Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pygresql-5.1.2/pgconn.c Examining data/pygresql-5.1.2/pginternal.c Examining data/pygresql-5.1.2/pglarge.c Examining data/pygresql-5.1.2/pgmodule.c Examining data/pygresql-5.1.2/pgnotice.c Examining data/pygresql-5.1.2/pgquery.c Examining data/pygresql-5.1.2/pgsource.c Examining data/pygresql-5.1.2/pgtypes.h Examining data/pygresql-5.1.2/py3c.h FINAL RESULTS: data/pygresql-5.1.2/pgconn.c:641:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "copy %s from stdin", table); data/pygresql-5.1.2/pginternal.c:1242:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(p, "%*s", (int) h, ""); data/pygresql-5.1.2/pginternal.c:1243:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(p + h, "%-*s", (int) (k - h), s); data/pygresql-5.1.2/pginternal.c:1265:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(p, align == 'r' ? "%*s" : "%-*s", (int) k, data/pygresql-5.1.2/pginternal.c:1269:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(p, "%-*s", (int) k, data/pygresql-5.1.2/pginternal.c:1281:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(p, "(%d row%s)", m, m == 1 ? "" : "s"); data/pygresql-5.1.2/pglarge.c:27:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(str, self->lo_fd >= 0 ? data/pygresql-5.1.2/pgconn.c:55:31: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return PyInt_FromLong(atol(PQport(self->cnx))); data/pygresql-5.1.2/pgconn.c:540:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAX_BUFFER_SIZE]; data/pygresql-5.1.2/pginternal.c:228:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp_str, s, (size_t) size); data/pygresql-5.1.2/pginternal.c:285:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], *t; data/pygresql-5.1.2/pginternal.c:378:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/pygresql-5.1.2/pglarge.c:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[80]; data/pygresql-5.1.2/pgmodule.c:213:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_buffer[20]; data/pygresql-5.1.2/pgmodule.c:266:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(port_buffer, "%d", pgport); data/pygresql-5.1.2/pgmodule.c:461:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[2]; data/pygresql-5.1.2/pgsource.c:224:32: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_rows = atol(tmp); data/pygresql-5.1.2/pgsource.c:533:33: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_rows = tmp[0] ? atol(tmp) : -1; data/pygresql-5.1.2/pgsource.c:604:33: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_rows = tmp[0] ? atol(tmp) : -1; data/pygresql-5.1.2/pgconn.c:904:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). to_length = strlen(to); data/pygresql-5.1.2/pgconn.c:949:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). to_length = strlen(to); data/pygresql-5.1.2/pginternal.c:1072:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg_obj = get_decoded_string(msg, (Py_ssize_t) strlen(msg), encoding); data/pygresql-5.1.2/pginternal.c:1184:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizes[j] = s ? strlen(s) : 0; data/pygresql-5.1.2/pginternal.c:1240:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t h = (k - (size_t) strlen(s)) / 2; ANALYSIS SUMMARY: Hits = 24 Lines analyzed = 6741 in approximately 0.18 seconds (37561 lines/second) Physical Source Lines of Code (SLOC) = 5231 Hits@level = [0] 0 [1] 5 [2] 12 [3] 0 [4] 7 [5] 0 Hits@level+ = [0+] 24 [1+] 24 [2+] 19 [3+] 7 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 4.58803 [1+] 4.58803 [2+] 3.63219 [3+] 1.33818 [4+] 1.33818 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.