Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/plm-2.9.2/lib/resources/langages/c/include/RemoteHanoi.h
Examining data/plm-2.9.2/lib/resources/langages/c/include/Remote.h
Examining data/plm-2.9.2/lib/resources/langages/c/include/RemotePancake.h
Examining data/plm-2.9.2/lib/resources/langages/c/include/RemoteFlag.h
Examining data/plm-2.9.2/lib/resources/langages/c/include/RemoteTurtle.h
Examining data/plm-2.9.2/lib/resources/langages/c/include/RemoteBuggle.h
Examining data/plm-2.9.2/lib/resources/langages/c/include/RemoteSort.h
Examining data/plm-2.9.2/lib/resources/langages/c/include/RemoteBaseball.h
Examining data/plm-2.9.2/lib/resources/langages/c/src/RemoteBuggle.c
Examining data/plm-2.9.2/lib/resources/langages/c/src/RemoteFlag.c
Examining data/plm-2.9.2/lib/resources/langages/c/src/RemoteTurtle.c
Examining data/plm-2.9.2/lib/resources/langages/c/src/RemoteHanoi.c
Examining data/plm-2.9.2/lib/resources/langages/c/src/RemoteSort.c
Examining data/plm-2.9.2/lib/resources/langages/c/src/Remote.c
Examining data/plm-2.9.2/lib/resources/langages/c/src/RemotePancake.c
Examining data/plm-2.9.2/lib/resources/langages/c/src/RemoteBaseball.c
Examining data/plm-2.9.2/src/lessons/sort/basic/insertion/AlgInsertionSortEntity.c
Examining data/plm-2.9.2/src/lessons/sort/basic/gnome/AlgGnomeSortEntity.c
Examining data/plm-2.9.2/src/lessons/sort/basic/cocktail/AlgCocktailSort1Entity.c
Examining data/plm-2.9.2/src/lessons/sort/basic/cocktail/AlgCocktailSort2Entity.c
Examining data/plm-2.9.2/src/lessons/sort/basic/cocktail/AlgCocktailSort3Entity.c
Examining data/plm-2.9.2/src/lessons/sort/basic/comb/AlgCombSortEntity.c
Examining data/plm-2.9.2/src/lessons/sort/basic/comb/AlgCombSort11Entity.c
Examining data/plm-2.9.2/src/lessons/sort/basic/selection/AlgSelectionSortEntity.c
Examining data/plm-2.9.2/src/lessons/sort/basic/shell/AlgShellSortEntity.c
Examining data/plm-2.9.2/src/lessons/sort/basic/bubble/AlgBubbleSort1Entity.c
Examining data/plm-2.9.2/src/lessons/sort/basic/bubble/AlgBubbleSort2Entity.c
Examining data/plm-2.9.2/src/lessons/sort/basic/bubble/AlgBubbleSort3Entity.c
Examining data/plm-2.9.2/src/lessons/sort/pancake/BasicPancakeEntity.c
Examining data/plm-2.9.2/src/lessons/sort/pancake/BurnedPancakeEntity.c
Examining data/plm-2.9.2/src/lessons/sort/pancake/GatesPancakeEntity.c
Examining data/plm-2.9.2/src/lessons/sort/pancake/CohenPancakeEntity.c
Examining data/plm-2.9.2/src/lessons/sort/dutchflag/DutchFlagAlgoEntity.c
Examining data/plm-2.9.2/src/lessons/sort/baseball/SelectBaseballEntity.c
Examining data/plm-2.9.2/src/lessons/sort/baseball/NaiveBaseballEntity.c
Examining data/plm-2.9.2/src/lessons/sort/baseball/InsertBaseballEntity.c
Examining data/plm-2.9.2/src/lessons/sort/baseball/BubbleBaseballEntity.c
Examining data/plm-2.9.2/src/lessons/turmites/langton/LangtonEntity.c
Examining data/plm-2.9.2/src/lessons/turmites/helloturmite/HelloTurmiteEntity.c
Examining data/plm-2.9.2/src/lessons/turmites/langtoncolors/LangtonColorsEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/loopdowhile/Poucet1Entity.c
Examining data/plm-2.9.2/src/lessons/welcome/loopdowhile/LoopDoWhileEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/bdr/BDREntity.c
Examining data/plm-2.9.2/src/lessons/welcome/bdr/BDR2Entity.c
Examining data/plm-2.9.2/src/lessons/welcome/array/basics/Array2Entity.c
Examining data/plm-2.9.2/src/lessons/welcome/array/basics/Array1Entity.c
Examining data/plm-2.9.2/src/lessons/welcome/conditions/ConditionsEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/traversal/column/TraversalByColumnEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/traversal/line/TraversalByLineEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/traversal/diagonal/TraversalDiagonalEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/traversal/zigzag/TraversalZigZagEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/traversal/SnakeEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/instructions/InstructionsEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/instructions/InstructionsDrawGEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/summative/MoriaEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/loopfor/LoopStairsEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/loopfor/LoopForEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/loopfor/LoopCourseEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/loopfor/LoopCourseForestEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/loopwhile/LoopWhileEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/loopwhile/BaggleSeekerEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/variables/RunHalfEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/variables/RunFourEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/variables/VariablesEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/basics/MethodsEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/basics/MethodsDogHouseEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/picture/PatternPictureEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/picture/MethodsPictureEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/picture/PictureMono3Entity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/picture/PictureMono1Entity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/picture/MethodsPictureLargeEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/picture/PictureMono2Entity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/slug/SlugTrackingEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/slug/SlugSnailEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/slug/SlugHuntingEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/flowerpot/FlowerPotEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/flowerpot/FlowerCaseEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/args/MethodsArgsEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/methods/returning/MethodsReturningEntity.c
Examining data/plm-2.9.2/src/lessons/welcome/environment/EnvironmentEntity.c
Examining data/plm-2.9.2/src/lessons/maze/pledge/PledgeMazeEntity.c
Examining data/plm-2.9.2/src/lessons/maze/island/IslandMazeEntity.c
Examining data/plm-2.9.2/src/lessons/maze/randommouse/RandomMouseMazeEntity.c
Examining data/plm-2.9.2/src/lessons/maze/shortestpath/ShortestPathMazeEntity.c
