c:52:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cleaned_string, masking);
data/pd-purest-json-1.4.3/src/inc/string.c:54:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cleaned_string, segment);
data/pd-purest-json-1.4.3/src/inc/strlist.c:25:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(created_data->str, val);
data/pd-purest-json-1.4.3/src/json-decode.c:215:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(original, sel->s_name);
data/pd-purest-json-1.4.3/src/json-decode.c:226:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(original, value);
data/pd-purest-json-1.4.3/src/json-encode.c:104:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(value, "%s", json_object_get_string(val));
data/pd-purest-json-1.4.3/src/json-encode.c:111:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(value, "%s", json_object_get_string(val));
data/pd-purest-json-1.4.3/src/json-encode.c:123:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(value, "%s", json_object_get_string(array_member));
data/pd-purest-json-1.4.3/src/json-encode.c:221:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(value, temp_value);
data/pd-purest-json-1.4.3/src/oauth.c:120:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(oauth->oauth.rsa_key, temp);
data/pd-purest-json-1.4.3/src/oauth.c:209:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(req_path, oauth->common.base_url);
data/pd-purest-json-1.4.3/src/oauth.c:211:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(req_path, path);
data/pd-purest-json-1.4.3/src/oauth.c:218:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(req_path, cleaned_parameters);
data/pd-purest-json-1.4.3/src/oauth.c:228:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oauth->common.parameters, postargs);
data/pd-purest-json-1.4.3/src/oauth.c:238:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oauth->common.complete_url, req_url);
data/pd-purest-json-1.4.3/src/rest.c:85:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rest->common.auth_token, cookie_params);
data/pd-purest-json-1.4.3/src/rest.c:134:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rest->common.parameters, rest->cookie.username);
data/pd-purest-json-1.4.3/src/rest.c:136:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rest->common.parameters, rest->cookie.password);
data/pd-purest-json-1.4.3/src/rest.c:140:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rest->common.complete_url, rest->common.base_url);
data/pd-purest-json-1.4.3/src/rest.c:141:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rest->common.complete_url, rest->cookie.login_path);
data/pd-purest-json-1.4.3/src/rest.c:250:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rest->common.complete_url, rest->common.base_url);
data/pd-purest-json-1.4.3/src/rest.c:252:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rest->common.complete_url, path);
data/pd-purest-json-1.4.3/src/rest.c:262:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rest->common.parameters, cleaned_parameters);
data/pd-purest-json-1.4.3/src/urlparams.c:133:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, encoded_key_string);
data/pd-purest-json-1.4.3/src/urlparams.c:135:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, encoded_val_string);
data/pd-purest-json-1.4.3/src/urlparams.c:171:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(value, temp_value);
data/pd-purest-json-1.4.3/src/inc/ctw.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req_type[REQUEST_TYPE_LEN]; /*One of GET, PUT, POST, DELETE, PATCH, HEAD, OPTIONS, CONNECT, TRACE*/
data/pd-purest-json-1.4.3/src/inc/ctw.c:163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mem->memory[mem->size], ptr, realsize);
data/pd-purest-json-1.4.3/src/inc/ctw.c:177:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream_output, ptr, realsize);
data/pd-purest-json-1.4.3/src/inc/ctw.c:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, mem->memory, to_copy);
data/pd-purest-json-1.4.3/src/inc/ctw.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/inc/ctw.c:282:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*in_memory).memory, common->parameters, strlen(common->parameters));
data/pd-purest-json-1.4.3/src/inc/ctw.c:352:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(common->out_file, "wb"))) {
data/pd-purest-json-1.4.3/src/inc/ctw.c:547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/inc/ctw.c:576:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/inc/ctw.c:618:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/inc/ctw.c:683:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(common->cert_path, "/cacert.pem");
data/pd-purest-json-1.4.3/src/json-decode.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/json-encode.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/json-encode.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_value[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/json-encode.c:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/json-encode.c:281:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(buf, "r");
data/pd-purest-json-1.4.3/src/json-encode.c:310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/json-encode.c:321:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((file = fopen(buf, "w"))) {
data/pd-purest-json-1.4.3/src/oauth.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/oauth.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/oauth.c:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameters[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/oauth.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method_name[11];
data/pd-purest-json-1.4.3/src/rest.c:133:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rest->common.parameters, "name=");
data/pd-purest-json-1.4.3/src/rest.c:135:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rest->common.parameters, "&password=");
data/pd-purest-json-1.4.3/src/rest.c:142:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rest->common.req_type, "POST");
data/pd-purest-json-1.4.3/src/rest.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/rest.c:254:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameters[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/urlparams.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/urlparams.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_value[MAXPDSTRING];
data/pd-purest-json-1.4.3/src/inc/ctw.c:218:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string = string_create(string_len, strlen(temp));
data/pd-purest-json-1.4.3/src/inc/ctw.c:277:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*in_memory).memory = getbytes(strlen(common->parameters) + 1);
