Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pygrib-2.0.6/pygrib.c
Examining data/pygrib-2.0.6/g2clib_src/g2_unpack2.c
Examining data/pygrib-2.0.6/g2clib_src/g2_unpack7.c
Examining data/pygrib-2.0.6/g2clib_src/specunpack.c
Examining data/pygrib-2.0.6/g2clib_src/pdstemplates.c
Examining data/pygrib-2.0.6/g2clib_src/gbits.c
Examining data/pygrib-2.0.6/g2clib_src/jpcpack.c
Examining data/pygrib-2.0.6/g2clib_src/drstemplates.c
Examining data/pygrib-2.0.6/g2clib_src/pdstemplates.h
Examining data/pygrib-2.0.6/g2clib_src/rdieee.c
Examining data/pygrib-2.0.6/g2clib_src/g2_free.c
Examining data/pygrib-2.0.6/g2clib_src/int_power.c
Examining data/pygrib-2.0.6/g2clib_src/g2_addfield.c
Examining data/pygrib-2.0.6/g2clib_src/g2_unpack5.c
Examining data/pygrib-2.0.6/g2clib_src/g2_miss.c
Examining data/pygrib-2.0.6/g2clib_src/g2_unpack4.c
Examining data/pygrib-2.0.6/g2clib_src/dec_jpeg2000.c
Examining data/pygrib-2.0.6/g2clib_src/getpoly.c
Examining data/pygrib-2.0.6/g2clib_src/enc_png.c
Examining data/pygrib-2.0.6/g2clib_src/g2_info.c
Examining data/pygrib-2.0.6/g2clib_src/g2_unpack3.c
Examining data/pygrib-2.0.6/g2clib_src/getdim.c
Examining data/pygrib-2.0.6/g2clib_src/mkieee.c
Examining data/pygrib-2.0.6/g2clib_src/g2_unpack1.c
Examining data/pygrib-2.0.6/g2clib_src/simpack.c
Examining data/pygrib-2.0.6/g2clib_src/g2_gribend.c
Examining data/pygrib-2.0.6/g2clib_src/reduce.c
Examining data/pygrib-2.0.6/g2clib_src/jpcunpack.c
Examining data/pygrib-2.0.6/g2clib_src/cmplxpack.c
Examining data/pygrib-2.0.6/g2clib_src/g2_addgrid.c
Examining data/pygrib-2.0.6/g2clib_src/specpack.c
Examining data/pygrib-2.0.6/g2clib_src/gridtemplates.h
Examining data/pygrib-2.0.6/g2clib_src/g2_unpack6.c
Examining data/pygrib-2.0.6/g2clib_src/pngunpack.c
Examining data/pygrib-2.0.6/g2clib_src/drstemplates.h
Examining data/pygrib-2.0.6/g2clib_src/compack.c
Examining data/pygrib-2.0.6/g2clib_src/g2_addlocal.c
Examining data/pygrib-2.0.6/g2clib_src/simunpack.c
Examining data/pygrib-2.0.6/g2clib_src/seekgb.c
Examining data/pygrib-2.0.6/g2clib_src/g2_create.c
Examining data/pygrib-2.0.6/g2clib_src/pack_gp.c
Examining data/pygrib-2.0.6/g2clib_src/pngpack.c
Examining data/pygrib-2.0.6/g2clib_src/comunpack.c
Examining data/pygrib-2.0.6/g2clib_src/enc_jpeg2000.c
Examining data/pygrib-2.0.6/g2clib_src/misspack.c
Examining data/pygrib-2.0.6/g2clib_src/grib2.h
Examining data/pygrib-2.0.6/g2clib_src/gridtemplates.c
Examining data/pygrib-2.0.6/g2clib_src/dec_png.c
Examining data/pygrib-2.0.6/g2clib_src/g2_getfld.c
Examining data/pygrib-2.0.6/redtoreg.c
Examining data/pygrib-2.0.6/g2clib.c
FINAL RESULTS:
data/pygrib-2.0.6/g2clib.c:780:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/pygrib-2.0.6/pygrib.c:781:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/pygrib-2.0.6/redtoreg.c:784:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/pygrib-2.0.6/pygrib.c:39817:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate) PyErr_Clear();
data/pygrib-2.0.6/pygrib.c:39818:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/pygrib-2.0.6/pygrib.c:39818:58: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/pygrib-2.0.6/pygrib.c:39823:29: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
} else if (!setstate || PyErr_Occurred()) {
data/pygrib-2.0.6/pygrib.c:39843:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Py_XDECREF(setstate);
data/pygrib-2.0.6/g2clib.c:733:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/pygrib-2.0.6/g2clib.c:9057:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/pygrib-2.0.6/g2clib.c:9061:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/pygrib-2.0.6/g2clib_src/dec_png.c:34:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,ptr+offset,length);
data/pygrib-2.0.6/g2clib_src/enc_jpeg2000.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opts[MAXOPTSSIZE];
data/pygrib-2.0.6/g2clib_src/enc_jpeg2000.c:97:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(opts,"\nnumgbits=4");
data/pygrib-2.0.6/g2clib_src/enc_png.c:36:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr+offset,data,length);
data/pygrib-2.0.6/g2clib_src/pack_gp.c:40:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cfeed[1];
data/pygrib-2.0.6/g2clib_src/reduce.c:35:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cfeed[1];
data/pygrib-2.0.6/pygrib.c:734:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/pygrib-2.0.6/pygrib.c:3526:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
__pyx_v_self->_fd = fopen(__pyx_t_2, ((char *)"rb"));
data/pygrib-2.0.6/pygrib.c:16884:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __pyx_v_strdata[0x400];
data/pygrib-2.0.6/pygrib.c:39688:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warning[200];
data/pygrib-2.0.6/pygrib.c:40857:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/pygrib-2.0.6/pygrib.c:40861:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/pygrib-2.0.6/redtoreg.c:737:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/pygrib-2.0.6/redtoreg.c:5416:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warning[200];
data/pygrib-2.0.6/redtoreg.c:6645:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/pygrib-2.0.6/redtoreg.c:6649:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/pygrib-2.0.6/g2clib.c:657:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/pygrib-2.0.6/g2clib.c:778:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/pygrib-2.0.6/g2clib.c:9105:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/pygrib-2.0.6/pygrib.c:658:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/pygrib-2.0.6/pygrib.c:779:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/pygrib-2.0.6/pygrib.c:14162:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_3 = __Pyx_decode_c_string(__pyx_v_name, 0, strlen(__pyx_v_name), NULL, NULL, PyUnicode_DecodeASCII); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 1020, __pyx_L1_error)
data/pygrib-2.0.6/pygrib.c:14596:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_3 = __Pyx_decode_c_string(__pyx_v_name, 0, strlen(__pyx_v_name), NULL, NULL, PyUnicode_DecodeASCII); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 1055, __pyx_L1_error)
data/pygrib-2.0.6/pygrib.c:39039:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(cstring);
data/pygrib-2.0.6/pygrib.c:40905:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/pygrib-2.0.6/redtoreg.c:661:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/pygrib-2.0.6/redtoreg.c:782:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/pygrib-2.0.6/redtoreg.c:6693:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 67312 in approximately 1.84 seconds (36656 lines/second)
Physical Source Lines of Code (SLOC) = 44034
Hits@level = [0] 80 [1] 12 [2] 19 [3] 5 [4] 3 [5] 0
Hits@level+ = [0+] 119 [1+] 39 [2+] 27 [3+] 8 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 2.70246 [1+] 0.885679 [2+] 0.613163 [3+] 0.181678 [4+] 0.0681292 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.