Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/powercap-0.3.1/inc/powercap-rapl-sysfs.h Examining data/powercap-0.3.1/inc/powercap-rapl.h Examining data/powercap-0.3.1/inc/powercap-sysfs.h Examining data/powercap-0.3.1/inc/powercap.h Examining data/powercap-0.3.1/src/powercap-common.c Examining data/powercap-0.3.1/src/powercap-common.h Examining data/powercap-0.3.1/src/powercap-rapl-sysfs.c Examining data/powercap-0.3.1/src/powercap-rapl.c Examining data/powercap-0.3.1/src/powercap-sysfs.c Examining data/powercap-0.3.1/src/powercap.c Examining data/powercap-0.3.1/test/powercap-common-test.c Examining data/powercap-0.3.1/test/powercap-rapl-test.c Examining data/powercap-0.3.1/test/powercap-sysfs-test.c Examining data/powercap-0.3.1/test/powercap-test.c Examining data/powercap-0.3.1/utils/powercap-info.c Examining data/powercap-0.3.1/utils/powercap-set.c Examining data/powercap-0.3.1/utils/rapl-info.c Examining data/powercap-0.3.1/utils/rapl-set.c Examining data/powercap-0.3.1/utils/util-common.c Examining data/powercap-0.3.1/utils/util-common.h FINAL RESULTS: data/powercap-0.3.1/src/powercap-common.c:104:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), "%"PRIu64, val); data/powercap-0.3.1/src/powercap-common.c:121:14: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. if ((tot = snprintf(buf, size, POWERCAP_PATH"/%s/", control_type)) < 0) { data/powercap-0.3.1/src/powercap-common.h:46:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(TO_FILE((severity)), __VA_ARGS__); \ data/powercap-0.3.1/utils/powercap-info.c:22:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf("Zone %"PRIu32, zones[0]); data/powercap-0.3.1/utils/powercap-info.c:24:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(":%"PRIu32, zones[j]); data/powercap-0.3.1/utils/util-common.c:96:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(INDENT); data/powercap-0.3.1/utils/powercap-info.c:236:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, short_options, long_options, NULL); data/powercap-0.3.1/utils/powercap-set.c:80:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, short_options, long_options, NULL); data/powercap-0.3.1/utils/rapl-info.c:210:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, short_options, long_options, NULL); data/powercap-0.3.1/utils/rapl-set.c:71:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, short_options, long_options, NULL); data/powercap-0.3.1/src/powercap-common.c:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_U64_SIZE]; data/powercap-0.3.1/src/powercap-common.c:102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_U64_SIZE]; data/powercap-0.3.1/src/powercap-common.c:223:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(path, flags); data/powercap-0.3.1/src/powercap-common.c:239:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(path, flags); data/powercap-0.3.1/src/powercap-common.c:255:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(path, flags); data/powercap-0.3.1/src/powercap-rapl.c:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_NAME_SIZE]; data/powercap-0.3.1/src/powercap-rapl.c:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX] = { 0 }; data/powercap-0.3.1/src/powercap-rapl.c:192:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_NAME_SIZE]; data/powercap-0.3.1/src/powercap-sysfs.c:30:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/powercap-0.3.1/src/powercap-sysfs.c:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/powercap-0.3.1/src/powercap-sysfs.c:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/powercap-0.3.1/src/powercap-sysfs.c:81:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/powercap-0.3.1/src/powercap-sysfs.c:101:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/powercap-0.3.1/src/powercap-sysfs.c:126:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/powercap-0.3.1/src/powercap-sysfs.c:152:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/powercap-0.3.1/src/powercap-sysfs.c:190:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/powercap-0.3.1/src/powercap-sysfs.c:218:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/powercap-0.3.1/src/powercap-sysfs.c:252:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/powercap-0.3.1/src/powercap-sysfs.c:300:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/powercap-0.3.1/test/powercap-common-test.c:29:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX] = { 0 }; data/powercap-0.3.1/test/powercap-common-test.c:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX] = { 0 }; data/powercap-0.3.1/test/powercap-common-test.c:56:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX] = { 0 }; data/powercap-0.3.1/test/powercap-common-test.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX] = { 0 }; data/powercap-0.3.1/test/powercap-common-test.c:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX] = { 0 }; data/powercap-0.3.1/test/powercap-common-test.c:96:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX] = { 0 }; data/powercap-0.3.1/test/powercap-common-test.c:104:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX] = { 0 }; data/powercap-0.3.1/test/powercap-rapl-test.c:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/powercap-0.3.1/test/powercap-rapl-test.c:296:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ro = !atoi(argv[1]); data/powercap-0.3.1/test/powercap-sysfs-test.c:23:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_too_big[PATH_MAX + 1]; data/powercap-0.3.1/test/powercap-sysfs-test.c:111:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/powercap-0.3.1/test/powercap-sysfs-test.c:202:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/powercap-0.3.1/test/powercap-test.c:15:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[24]; data/powercap-0.3.1/test/powercap-test.c:21:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[24]; data/powercap-0.3.1/test/powercap-test.c:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/powercap-0.3.1/utils/powercap-info.c:31:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_NAME_SIZE]; data/powercap-0.3.1/utils/powercap-info.c:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_NAME_SIZE]; data/powercap-0.3.1/utils/powercap-info.c:232:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_NAME_SIZE]; data/powercap-0.3.1/utils/rapl-info.c:28:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_NAME_SIZE]; data/powercap-0.3.1/utils/rapl-info.c:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_NAME_SIZE]; data/powercap-0.3.1/utils/rapl-info.c:206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_NAME_SIZE]; data/powercap-0.3.1/src/powercap-sysfs.c:26:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return control_type && strlen(control_type) && strcspn(control_type, "./") == strlen(control_type); data/powercap-0.3.1/src/powercap-sysfs.c:26:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return control_type && strlen(control_type) && strcspn(control_type, "./") == strlen(control_type); data/powercap-0.3.1/utils/util-common.c:27:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (optarg == end || errno == ERANGE || end != optarg + strlen(optarg)) { data/powercap-0.3.1/utils/util-common.c:126:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return control_type && strlen(control_type) && strcspn(control_type, "./") == strlen(control_type); data/powercap-0.3.1/utils/util-common.c:126:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return control_type && strlen(control_type) && strcspn(control_type, "./") == strlen(control_type); data/powercap-0.3.1/utils/util-common.c:133:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (optarg && (len = strlen(optarg)) && optarg[len - 1] == ':') { ANALYSIS SUMMARY: Hits = 56 Lines analyzed = 4985 in approximately 0.17 seconds (28908 lines/second) Physical Source Lines of Code (SLOC) = 3470 Hits@level = [0] 241 [1] 6 [2] 40 [3] 4 [4] 6 [5] 0 Hits@level+ = [0+] 297 [1+] 56 [2+] 50 [3+] 10 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 85.5908 [1+] 16.1383 [2+] 14.4092 [3+] 2.88184 [4+] 1.72911 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.