Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/serd-0.30.6/serd/serd.h
Examining data/serd-0.30.6/src/base64.c
Examining data/serd-0.30.6/src/base64.h
Examining data/serd-0.30.6/src/byte_sink.h
Examining data/serd-0.30.6/src/byte_source.c
Examining data/serd-0.30.6/src/byte_source.h
Examining data/serd-0.30.6/src/env.c
Examining data/serd-0.30.6/src/n3.c
Examining data/serd-0.30.6/src/node.c
Examining data/serd-0.30.6/src/node.h
Examining data/serd-0.30.6/src/reader.c
Examining data/serd-0.30.6/src/reader.h
Examining data/serd-0.30.6/src/serd_internal.h
Examining data/serd-0.30.6/src/serdi.c
Examining data/serd-0.30.6/src/stack.h
Examining data/serd-0.30.6/src/string.c
Examining data/serd-0.30.6/src/string_utils.h
Examining data/serd-0.30.6/src/system.c
Examining data/serd-0.30.6/src/system.h
Examining data/serd-0.30.6/src/uri.c
Examining data/serd-0.30.6/src/uri_utils.h
Examining data/serd-0.30.6/src/writer.c
Examining data/serd-0.30.6/tests/env_test.c
Examining data/serd-0.30.6/tests/free_null_test.c
Examining data/serd-0.30.6/tests/read_chunk_test.c
Examining data/serd-0.30.6/tests/serd_test.c
FINAL RESULTS:
data/serd-0.30.6/src/reader.h:31:60: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define SERD_LOG_FUNC(fmt, arg1) __attribute__((format(printf, fmt, arg1)))
data/serd-0.30.6/src/serd_internal.h:47:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, e->fmt, *e->args);
data/serd-0.30.6/src/serdi.c:39:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define SERDI_ERROR(msg) fprintf(stderr, "serdi: " msg)
data/serd-0.30.6/src/serdi.c:40:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define SERDI_ERRORF(fmt, ...) fprintf(stderr, "serdi: " fmt, __VA_ARGS__)
data/serd-0.30.6/src/base64.c:78:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in, (const uint8_t*)buf + i, n_in);
data/serd-0.30.6/src/byte_sink.h:82:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bsink->buf + bsink->size, buf, n);
data/serd-0.30.6/src/node.c:80:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, node->buf, copy.n_bytes + 1);
data/serd-0.30.6/src/node.c:118:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, buf, len);
data/serd-0.30.6/src/node.c:196:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escape_str[4] = { '%', 0, 0, 0 };
data/serd-0.30.6/src/reader.c:94:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, str, n_bytes + 1);
data/serd-0.30.6/src/reader.c:257:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reader->bprefix, prefix, reader->bprefix_len + 1);
data/serd-0.30.6/src/serdi.c:136:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(path, mode);
data/serd-0.30.6/src/system.c:36:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(path, mode);
data/serd-0.30.6/src/uri.c:68:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*hostname, auth, (size_t)(path - auth));
data/serd-0.30.6/src/writer.c:171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)dst->buf, src->buf, src->n_bytes + 1);
data/serd-0.30.6/src/writer.c:188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escape[11] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
data/serd-0.30.6/src/writer.c:914:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writer->bprefix, prefix, writer->bprefix_len + 1);
data/serd-0.30.6/src/writer.c:1010:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t*)chunk->buf + chunk->len, buf, len);
data/serd-0.30.6/tests/read_chunk_test.c:87:15: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* file = tmpfile();
data/serd-0.30.6/tests/serd_test.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/serd-0.30.6/tests/serd_test.c:95:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)buf, string + *count, size * nmemb);
data/serd-0.30.6/tests/serd_test.c:136:27: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* const f = tmpfile();
data/serd-0.30.6/tests/serd_test.c:468:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(path, "wb");
data/serd-0.30.6/tests/serd_test.c:558:24: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* const empty = tmpfile();
data/serd-0.30.6/tests/serd_test.c:605:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* temp = tmpfile();
data/serd-0.30.6/src/node.c:173:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t path_len = strlen((const char*)path);
data/serd-0.30.6/src/node.c:174:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t hostname_len = hostname ? strlen((const char*)hostname) : 0;
data/serd-0.30.6/src/node.c:180:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_len = strlen("file://") + hostname_len + evil;
data/serd-0.30.6/src/reader.c:71:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int c = getc((FILE*)stream);
data/serd-0.30.6/src/reader.c:255:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reader->bprefix_len = strlen((const char*)prefix);
data/serd-0.30.6/src/serdi.c:60:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!serd_strncasecmp(s->name, name, strlen(name))) {
data/serd-0.30.6/src/serdi.c:74:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!serd_strncasecmp(s->extension, ext, strlen(ext))) {
data/serd-0.30.6/src/writer.c:912:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writer->bprefix_len = strlen((const char*)prefix);
data/serd-0.30.6/tests/serd_test.c:90:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*count == 34 || *count == 35 || *count + nmemb >= strlen(string)) {
data/serd-0.30.6/tests/serd_test.c:227:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = node.buf ? strlen((const char*)node.buf) : 0;
data/serd-0.30.6/tests/serd_test.c:247:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen((const char*)node.buf);
data/serd-0.30.6/tests/serd_test.c:265:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(blob.n_bytes == strlen((const char*)blob.buf));
data/serd-0.30.6/tests/serd_test.c:567:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert((size_t)ftell(empty) == strlen("<>\n\t<http://example.org/pred> "));
ANALYSIS SUMMARY:
Hits = 38
Lines analyzed = 7911 in approximately 0.26 seconds (30296 lines/second)
Physical Source Lines of Code (SLOC) = 5828
Hits@level = [0] 40 [1] 13 [2] 21 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 78 [1+] 38 [2+] 25 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 13.3837 [1+] 6.52025 [2+] 4.28964 [3+] 0.686342 [4+] 0.686342 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.