Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/seafile-client-7.0.10/extensions/applet-connection.cpp
Examining data/seafile-client-7.0.10/extensions/applet-connection.h
Examining data/seafile-client-7.0.10/extensions/class-factory.cpp
Examining data/seafile-client-7.0.10/extensions/class-factory.h
Examining data/seafile-client-7.0.10/extensions/commands.cpp
Examining data/seafile-client-7.0.10/extensions/commands.h
Examining data/seafile-client-7.0.10/extensions/context-menu.cpp
Examining data/seafile-client-7.0.10/extensions/dll.cpp
Examining data/seafile-client-7.0.10/extensions/ext-common.h
Examining data/seafile-client-7.0.10/extensions/ext-utils.cpp
Examining data/seafile-client-7.0.10/extensions/ext-utils.h
Examining data/seafile-client-7.0.10/extensions/guids.h
Examining data/seafile-client-7.0.10/extensions/i18n.cpp
Examining data/seafile-client-7.0.10/extensions/i18n.h
Examining data/seafile-client-7.0.10/extensions/icon-overlay.cpp
Examining data/seafile-client-7.0.10/extensions/log.cpp
Examining data/seafile-client-7.0.10/extensions/log.h
Examining data/seafile-client-7.0.10/extensions/shell-ext.cpp
Examining data/seafile-client-7.0.10/extensions/shell-ext.h
Examining data/seafile-client-7.0.10/fsplugin/FinderSync.h
Examining data/seafile-client-7.0.10/fsplugin/FinderSyncClient.h
Examining data/seafile-client-7.0.10/src/account-info-service.cpp
Examining data/seafile-client-7.0.10/src/account-info-service.h
Examining data/seafile-client-7.0.10/src/account-mgr.cpp
Examining data/seafile-client-7.0.10/src/account-mgr.h
Examining data/seafile-client-7.0.10/src/account.cpp
Examining data/seafile-client-7.0.10/src/account.h
Examining data/seafile-client-7.0.10/src/api/api-client.cpp
Examining data/seafile-client-7.0.10/src/api/api-client.h
Examining data/seafile-client-7.0.10/src/api/api-error.cpp
Examining data/seafile-client-7.0.10/src/api/api-error.h
Examining data/seafile-client-7.0.10/src/api/api-request.cpp
Examining data/seafile-client-7.0.10/src/api/api-request.h
Examining data/seafile-client-7.0.10/src/api/commit-details.cpp
Examining data/seafile-client-7.0.10/src/api/commit-details.h
Examining data/seafile-client-7.0.10/src/api/contact-share-info.cpp
Examining data/seafile-client-7.0.10/src/api/contact-share-info.h
Examining data/seafile-client-7.0.10/src/api/event.cpp
Examining data/seafile-client-7.0.10/src/api/event.h
Examining data/seafile-client-7.0.10/src/api/requests.cpp
Examining data/seafile-client-7.0.10/src/api/requests.h
Examining data/seafile-client-7.0.10/src/api/server-info.h
Examining data/seafile-client-7.0.10/src/api/server-repo.cpp
Examining data/seafile-client-7.0.10/src/api/server-repo.h
Examining data/seafile-client-7.0.10/src/api/starred-file.cpp
Examining data/seafile-client-7.0.10/src/api/starred-file.h
Examining data/seafile-client-7.0.10/src/application.cpp
Examining data/seafile-client-7.0.10/src/application.h
Examining data/seafile-client-7.0.10/src/auto-login-service.cpp
Examining data/seafile-client-7.0.10/src/auto-login-service.h
Examining data/seafile-client-7.0.10/src/auto-update-service.cpp
Examining data/seafile-client-7.0.10/src/auto-update-service.h
Examining data/seafile-client-7.0.10/src/avatar-service.cpp
Examining data/seafile-client-7.0.10/src/avatar-service.h
Examining data/seafile-client-7.0.10/src/certs-mgr.cpp
Examining data/seafile-client-7.0.10/src/certs-mgr.h
Examining data/seafile-client-7.0.10/src/configurator.cpp
Examining data/seafile-client-7.0.10/src/configurator.h
Examining data/seafile-client-7.0.10/src/crash-handler.cpp
Examining data/seafile-client-7.0.10/src/crash-handler.h
Examining data/seafile-client-7.0.10/src/customization-service.cpp
Examining data/seafile-client-7.0.10/src/customization-service.h
Examining data/seafile-client-7.0.10/src/daemon-mgr.cpp
Examining data/seafile-client-7.0.10/src/daemon-mgr.h
Examining data/seafile-client-7.0.10/src/events-service.cpp
Examining data/seafile-client-7.0.10/src/events-service.h
Examining data/seafile-client-7.0.10/src/ext-handler.cpp
Examining data/seafile-client-7.0.10/src/ext-handler.h
Examining data/seafile-client-7.0.10/src/filebrowser/auto-update-mgr.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/auto-update-mgr.h
Examining data/seafile-client-7.0.10/src/filebrowser/data-cache.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/data-cache.h