Examining data/plm-2.9.2/src/lessons/maze/wallfollower/WallFollowerMazeEntity.c
Examining data/plm-2.9.2/src/lessons/maze/wallfindfollow/WallFindFollowMazeEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/HouseManyEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/Polygon6Entity.c
Examining data/plm-2.9.2/src/lessons/turtleart/FlowerEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/SquareEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/TriangleFlatEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/CircleTenEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/CircleYingEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/DiskFourthEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/CircleSquareEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/DiskFourEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/StarEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/StairsEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/Polygon20Entity.c
Examining data/plm-2.9.2/src/lessons/turtleart/HouseThreeEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/DiskTwoEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/Polygon360Entity.c
Examining data/plm-2.9.2/src/lessons/turtleart/CircleTwoEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/Polygon7Entity.c
Examining data/plm-2.9.2/src/lessons/turtleart/TriangleEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/HouseEntity.c
Examining data/plm-2.9.2/src/lessons/turtleart/SmallSquareEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/hanoi/HanoiBoardEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/square/FourSquareEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/tree/TreeEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/sierpinski/SierpinskiEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/dragoncurve/DragonCurve1Entity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/dragoncurve/DragonCurve2Entity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/polygonfractal/PolygonFractalEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/spiral/SpiralUseEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/spiral/SpiralEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/koch/SquareKochEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/koch/CrabEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/koch/KochEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/koch/PentaKochEntity.c
Examining data/plm-2.9.2/src/lessons/recursion/lego/koch/HexaKochEntity.c
FINAL RESULTS:
data/plm-2.9.2/lib/resources/langages/c/include/Remote.h:9:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf myPrintf
data/plm-2.9.2/lib/resources/langages/c/src/Remote.c:20:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f,format, args);
data/plm-2.9.2/lib/resources/langages/c/src/RemoteBaseball.c:2:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#undef printf
data/plm-2.9.2/lib/resources/langages/c/src/RemoteBaseball.c:100:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf myPrintf
data/plm-2.9.2/lib/resources/langages/c/src/RemoteBuggle.c:2:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#undef printf
data/plm-2.9.2/lib/resources/langages/c/src/RemoteBuggle.c:211:2: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",mess);
data/plm-2.9.2/lib/resources/langages/c/src/RemoteBuggle.c:311:2: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",line);
data/plm-2.9.2/lib/resources/langages/c/src/RemoteBuggle.c:327:2: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s",line);
data/plm-2.9.2/lib/resources/langages/c/src/RemoteBuggle.c:385:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf myPrintf
data/plm-2.9.2/lib/resources/langages/c/src/RemoteFlag.c:2:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#undef printf
data/plm-2.9.2/lib/resources/langages/c/src/RemoteFlag.c:58:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf myPrintf
data/plm-2.9.2/lib/resources/langages/c/src/RemoteHanoi.c:2:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#undef printf
data/plm-2.9.2/lib/resources/langages/c/src/RemoteHanoi.c:42:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf myPrintf
data/plm-2.9.2/lib/resources/langages/c/src/RemotePancake.c:2:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#undef printf
data/plm-2.9.2/lib/resources/langages/c/src/RemotePancake.c:72:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf myPrintf
data/plm-2.9.2/lib/resources/langages/c/src/RemoteSort.c:2:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#undef printf
data/plm-2.9.2/lib/resources/langages/c/src/RemoteSort.c:75:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf myPrintf
data/plm-2.9.2/lib/resources/langages/c/src/RemoteTurtle.c:2:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#undef printf
data/plm-2.9.2/lib/resources/langages/c/src/RemoteTurtle.c:182:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf myPrintf
data/plm-2.9.2/lib/resources/langages/c/src/Remote.c:5:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(argv[1],"w+");
data/plm-2.9.2/lib/resources/langages/c/src/Remote.c:28:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen("/tmp/flush","a+");
data/plm-2.9.2/lib/resources/langages/c/src/RemoteBuggle.c:8:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d", nb);
data/plm-2.9.2/lib/resources/langages/c/src/RemoteTurtle.c:6:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d", nb);
data/plm-2.9.2/lib/resources/langages/c/src/Remote.c:30:13: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/plm-2.9.2/lib/resources/langages/c/src/RemoteBuggle.c:314:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(line);
data/plm-2.9.2/src/lessons/welcome/bdr/BDR2Entity.c:18:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char read;
data/plm-2.9.2/src/lessons/welcome/bdr/BDR2Entity.c:22:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (read) {
ANALYSIS SUMMARY:
Hits = 27
Lines analyzed = 5404 in approximately 0.20 seconds (27680 lines/second)
Physical Source Lines of Code (SLOC) = 4069
Hits@level = [0] 231 [1] 4 [2] 4 [3] 0 [4] 19 [5] 0
Hits@level+ = [0+] 258 [1+] 27 [2+] 23 [3+] 19 [4+] 19 [5+] 0
Hits/KSLOC@level+ = [0+] 63.4062 [1+] 6.63554 [2+] 5.65249 [3+] 4.66945 [4+] 4.66945 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.