Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python3-typed-ast-1.4.1/ast27/Custom/typed_ast.c
Examining data/python3-typed-ast-1.4.1/ast27/Include/Python-ast.h
Examining data/python3-typed-ast-1.4.1/ast27/Include/asdl.h
Examining data/python3-typed-ast-1.4.1/ast27/Include/ast.h
Examining data/python3-typed-ast-1.4.1/ast27/Include/bitset.h
Examining data/python3-typed-ast-1.4.1/ast27/Include/compile.h
Examining data/python3-typed-ast-1.4.1/ast27/Include/errcode.h
Examining data/python3-typed-ast-1.4.1/ast27/Include/graminit.h
Examining data/python3-typed-ast-1.4.1/ast27/Include/grammar.h
Examining data/python3-typed-ast-1.4.1/ast27/Include/node.h
Examining data/python3-typed-ast-1.4.1/ast27/Include/parsetok.h
Examining data/python3-typed-ast-1.4.1/ast27/Include/pgenheaders.h
Examining data/python3-typed-ast-1.4.1/ast27/Include/token.h
Examining data/python3-typed-ast-1.4.1/ast27/Parser/acceler.c
Examining data/python3-typed-ast-1.4.1/ast27/Parser/bitset.c
Examining data/python3-typed-ast-1.4.1/ast27/Parser/grammar.c
Examining data/python3-typed-ast-1.4.1/ast27/Parser/grammar1.c
Examining data/python3-typed-ast-1.4.1/ast27/Parser/node.c
Examining data/python3-typed-ast-1.4.1/ast27/Parser/parser.c
Examining data/python3-typed-ast-1.4.1/ast27/Parser/parser.h
Examining data/python3-typed-ast-1.4.1/ast27/Parser/parsetok.c
Examining data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c
Examining data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.h
Examining data/python3-typed-ast-1.4.1/ast27/Python/Python-ast.c
Examining data/python3-typed-ast-1.4.1/ast27/Python/asdl.c
Examining data/python3-typed-ast-1.4.1/ast27/Python/ast.c
Examining data/python3-typed-ast-1.4.1/ast27/Python/graminit.c
Examining data/python3-typed-ast-1.4.1/ast27/Python/mystrtoul.c
Examining data/python3-typed-ast-1.4.1/ast3/Custom/typed_ast.c
Examining data/python3-typed-ast-1.4.1/ast3/Include/Python-ast.h
Examining data/python3-typed-ast-1.4.1/ast3/Include/asdl.h
Examining data/python3-typed-ast-1.4.1/ast3/Include/ast.h
Examining data/python3-typed-ast-1.4.1/ast3/Include/bitset.h
Examining data/python3-typed-ast-1.4.1/ast3/Include/errcode.h
Examining data/python3-typed-ast-1.4.1/ast3/Include/graminit.h
Examining data/python3-typed-ast-1.4.1/ast3/Include/grammar.h
Examining data/python3-typed-ast-1.4.1/ast3/Include/node.h
Examining data/python3-typed-ast-1.4.1/ast3/Include/parsetok.h
Examining data/python3-typed-ast-1.4.1/ast3/Include/pgenheaders.h
Examining data/python3-typed-ast-1.4.1/ast3/Include/token.h
Examining data/python3-typed-ast-1.4.1/ast3/Parser/acceler.c
Examining data/python3-typed-ast-1.4.1/ast3/Parser/bitset.c
Examining data/python3-typed-ast-1.4.1/ast3/Parser/grammar.c
Examining data/python3-typed-ast-1.4.1/ast3/Parser/grammar1.c
Examining data/python3-typed-ast-1.4.1/ast3/Parser/node.c
Examining data/python3-typed-ast-1.4.1/ast3/Parser/parser.c
Examining data/python3-typed-ast-1.4.1/ast3/Parser/parser.h
Examining data/python3-typed-ast-1.4.1/ast3/Parser/parsetok.c
Examining data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c
Examining data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.h
Examining data/python3-typed-ast-1.4.1/ast3/Python/Python-ast.c
Examining data/python3-typed-ast-1.4.1/ast3/Python/asdl.c
Examining data/python3-typed-ast-1.4.1/ast3/Python/ast.c
Examining data/python3-typed-ast-1.4.1/ast3/Python/graminit.c
FINAL RESULTS:
data/python3-typed-ast-1.4.1/ast27/Parser/parsetok.c:372:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->n_str, tok->encoding);
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:902:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newtok, buf);
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:931:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tok->buf + oldlen, newtok);
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:1891:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s + 1, STR(pnum));
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:2658:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, STR(CHILD(n, i)));
data/python3-typed-ast-1.4.1/ast3/Parser/parsetok.c:433:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r->n_str, tok->encoding);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:904:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tok->encoding, enc);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:987:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newtok, buf);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:1016:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tok->buf + oldlen, newtok);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:2029:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(encoding, tok->encoding);
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:3495:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, STR(CHILD(n, i)));
data/python3-typed-ast-1.4.1/ast27/Parser/grammar1.c:36:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:149:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, s, len);
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[13];
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:459:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, str, utf8len);
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:484:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_Py_IDENTIFIER(open);
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:584:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:587:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:711:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *newl[2] = {NULL, NULL};
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:1353:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[80];
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:1369:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int newsize = atoi(tp + strlen(*cp));
data/python3-typed-ast-1.4.1/ast27/Python/Python-ast.c:7045:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *req_name[3];
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:219:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:221:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Non-statement found: %d %d",
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:537:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:1507:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ch, s_kind[3] = {0, 0, 0};
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:1525:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:3532:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, s, len);
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:3610:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "u005c");
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:3629:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "\\U%08x", chr);
data/python3-typed-ast-1.4.1/ast3/Parser/grammar1.c:35:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:189:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, s, len);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[13];
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:498:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, buf, buflen);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:524:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_Py_IDENTIFIER(open);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:778:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *newl[2] = {NULL, NULL};
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:871:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tok->encoding, "utf-8");
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:837:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:839:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Non-statement found: %d %d",