Examining data/seafile-client-7.0.10/src/filebrowser/data-mgr.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/data-mgr.h
Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-dialog.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-dialog.h
Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-manager.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-manager.h
Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-requests.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-requests.h
Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-search-tab.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/file-browser-search-tab.h
Examining data/seafile-client-7.0.10/src/filebrowser/file-table.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/file-table.h
Examining data/seafile-client-7.0.10/src/filebrowser/progress-dialog.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/progress-dialog.h
Examining data/seafile-client-7.0.10/src/filebrowser/reliable-upload.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/reliable-upload.h
Examining data/seafile-client-7.0.10/src/filebrowser/seaf-dirent.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/seaf-dirent.h
Examining data/seafile-client-7.0.10/src/filebrowser/seafilelink-dialog.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/seafilelink-dialog.h
Examining data/seafile-client-7.0.10/src/filebrowser/sharedlink-dialog.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/sharedlink-dialog.h
Examining data/seafile-client-7.0.10/src/filebrowser/tasks.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/tasks.h
Examining data/seafile-client-7.0.10/src/filebrowser/thumbnail-service.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/thumbnail-service.h
Examining data/seafile-client-7.0.10/src/filebrowser/transfer-mgr.cpp
Examining data/seafile-client-7.0.10/src/filebrowser/transfer-mgr.h
Examining data/seafile-client-7.0.10/src/finder-sync/finder-sync-host.cpp
Examining data/seafile-client-7.0.10/src/finder-sync/finder-sync-host.h
Examining data/seafile-client-7.0.10/src/finder-sync/finder-sync-listener.h
Examining data/seafile-client-7.0.10/src/finder-sync/finder-sync.cpp
Examining data/seafile-client-7.0.10/src/finder-sync/finder-sync.h
Examining data/seafile-client-7.0.10/src/i18n.cpp
Examining data/seafile-client-7.0.10/src/i18n.h
Examining data/seafile-client-7.0.10/src/log-uploader.cpp
Examining data/seafile-client-7.0.10/src/log-uploader.h
Examining data/seafile-client-7.0.10/src/mac-sparkle-support.h
Examining data/seafile-client-7.0.10/src/message-poller.cpp
Examining data/seafile-client-7.0.10/src/message-poller.h
Examining data/seafile-client-7.0.10/src/network-mgr.cpp
Examining data/seafile-client-7.0.10/src/network-mgr.h
Examining data/seafile-client-7.0.10/src/open-local-helper.cpp
Examining data/seafile-client-7.0.10/src/open-local-helper.h
Examining data/seafile-client-7.0.10/src/repo-service-helper.cpp
Examining data/seafile-client-7.0.10/src/repo-service-helper.h
Examining data/seafile-client-7.0.10/src/repo-service.cpp
Examining data/seafile-client-7.0.10/src/repo-service.h
Examining data/seafile-client-7.0.10/src/rpc/clone-task.cpp
Examining data/seafile-client-7.0.10/src/rpc/clone-task.h
Examining data/seafile-client-7.0.10/src/rpc/local-repo.cpp
Examining data/seafile-client-7.0.10/src/rpc/local-repo.h
Examining data/seafile-client-7.0.10/src/rpc/rpc-client.cpp
Examining data/seafile-client-7.0.10/src/rpc/rpc-client.h
Examining data/seafile-client-7.0.10/src/rpc/rpc-server.cpp
Examining data/seafile-client-7.0.10/src/rpc/rpc-server.h
Examining data/seafile-client-7.0.10/src/rpc/searpc-marshal.h
Examining data/seafile-client-7.0.10/src/rpc/searpc-signature.h
Examining data/seafile-client-7.0.10/src/rpc/sync-error.cpp
Examining data/seafile-client-7.0.10/src/rpc/sync-error.h
Examining data/seafile-client-7.0.10/src/seafile-applet.cpp
Examining data/seafile-client-7.0.10/src/seafile-applet.h
Examining data/seafile-client-7.0.10/src/seahub-notifications-monitor.cpp
Examining data/seafile-client-7.0.10/src/seahub-notifications-monitor.h
Examining data/seafile-client-7.0.10/src/server-status-service.cpp
Examining data/seafile-client-7.0.10/src/server-status-service.h