data/pd-purest-json-1.4.3/src/inc/ctw.c:278:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*in_memory).size = strlen(common->parameters);
data/pd-purest-json-1.4.3/src/inc/ctw.c:282:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy((*in_memory).memory, common->parameters, strlen(common->parameters));
data/pd-purest-json-1.4.3/src/inc/ctw.c:556:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header_len += strlen(temp) + 1;
data/pd-purest-json-1.4.3/src/inc/ctw.c:563:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(val, " ");
data/pd-purest-json-1.4.3/src/inc/ctw.c:588:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
common->out_file = string_create(&(common->out_file_len), strlen(buf));
data/pd-purest-json-1.4.3/src/inc/ctw.c:626:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
common->proxy_user = string_create(&(common->proxy_user_len), strlen(tmp));
data/pd-purest-json-1.4.3/src/inc/ctw.c:629:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
common->proxy_pass = string_create(&(common->proxy_pass_len), strlen(tmp));
data/pd-purest-json-1.4.3/src/inc/ctw.c:634:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
common->proxy = string_create(&(common->proxy_len), strlen(tmp));
data/pd-purest-json-1.4.3/src/inc/ctw.c:681:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
common->cert_path = string_create(&common->cert_path_len, strlen(directory) + 11);
data/pd-purest-json-1.4.3/src/inc/kvp.c:91:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
created->val.s = string_create(&created->slen, strlen(s));
data/pd-purest-json-1.4.3/src/inc/kvp.c:129:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
created_data->key = string_create(&created_data->key_len, strlen(key));
data/pd-purest-json-1.4.3/src/inc/string.c:37:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len_src = strlen(source_string);
data/pd-purest-json-1.4.3/src/json-decode.c:182:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (original_string && strlen(original_string)) {
data/pd-purest-json-1.4.3/src/json-decode.c:200:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
original_len += strlen(sel->s_name);
data/pd-purest-json-1.4.3/src/json-decode.c:205:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
original_len += 1 + strlen(value);
data/pd-purest-json-1.4.3/src/json-decode.c:223:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(original)) {
data/pd-purest-json-1.4.3/src/json-decode.c:224:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(original, " ");
data/pd-purest-json-1.4.3/src/json-decode.c:229:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(original)) {
data/pd-purest-json-1.4.3/src/json-encode.c:69:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (value->val.s[0] == '{' && value->val.s[strlen(value->val.s) - 1] == '}') {
data/pd-purest-json-1.4.3/src/json-encode.c:214:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len += strlen(temp_value) + 1;
data/pd-purest-json-1.4.3/src/json-encode.c:220:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(value, " ");
data/pd-purest-json-1.4.3/src/oauth.c:107:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rsa_key_len +=strlen(temp) + 1;
data/pd-purest-json-1.4.3/src/oauth.c:112:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(temp, "-----", 5) == 0 && strlen(oauth->oauth.rsa_key) > 1) {
data/pd-purest-json-1.4.3/src/oauth.c:113:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(oauth->oauth.rsa_key + strlen(oauth->oauth.rsa_key) - 1, 0x00, 1);
data/pd-purest-json-1.4.3/src/oauth.c:114:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(oauth->oauth.rsa_key, "\n");
data/pd-purest-json-1.4.3/src/oauth.c:117:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp) >= 5 && strncmp(temp + strlen(temp) - 5, "-----", 5) == 0) {
data/pd-purest-json-1.4.3/src/oauth.c:117:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp) >= 5 && strncmp(temp + strlen(temp) - 5, "-----", 5) == 0) {
data/pd-purest-json-1.4.3/src/oauth.c:123:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(oauth->oauth.rsa_key, "\n");
data/pd-purest-json-1.4.3/src/oauth.c:125:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(oauth->oauth.rsa_key, " ");
data/pd-purest-json-1.4.3/src/oauth.c:191:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(oauth->common.req_type, req_type, REQUEST_TYPE_LEN - 1);
data/pd-purest-json-1.4.3/src/oauth.c:202:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(parameters)) {
data/pd-purest-json-1.4.3/src/oauth.c:207:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oauth->common.base_url_len + strlen(path) + memsize + 1);
data/pd-purest-json-1.4.3/src/oauth.c:214:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(req_path, "&");
data/pd-purest-json-1.4.3/src/oauth.c:216:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(req_path, "?");
data/pd-purest-json-1.4.3/src/oauth.c:227:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oauth->common.parameters = string_create(&oauth->common.parameters_len, strlen(postargs));
data/pd-purest-json-1.4.3/src/oauth.c:237:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oauth->common.complete_url = string_create(&oauth->common.complete_url_len, strlen(req_url));
data/pd-purest-json-1.4.3/src/rest.c:81:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cookie_params)) {
data/pd-purest-json-1.4.3/src/rest.c:84:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cookie_params));
data/pd-purest-json-1.4.3/src/rest.c:240:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rest->common.req_type, req_type, REQUEST_TYPE_LEN - 1);
data/pd-purest-json-1.4.3/src/rest.c:248:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rest->common.base_url_len + strlen(path) + 1);
data/pd-purest-json-1.4.3/src/rest.c:256:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(parameters)) {
data/pd-purest-json-1.4.3/src/urlparams.c:63:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*str_len) = strlen(str) * 3 + 1;
data/pd-purest-json-1.4.3/src/urlparams.c:134:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(output, "=");
data/pd-purest-json-1.4.3/src/urlparams.c:139:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(output, "&");
data/pd-purest-json-1.4.3/src/urlparams.c:164:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len += strlen(temp_value) + 1;
data/pd-purest-json-1.4.3/src/urlparams.c:170:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(value, " ");
ANALYSIS SUMMARY:
Hits = 113
Lines analyzed = 2918 in approximately 0.10 seconds (28815 lines/second)
Physical Source Lines of Code (SLOC) = 2076
Hits@level = [0] 5 [1] 48 [2] 29 [3] 0 [4] 36 [5] 0
Hits@level+ = [0+] 118 [1+] 113 [2+] 65 [3+] 36 [4+] 36 [5+] 0
Hits/KSLOC@level+ = [0+] 56.8401 [1+] 54.4316 [2+] 31.3102 [3+] 17.341 [4+] 17.341 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.