Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/python-ethtool-0.14/python-ethtool/etherinfo.c Examining data/python-ethtool-0.14/python-ethtool/etherinfo_obj.c Examining data/python-ethtool-0.14/python-ethtool/etherinfo_obj.h Examining data/python-ethtool-0.14/python-ethtool/etherinfo_struct.h Examining data/python-ethtool-0.14/python-ethtool/ethtool-copy.h Examining data/python-ethtool-0.14/python-ethtool/ethtool.c Examining data/python-ethtool-0.14/python-ethtool/include/py3c/compat.h Examining data/python-ethtool-0.14/python-ethtool/netlink-address.c Examining data/python-ethtool-0.14/python-ethtool/etherinfo.h Examining data/python-ethtool-0.14/python-ethtool/netlink.c FINAL RESULTS: data/python-ethtool-0.14/python-ethtool/etherinfo.c:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hwaddr[130]; data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver[32]; /* driver short name, "tulip", "eepro100" */ data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[32]; /* driver version string */ data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fw_version[32]; /* firmware version string, if applicable */ data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:42:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bus_info[ETHTOOL_BUSINFO_LEN]; /* Bus info for this IF. */ data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reserved1[32]; data/python-ethtool-0.14/python-ethtool/ethtool-copy.h:45:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reserved2[16]; data/python-ethtool-0.14/python-ethtool/ethtool.c:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/python-ethtool-0.14/python-ethtool/ethtool.c:88:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fd = fopen(_PATH_PROCNET_DEV, "r"); data/python-ethtool-0.14/python-ethtool/ethtool.c:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hwaddr[20]; data/python-ethtool-0.14/python-ethtool/ethtool.c:154:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hwaddr, "%02x:%02x:%02x:%02x:%02x:%02x", data/python-ethtool-0.14/python-ethtool/ethtool.c:170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipaddr[20]; data/python-ethtool-0.14/python-ethtool/ethtool.c:196:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ipaddr, "%u.%u.%u.%u", data/python-ethtool-0.14/python-ethtool/ethtool.c:333:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netmask[20]; data/python-ethtool-0.14/python-ethtool/ethtool.c:359:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(netmask, "%u.%u.%u.%u", data/python-ethtool-0.14/python-ethtool/ethtool.c:373:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char broadcast[20]; data/python-ethtool-0.14/python-ethtool/ethtool.c:399:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(broadcast, "%u.%u.%u.%u", data/python-ethtool-0.14/python-ethtool/ethtool.c:413:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/python-ethtool-0.14/python-ethtool/ethtool.c:426:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf, &ecmd, sizeof(ecmd)); data/python-ethtool-0.14/python-ethtool/ethtool.c:441:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver[101], dev[101]; data/python-ethtool-0.14/python-ethtool/ethtool.c:445:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen("/var/lib/pcmcia/stab", "r"); data/python-ethtool-0.14/python-ethtool/ethtool.c:484:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/python-ethtool-0.14/python-ethtool/ethtool.c:497:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf, &ecmd, sizeof(ecmd)); data/python-ethtool-0.14/python-ethtool/ethtool.c:766:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/python-ethtool-0.14/python-ethtool/netlink-address.c:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN+1]; data/python-ethtool-0.14/python-ethtool/netlink-address.c:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/python-ethtool-0.14/python-ethtool/ethtool.c:135:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ); data/python-ethtool-0.14/python-ethtool/ethtool.c:177:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ); data/python-ethtool-0.14/python-ethtool/ethtool.c:308:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ); data/python-ethtool-0.14/python-ethtool/ethtool.c:340:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ); data/python-ethtool-0.14/python-ethtool/ethtool.c:380:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ); data/python-ethtool-0.14/python-ethtool/ethtool.c:422:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ); data/python-ethtool-0.14/python-ethtool/ethtool.c:455:21: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(buf, "%*d\t%*s\t%100s\t%*d\t%100s\n", data/python-ethtool-0.14/python-ethtool/ethtool.c:493:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ); data/python-ethtool-0.14/python-ethtool/ethtool.c:526:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&ifr.ifr_name[0], devname, IFNAMSIZ); data/python-ethtool-0.14/python-ethtool/ethtool.c:666:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(iwr.ifr_name, devname, IFNAMSIZ-1); ANALYSIS SUMMARY: Hits = 36 Lines analyzed = 2686 in approximately 0.09 seconds (30753 lines/second) Physical Source Lines of Code (SLOC) = 1770 Hits@level = [0] 3 [1] 10 [2] 26 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 39 [1+] 36 [2+] 26 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 22.0339 [1+] 20.339 [2+] 14.6893 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.