Examining data/seafile-client-7.0.10/src/settings-mgr.cpp
Examining data/seafile-client-7.0.10/src/settings-mgr.h
Examining data/seafile-client-7.0.10/src/shib/shib-helper.h
Examining data/seafile-client-7.0.10/src/shib/shib-login-dialog.cpp
Examining data/seafile-client-7.0.10/src/shib/shib-login-dialog.h
Examining data/seafile-client-7.0.10/src/sync-error-service.cpp
Examining data/seafile-client-7.0.10/src/sync-error-service.h
Examining data/seafile-client-7.0.10/src/traynotificationmanager.cpp
Examining data/seafile-client-7.0.10/src/traynotificationmanager.h
Examining data/seafile-client-7.0.10/src/traynotificationwidget.cpp
Examining data/seafile-client-7.0.10/src/traynotificationwidget.h
Examining data/seafile-client-7.0.10/src/ui/about-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/about-dialog.h
Examining data/seafile-client-7.0.10/src/ui/account-settings-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/account-settings-dialog.h
Examining data/seafile-client-7.0.10/src/ui/account-view.cpp
Examining data/seafile-client-7.0.10/src/ui/account-view.h
Examining data/seafile-client-7.0.10/src/ui/activities-tab.cpp
Examining data/seafile-client-7.0.10/src/ui/activities-tab.h
Examining data/seafile-client-7.0.10/src/ui/check-repo-root-perm-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/check-repo-root-perm-dialog.h
Examining data/seafile-client-7.0.10/src/ui/clone-tasks-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/clone-tasks-dialog.h
Examining data/seafile-client-7.0.10/src/ui/clone-tasks-table-model.cpp
Examining data/seafile-client-7.0.10/src/ui/clone-tasks-table-model.h
Examining data/seafile-client-7.0.10/src/ui/clone-tasks-table-view.cpp
Examining data/seafile-client-7.0.10/src/ui/clone-tasks-table-view.h
Examining data/seafile-client-7.0.10/src/ui/cloud-view.cpp
Examining data/seafile-client-7.0.10/src/ui/cloud-view.h
Examining data/seafile-client-7.0.10/src/ui/create-repo-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/create-repo-dialog.h
Examining data/seafile-client-7.0.10/src/ui/download-repo-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/download-repo-dialog.h
Examining data/seafile-client-7.0.10/src/ui/event-details-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/event-details-dialog.h
Examining data/seafile-client-7.0.10/src/ui/event-details-tree.cpp
Examining data/seafile-client-7.0.10/src/ui/event-details-tree.h
Examining data/seafile-client-7.0.10/src/ui/events-list-view.h
Examining data/seafile-client-7.0.10/src/ui/init-seafile-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/init-seafile-dialog.h
Examining data/seafile-client-7.0.10/src/ui/init-vdrive-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/init-vdrive-dialog.h
Examining data/seafile-client-7.0.10/src/ui/loading-view.cpp
Examining data/seafile-client-7.0.10/src/ui/loading-view.h
Examining data/seafile-client-7.0.10/src/ui/login-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/login-dialog.h
Examining data/seafile-client-7.0.10/src/ui/logout-view.cpp
Examining data/seafile-client-7.0.10/src/ui/logout-view.h
Examining data/seafile-client-7.0.10/src/ui/main-window.cpp
Examining data/seafile-client-7.0.10/src/ui/main-window.h
Examining data/seafile-client-7.0.10/src/ui/private-share-dialog.h
Examining data/seafile-client-7.0.10/src/ui/proxy-style.cpp
Examining data/seafile-client-7.0.10/src/ui/proxy-style.h
Examining data/seafile-client-7.0.10/src/ui/repo-detail-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/repo-detail-dialog.h
Examining data/seafile-client-7.0.10/src/ui/repo-item-delegate.cpp
Examining data/seafile-client-7.0.10/src/ui/repo-item-delegate.h
Examining data/seafile-client-7.0.10/src/ui/repo-item.cpp
Examining data/seafile-client-7.0.10/src/ui/repo-item.h
Examining data/seafile-client-7.0.10/src/ui/repo-tree-model.cpp
Examining data/seafile-client-7.0.10/src/ui/repo-tree-model.h
Examining data/seafile-client-7.0.10/src/ui/repo-tree-view.cpp
Examining data/seafile-client-7.0.10/src/ui/repo-tree-view.h
Examining data/seafile-client-7.0.10/src/ui/repos-tab.cpp
Examining data/seafile-client-7.0.10/src/ui/repos-tab.h
Examining data/seafile-client-7.0.10/src/ui/seafile-tab-widget.cpp
Examining data/seafile-client-7.0.10/src/ui/seafile-tab-widget.h
Examining data/seafile-client-7.0.10/src/ui/search-bar.cpp
