Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-bsddb3-6.2.8/Modules/_bsddb.c
Examining data/python-bsddb3-6.2.8/Modules/bsddb.h
FINAL RESULTS:
data/python-bsddb3-6.2.8/Modules/_bsddb.c:9993:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(py_api_name, _bsddbModuleName);
data/python-bsddb3-6.2.8/Modules/_bsddb.c:414:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->data, PyBytes_AS_STRING(keyobj),
data/python-bsddb3-6.2.8/Modules/_bsddb.c:446:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->data, &recno, sizeof(db_recno_t));
data/python-bsddb3-6.2.8/Modules/_bsddb.c:495:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, copylen);
data/python-bsddb3-6.2.8/Modules/_bsddb.c:504:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _db_errmsg[1024];
data/python-bsddb3-6.2.8/Modules/_bsddb.c:607:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errTxt[2048]; /* really big, just in case... */
data/python-bsddb3-6.2.8/Modules/_bsddb.c:660:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(errTxt, " -- ");
data/python-bsddb3-6.2.8/Modules/_bsddb.c:1457:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(secKey->data, data, size);
data/python-bsddb3-6.2.8/Modules/_bsddb.c:1501:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dbts[i].data, data, size);
data/python-bsddb3-6.2.8/Modules/_bsddb.c:2344:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = self->db->open(self->db, txn, filename, dbname, type, flags, mode);
data/python-bsddb3-6.2.8/Modules/_bsddb.c:3421:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile = fopen(outFileName, "w");
data/python-bsddb3-6.2.8/Modules/_bsddb.c:4704:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key.data, &recno, sizeof(db_recno_t));
data/python-bsddb3-6.2.8/Modules/_bsddb.c:4904:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = self->db_env->open(self->db_env, db_home, flags, mode);
data/python-bsddb3-6.2.8/Modules/_bsddb.c:6056:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
gid=PyBytes_FromStringAndSize((char *)(preplist[i].gid),
data/python-bsddb3-6.2.8/Modules/_bsddb.c:8308:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = self->sequence->open(self->sequence, txn, &key, flags);
data/python-bsddb3-6.2.8/Modules/_bsddb.c:9379:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _bsddbModuleName[MODULE_NAME_MAX_LEN+1] = "_bsddb";
data/python-bsddb3-6.2.8/Modules/_bsddb.c:9991:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char py_api_name[MODULE_NAME_MAX_LEN+10];
data/python-bsddb3-6.2.8/Modules/_bsddb.c:9994:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(py_api_name, ".api");
data/python-bsddb3-6.2.8/Modules/_bsddb.c:490:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/python-bsddb3-6.2.8/Modules/_bsddb.c:661:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(errTxt, _db_errmsg, bytes_left);
data/python-bsddb3-6.2.8/Modules/_bsddb.c:2291:51: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return Py_BuildValue("ddd", range.less, range.equal, range.greater);
data/python-bsddb3-6.2.8/Modules/_bsddb.c:10041:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(_bsddbModuleName, "_pybsddb", MODULE_NAME_MAX_LEN);
ANALYSIS SUMMARY:
Hits = 22
Lines analyzed = 10353 in approximately 0.23 seconds (45485 lines/second)
Physical Source Lines of Code (SLOC) = 8168
Hits@level = [0] 0 [1] 4 [2] 17 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 22 [1+] 22 [2+] 18 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 2.69344 [1+] 2.69344 [2+] 2.20372 [3+] 0.122429 [4+] 0.122429 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.