stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_commit.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_diff_hunk.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged.h
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_diff_delta.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_settings.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_remote_collection.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_note.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_branch_collection.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_tag_collection.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_rebase.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_repo.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_submodule_collection.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_patch.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_submodule.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_reference.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_blob.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_branch.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_reference_collection.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_backend.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_signature.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_config.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_diff_line.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_cred.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_tree.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_allocator.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_revwalk.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_diff.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_blame.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_remote.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_object.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_tag.c
Examining data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_index.c

FINAL RESULTS:

data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_branch_collection.c:49:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(ref_name, branch_name);
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_tag_collection.c:53:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(canonical_ref, StringValueCStr(rb_name));
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged.c:157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out[40];
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged.h:168:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char out[40];
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_allocator.c:36:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newstr, str, n);
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_allocator.c:47:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newstr, str, n);
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_branch_collection.c:48:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(ref_name, "refs/");
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_diff_delta.c:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char status_char[2];
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_reference.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char oid[GIT_OID_HEXSZ + 1];
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_tag_collection.c:52:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(canonical_ref, "refs/tags/");
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged.c:527:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	is_dotgit = git_path_is_gitfile(path, strlen(path), GIT_PATH_GITFILE_GITMODULES, GIT_PATH_FS_GENERIC);
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged.c:541:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	is_dotgit = git_path_is_gitfile(path, strlen(path), GIT_PATH_GITFILE_GITIGNORE, GIT_PATH_FS_GENERIC);
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged.c:555:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	is_dotgit = git_path_is_gitfile(path, strlen(path), GIT_PATH_GITFILE_GITATTRIBUTES, GIT_PATH_FS_GENERIC);
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged.h:30:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define rb_str_new_utf8(str) rb_enc_str_new(str, strlen(str), rb_utf8_encoding())
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_branch_collection.c:35:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(branch_name, "refs/heads/", strlen("refs/heads/")) == 0 ||
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_branch_collection.c:36:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    strncmp(branch_name, "refs/remotes/", strlen("refs/remotes/")) == 0)
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_branch_collection.c:47:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ref_name = xmalloc((strlen(branch_name) + strlen("refs/") + 1)  * sizeof(char));
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_branch_collection.c:47:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ref_name = xmalloc((strlen(branch_name) + strlen("refs/") + 1)  * sizeof(char));
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_commit.c:45:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return rb_enc_str_new(message, strlen(message), encoding);
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_commit.c:88:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		rb_ary_push(pair, rb_enc_str_new(key, strlen(key), encoding));
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_commit.c:91:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		rb_ary_push(pair, rb_enc_str_new(value, strlen(value), encoding));
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_commit.c:128:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return rb_enc_str_new(summary, strlen(summary), encoding);
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_signature.c:28:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		rb_enc_str_new(sig->name, strlen(sig->name), encoding));
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_signature.c:31:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		rb_enc_str_new(sig->email, strlen(sig->email), encoding));
data/ruby-rugged-0.28.4.1+ds/ext/rugged/rugged_tag_collection.c:51:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		char *canonical_ref = xmalloc((RSTRING_LEN(rb_name) + strlen("refs/tags/") + 1) * sizeof(char));

ANALYSIS SUMMARY:

Hits = 25
Lines analyzed = 15529 in approximately 0.36 seconds (43526 lines/second)
Physical Source Lines of Code (SLOC) = 8528
Hits@level = [0]   0 [1]  15 [2]   8 [3]   0 [4]   2 [5]   0
Hits@level+ = [0+]  25 [1+]  25 [2+]  10 [3+]   2 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 2.93152 [1+] 2.93152 [2+] 1.17261 [3+] 0.234522 [4+] 0.234522 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.