Examining data/seafile-client-7.0.10/src/ui/search-bar.h
Examining data/seafile-client-7.0.10/src/ui/search-tab-items.cpp
Examining data/seafile-client-7.0.10/src/ui/search-tab-items.h
Examining data/seafile-client-7.0.10/src/ui/search-tab.cpp
Examining data/seafile-client-7.0.10/src/ui/search-tab.h
Examining data/seafile-client-7.0.10/src/ui/server-status-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/server-status-dialog.h
Examining data/seafile-client-7.0.10/src/ui/set-repo-password-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/set-repo-password-dialog.h
Examining data/seafile-client-7.0.10/src/ui/settings-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/settings-dialog.h
Examining data/seafile-client-7.0.10/src/ui/ssl-confirm-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/ssl-confirm-dialog.h
Examining data/seafile-client-7.0.10/src/ui/starred-file-item-delegate.cpp
Examining data/seafile-client-7.0.10/src/ui/starred-file-item-delegate.h
Examining data/seafile-client-7.0.10/src/ui/starred-file-item.cpp
Examining data/seafile-client-7.0.10/src/ui/starred-file-item.h
Examining data/seafile-client-7.0.10/src/ui/starred-files-list-model.cpp
Examining data/seafile-client-7.0.10/src/ui/starred-files-list-model.h
Examining data/seafile-client-7.0.10/src/ui/starred-files-list-view.cpp
Examining data/seafile-client-7.0.10/src/ui/starred-files-list-view.h
Examining data/seafile-client-7.0.10/src/ui/starred-files-tab.cpp
Examining data/seafile-client-7.0.10/src/ui/starred-files-tab.h
Examining data/seafile-client-7.0.10/src/ui/sync-errors-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/sync-errors-dialog.h
Examining data/seafile-client-7.0.10/src/ui/tab-view.cpp
Examining data/seafile-client-7.0.10/src/ui/tab-view.h
Examining data/seafile-client-7.0.10/src/ui/tray-icon.cpp
Examining data/seafile-client-7.0.10/src/ui/tray-icon.h
Examining data/seafile-client-7.0.10/src/ui/two-factor-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/two-factor-dialog.h
Examining data/seafile-client-7.0.10/src/ui/uninstall-helper-dialog.cpp
Examining data/seafile-client-7.0.10/src/ui/uninstall-helper-dialog.h
Examining data/seafile-client-7.0.10/src/ui/user-name-completer.cpp
Examining data/seafile-client-7.0.10/src/ui/user-name-completer.h
Examining data/seafile-client-7.0.10/src/ui/events-list-view.cpp
Examining data/seafile-client-7.0.10/src/ui/private-share-dialog.cpp
Examining data/seafile-client-7.0.10/src/utils/api-utils.cpp
Examining data/seafile-client-7.0.10/src/utils/api-utils.h
Examining data/seafile-client-7.0.10/src/utils/file-utils.cpp
Examining data/seafile-client-7.0.10/src/utils/file-utils.h
Examining data/seafile-client-7.0.10/src/utils/json-utils.cpp
Examining data/seafile-client-7.0.10/src/utils/json-utils.h
Examining data/seafile-client-7.0.10/src/utils/log.c
Examining data/seafile-client-7.0.10/src/utils/log.h
Examining data/seafile-client-7.0.10/src/utils/paint-utils.cpp
Examining data/seafile-client-7.0.10/src/utils/paint-utils.h
Examining data/seafile-client-7.0.10/src/utils/process-linux.cpp
Examining data/seafile-client-7.0.10/src/utils/process-mac.cpp
Examining data/seafile-client-7.0.10/src/utils/process-win.cpp
Examining data/seafile-client-7.0.10/src/utils/process.h
Examining data/seafile-client-7.0.10/src/utils/registry.cpp
Examining data/seafile-client-7.0.10/src/utils/registry.h
Examining data/seafile-client-7.0.10/src/utils/rsa.cpp
Examining data/seafile-client-7.0.10/src/utils/rsa.h
Examining data/seafile-client-7.0.10/src/utils/seafile-error.cpp
Examining data/seafile-client-7.0.10/src/utils/seafile-error.h
Examining data/seafile-client-7.0.10/src/utils/singleton.h
Examining data/seafile-client-7.0.10/src/utils/stl.cpp
Examining data/seafile-client-7.0.10/src/utils/stl.h
Examining data/seafile-client-7.0.10/src/utils/translate-commit-desc.cpp
Examining data/seafile-client-7.0.10/src/utils/translate-commit-desc.h
Examining data/seafile-client-7.0.10/src/utils/uninstall-helpers.cpp
Examining data/seafile-client-7.0.10/src/utils/uninstall-helpers.h
Examining data/seafile-client-7.0.10/src/utils/utils-mac.h
Examining data/seafile-client-7.0.10/src/utils/utils-win.cpp
Examining data/seafile-client-7.0.10/src/utils/utils-win.h
Examining data/seafile-client-7.0.10/src/utils/utils.cpp