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:1216:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:2341:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:4480:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "u005c");
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:4501:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "\\U%08x", chr);
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:4649:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str+1, expr_start, len);
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:5199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ch, s_kind[3] = {0, 0, 0};
data/python3-typed-ast-1.4.1/ast27/Custom/typed_ast.c:55:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) != (size_t)size) {
data/python3-typed-ast-1.4.1/ast27/Custom/typed_ast.c:170:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Py_ssize_t len = strlen(err->text);
data/python3-typed-ast-1.4.1/ast27/Parser/grammar.c:200:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(src);
data/python3-typed-ast-1.4.1/ast27/Parser/grammar.c:206:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, name_len);
data/python3-typed-ast-1.4.1/ast27/Parser/node.c:162:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res += strlen(STR(n)) + 1;
data/python3-typed-ast-1.4.1/ast27/Parser/parsetok.c:268:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, a, len);
data/python3-typed-ast-1.4.1/ast27/Parser/parsetok.c:352:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text, tok->buf, len);
data/python3-typed-ast-1.4.1/ast27/Parser/parsetok.c:364:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r->n_str = PyObject_MALLOC(strlen(tok->encoding)+1);
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:172:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return new_string(str, strlen(str));
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:256:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = new_string(q, strlen(q));
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:530:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return getc(tok->fp);
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:568:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!check_coding_spec(line, strlen(line), tok, fp_setreadl)) {
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:651:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PyObject* buf = PyUnicode_Decode(str, strlen(str), enc, NULL);
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:663:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int skip_next_lf = 0, needed_length = strlen(s) + 2, final_length;
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:917:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t newlen = oldlen + strlen(newtok);
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:1015:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tok->inp, "\n");
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:1369:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newsize = atoi(tp + strlen(*cp));
data/python3-typed-ast-1.4.1/ast27/Parser/tokenizer.c:1799:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text, line, linelen);
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:69:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_DecodeUTF8(s, strlen(s), NULL);
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:1887:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = PyObject_MALLOC(strlen(STR(pnum)) + 2);
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:2648:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(STR(CHILD(n, i))) + 1;
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:2659:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(sch);
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:3521:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = s + strlen(s) - 1;
data/python3-typed-ast-1.4.1/ast27/Python/ast.c:3685:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/python3-typed-ast-1.4.1/ast3/Custom/typed_ast.c:54:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) != (size_t)size) {
data/python3-typed-ast-1.4.1/ast3/Custom/typed_ast.c:178:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Py_ssize_t len = strlen(err->text);
data/python3-typed-ast-1.4.1/ast3/Parser/grammar.c:219:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(src);
data/python3-typed-ast-1.4.1/ast3/Parser/grammar.c:225:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, name_len);
data/python3-typed-ast-1.4.1/ast3/Parser/node.c:162:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res += strlen(STR(n)) + 1;
data/python3-typed-ast-1.4.1/ast3/Parser/parsetok.c:288:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, a, len);
data/python3-typed-ast-1.4.1/ast3/Parser/parsetok.c:415:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(err_ret->text, tok->buf, len);
data/python3-typed-ast-1.4.1/ast3/Parser/parsetok.c:425:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r->n_str = PyObject_MALLOC(strlen(tok->encoding)+1);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:211:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return new_string(str, strlen(str), tok);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:296:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = new_string(q, strlen(q), tok);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:571:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return getc(tok->fp);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:637:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!check_coding_spec(line, strlen(line), tok, fp_setreadl)) {
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:718:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PyObject* buf = PyUnicode_Decode(str, strlen(str), enc, NULL);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:730:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t needed_length = strlen(s) + 2, final_length;
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:899:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tok->encoding = PyMem_MALLOC(strlen(enc)+1);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:1002:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t newlen = oldlen + strlen(newtok);
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:1100:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tok->inp, "\n");
data/python3-typed-ast-1.4.1/ast3/Parser/tokenizer.c:2027:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encoding = (char *)PyMem_MALLOC(strlen(tok->encoding) + 1);
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:694:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PyObject *id = PyUnicode_DecodeUTF8(n, strlen(n), NULL);
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:744:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PyObject *res = PyUnicode_DecodeUTF8(s, strlen(s), NULL);
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:2317:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:3485:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(STR(CHILD(n, i))) + 1;
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:3496:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(sch);
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:4353:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = s + strlen(s) - 1;
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:4397:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dup = PyMem_Malloc(strlen(s) + 1);
data/python3-typed-ast-1.4.1/ast3/Python/ast.c:5460:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
ANALYSIS SUMMARY:
Hits = 95
Lines analyzed = 40885 in approximately 0.95 seconds (42821 lines/second)
Physical Source Lines of Code (SLOC) = 36644
Hits@level = [0] 106 [1] 50 [2] 34 [3] 0 [4] 11 [5] 0
Hits@level+ = [0+] 201 [1+] 95 [2+] 45 [3+] 11 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 5.48521 [1+] 2.59251 [2+] 1.22803 [3+] 0.300186 [4+] 0.300186 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.