stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-scandir-1.10.0/_scandir.c
Examining data/python-scandir-1.10.0/osdefs.h
Examining data/python-scandir-1.10.0/winreparse.h

FINAL RESULTS:

data/python-scandir-1.10.0/_scandir.c:1378:5:  [4] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
    wcscpy(result, path_wide);
data/python-scandir-1.10.0/_scandir.c:1383:9:  [4] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
        wcscpy(result + path_len, filename);
data/python-scandir-1.10.0/_scandir.c:1458:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(result, path_narrow);
data/python-scandir-1.10.0/_scandir.c:1461:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(result + path_len, filename);
data/python-scandir-1.10.0/_scandir.c:236:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char target_buffer[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
data/python-scandir-1.10.0/_scandir.c:65:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NAMLEN(dirent) strlen((dirent)->d_name)
data/python-scandir-1.10.0/_scandir.c:69:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NAMLEN(dirent) strlen((dirent)->d_name)
data/python-scandir-1.10.0/_scandir.c:807:13:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (wcslen(wide) != length) {
data/python-scandir-1.10.0/_scandir.c:872:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((size_t)length != strlen(narrow)) {
data/python-scandir-1.10.0/_scandir.c:1368:20:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        path_len = wcslen(path_wide);
data/python-scandir-1.10.0/_scandir.c:1372:27:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size = path_len + 1 + wcslen(filename) + 1;
data/python-scandir-1.10.0/_scandir.c:1408:60:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    entry->name = PyUnicode_FromWideChar(dataW->cFileName, wcslen(dataW->cFileName));
data/python-scandir-1.10.0/_scandir.c:1416:55:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    entry->path = PyUnicode_FromWideChar(joined_path, wcslen(joined_path));
data/python-scandir-1.10.0/_scandir.c:1445:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        path_len = strlen(path_narrow);
data/python-scandir-1.10.0/_scandir.c:1449:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        filename_len = strlen(filename);
data/python-scandir-1.10.0/_scandir.c:1495:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        entry->path = PyUnicode_Decode(joined_path, strlen(joined_path),

ANALYSIS SUMMARY:

Hits = 16
Lines analyzed = 1934 in approximately 0.08 seconds (25640 lines/second)
Physical Source Lines of Code (SLOC) = 1589
Hits@level = [0]   0 [1]  11 [2]   1 [3]   0 [4]   4 [5]   0
Hits@level+ = [0+]  16 [1+]  16 [2+]   5 [3+]   4 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 10.0692 [1+] 10.0692 [2+] 3.14663 [3+] 2.51731 [4+] 2.51731 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.