Examining data/seafile-client-7.0.10/src/utils/utils.h
Examining data/seafile-client-7.0.10/src/main.cpp
Examining data/seafile-client-7.0.10/tests/test_file-utils.cpp
Examining data/seafile-client-7.0.10/tests/test_file-utils.h
Examining data/seafile-client-7.0.10/tests/test_server-info.cpp
Examining data/seafile-client-7.0.10/tests/test_server-info.h
Examining data/seafile-client-7.0.10/tests/test_stl.cpp
Examining data/seafile-client-7.0.10/tests/test_stl.h
Examining data/seafile-client-7.0.10/tests/test_utils.cpp
Examining data/seafile-client-7.0.10/tests/test_utils.h
Examining data/seafile-client-7.0.10/third_party/QtAwesome/QtAwesome.cpp
Examining data/seafile-client-7.0.10/third_party/QtAwesome/QtAwesome.h
FINAL RESULTS:
data/seafile-client-7.0.10/src/ui/init-seafile-dialog.cpp:187:29: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
int chmod_return_code = chmod(
data/seafile-client-7.0.10/src/utils/process-linux.cpp:28:17: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t l = readlink(path, buf, kBUFFSIZE - 1);
data/seafile-client-7.0.10/extensions/context-menu.cpp:238:5: [4] (buffer) lstrcpynW:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
lstrcpynW((LPWSTR)pszName, L"This is Seafile help string.", cchMax);
data/seafile-client-7.0.10/extensions/log.cpp:65:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
length = vsnprintf(buffer, sizeof(buffer), format, params);
data/seafile-client-7.0.10/src/i18n.cpp:139:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
locales.push_back(QLocale::system());
data/seafile-client-7.0.10/src/i18n.cpp:155:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale sys_locale = QLocale::system();
data/seafile-client-7.0.10/src/rpc/clone-task.cpp:57:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return QString().sprintf(" %lld%%", percentage);
data/seafile-client-7.0.10/src/ui/tray-icon.cpp:541:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (QLocale::system().name() == "zh_CN") {
data/seafile-client-7.0.10/src/utils/uninstall-helpers.cpp:125:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(wpath, path.toStdWString().c_str());
data/seafile-client-7.0.10/src/main.cpp:138:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long (argc, argv, short_options,
data/seafile-client-7.0.10/src/seafile-applet.cpp:752:13: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/seafile-client-7.0.10/src/utils/utils-win.cpp:32:12: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
hMod = LoadLibrary(TEXT("ntdll.dll"));
data/seafile-client-7.0.10/extensions/commands.cpp:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/seafile-client-7.0.10/extensions/commands.cpp:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/seafile-client-7.0.10/extensions/context-menu.cpp:51:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t path_dir_w[4096];
data/seafile-client-7.0.10/extensions/ext-utils.cpp:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PATH] = {'\0'};
data/seafile-client-7.0.10/extensions/ext-utils.cpp:267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = {0};
data/seafile-client-7.0.10/extensions/ext-utils.cpp:369:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char module_filename[MAX_PATH] = { 0 };
data/seafile-client-7.0.10/extensions/ext-utils.cpp:393:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t dst[4096];
data/seafile-client-7.0.10/extensions/ext-utils.cpp:396:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
len = MultiByteToWideChar
data/seafile-client-7.0.10/extensions/ext-utils.cpp:414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[4096];
data/seafile-client-7.0.10/extensions/ext-utils.cpp:436:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[4096];
data/seafile-client-7.0.10/extensions/ext-utils.cpp:458:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t dst[4096];
data/seafile-client-7.0.10/extensions/ext-utils.cpp:461:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
len = MultiByteToWideChar
data/seafile-client-7.0.10/extensions/ext-utils.cpp:494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PATH] = {0};
data/seafile-client-7.0.10/extensions/i18n.cpp:15:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iso639[10];
data/seafile-client-7.0.10/extensions/log.cpp:32:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_fp = fopen (log_path.c_str(), "a");
data/seafile-client-7.0.10/extensions/log.cpp:61:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/seafile-client-7.0.10/extensions/log.cpp:71:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/seafile-client-7.0.10/src/api/api-client.cpp:104:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/seafile-client-7.0.10/src/configurator.cpp:122:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!seafile_ini.open(QIODevice::WriteOnly)) {
data/seafile-client-7.0.10/src/configurator.cpp:152:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!desktop_ini.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/seafile-client-7.0.10/src/configurator.cpp:210:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!seafile_ini.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/seafile-client-7.0.10/src/ext-handler.cpp:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = {0};
data/seafile-client-7.0.10/src/filebrowser/reliable-upload.cpp:123:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file_->open(QIODevice::ReadOnly)) {
data/seafile-client-7.0.10/src/filebrowser/reliable-upload.cpp:431:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer->open(QIODevice::ReadOnly);
data/seafile-client-7.0.10/src/filebrowser/tasks.cpp:633:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmp_file_->open()) {
data/seafile-client-7.0.10/src/finder-sync/finder-sync-host.cpp:141:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, watch_set_[i].id.toUtf8().data(), 36);
data/seafile-client-7.0.10/src/finder-sync/finder-sync-host.cpp:144:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, array[i].data(), array[i].size() + 1);
data/seafile-client-7.0.10/src/log-uploader.cpp:107:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open(QIODevice::ReadOnly)) {
data/seafile-client-7.0.10/src/seafile-applet.cpp:154:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bundle.open(QIODevice::WriteOnly);
data/seafile-client-7.0.10/src/seafile-applet.cpp:505:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/seafile-client-7.0.10/src/seafile-applet.cpp:761:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!id_file.open(QIODevice::WriteOnly)) {
data/seafile-client-7.0.10/src/seafile-applet.cpp:770:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!id_file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/seafile-client-7.0.10/src/settings-mgr.cpp:698:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!system_proxy_txt.open(QIODevice::WriteOnly)) {
data/seafile-client-7.0.10/src/ui/init-seafile-dialog.cpp:29:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t drives[MAX_PATH];
data/seafile-client-7.0.10/src/ui/uninstall-helper-dialog.cpp:67:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/seafile-client-7.0.10/src/utils/log.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/seafile-client-7.0.10/src/utils/log.c:80:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[4096] = {0};
data/seafile-client-7.0.10/src/utils/log.c:81:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file_name, backup_file->str, backup_file->len);
data/seafile-client-7.0.10/src/utils/process-linux.cpp:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/seafile-client-7.0.10/src/utils/process-linux.cpp:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[kBUFFSIZE];
data/seafile-client-7.0.10/src/utils/process-linux.cpp:40:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(dir->d_name);
data/seafile-client-7.0.10/src/utils/process-win.cpp:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/seafile-client-7.0.10/src/utils/process-win.cpp:55:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char process_name[4096] = {0};
data/seafile-client-7.0.10/src/utils/process-win.cpp:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_PATH];
data/seafile-client-7.0.10/src/utils/process-win.cpp:148:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char process_name[4096] = {0};
data/seafile-client-7.0.10/src/utils/registry.cpp:200:17: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t expanded_buf[MAX_PATH];
data/seafile-client-7.0.10/src/utils/registry.cpp:216:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)&dword_value_, buf.data(), sizeof(int));
data/seafile-client-7.0.10/src/utils/registry.cpp:222:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)&value, buf.data(), sizeof(int));
data/seafile-client-7.0.10/src/utils/rsa.cpp:166:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1[20];
data/seafile-client-7.0.10/src/utils/stl.h:65:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_, buffer, size_ * sizeof(char_type));
data/seafile-client-7.0.10/src/utils/stl.h:71:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_, buffer, size * sizeof(char_type));
data/seafile-client-7.0.10/src/utils/stl.h:82:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_, string.data(), size_ * sizeof(char_type));
data/seafile-client-7.0.10/src/utils/stl.h:98:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data, data_, size_ * sizeof(char_type));
data/seafile-client-7.0.10/src/utils/stl.h:110:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data, data_, size_ * sizeof(char_type));
data/seafile-client-7.0.10/src/utils/uninstall-helpers.cpp:174:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!seafile_ini.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/seafile-client-7.0.10/src/utils/utils-win.cpp:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32767] = {0};
data/seafile-client-7.0.10/src/utils/utils-win.cpp:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_name_buf[buf_char_count];
data/seafile-client-7.0.10/src/utils/utils.cpp:340:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PATH] = {0};
data/seafile-client-7.0.10/src/utils/utils.cpp:364:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t applet_path[MAX_PATH];
data/seafile-client-7.0.10/third_party/QtAwesome/QtAwesome.cpp:170:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!res.open(QIODevice::ReadOnly)) {
data/seafile-client-7.0.10/extensions/context-menu.cpp:278:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
menuiteminfo.cch = strlen(kMainMenuName);
data/seafile-client-7.0.10/extensions/icon-overlay.cpp:23:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int wlen = wcslen(ico.get());
data/seafile-client-7.0.10/src/ui/init-seafile-dialog.cpp:38:40: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = drives; *p != L'\0'; p += wcslen(p) + 1) {
data/seafile-client-7.0.10/src/utils/log.c:17:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = (char *)path + strlen(path) - 1;
data/seafile-client-7.0.10/src/utils/log.c:50:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(message) > 0 && message[strlen(message) - 1] != '\n') {
data/seafile-client-7.0.10/src/utils/log.c:50:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(message) > 0 && message[strlen(message) - 1] != '\n') {
data/seafile-client-7.0.10/src/utils/registry.cpp:153:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void RegElement::read()
data/seafile-client-7.0.10/src/utils/registry.cpp:276:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reg.read();
data/seafile-client-7.0.10/src/utils/registry.cpp:313:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reg.read();
data/seafile-client-7.0.10/src/utils/registry.cpp:344:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reg.read();
data/seafile-client-7.0.10/src/utils/registry.h:36:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read();
data/seafile-client-7.0.10/src/utils/rsa.cpp:60:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1_Update(&c, msg, strlen(msg));
data/seafile-client-7.0.10/src/utils/utils-win.cpp:286:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CryptBinaryToString((BYTE*) input, strlen(input), CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, buf, &retlen);
data/seafile-client-7.0.10/src/utils/utils.cpp:259:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = (char *)path + strlen(path) - 1;
data/seafile-client-7.0.10/src/utils/utils.cpp:298:34: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD n = sizeof(wchar_t) * (wcslen(path_w) + 1);
ANALYSIS SUMMARY:
Hits = 87
Lines analyzed = 50985 in approximately 1.05 seconds (48762 lines/second)
Physical Source Lines of Code (SLOC) = 40091
Hits@level = [0] 43 [1] 15 [2] 60 [3] 3 [4] 7 [5] 2
Hits@level+ = [0+] 130 [1+] 87 [2+] 72 [3+] 12 [4+] 9 [5+] 2
Hits/KSLOC@level+ = [0+] 3.24262 [1+] 2.17006 [2+] 1.79591 [3+] 0.299319 [4+] 0.224489 [5+] 0.0498865
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.