Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sirikali-1.4.7/src/sirikali.cpp
Parsing failed to find end of parameter list; semicolon terminated it in ( [ & ](){
for( auto& it : v ){
auto s = m->readValue( it.favorite().volumePath ) ;
if( !s.isEmpty() ){
it.setPassword( std::move( s ) ) ;
}
}
return true
Examining data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp
Examining data/sirikali-1.4.7/src/3rdParty/tasks/task.hpp
Examining data/sirikali-1.4.7/src/3rdParty/NetworkAccessManager/network_access_manager.hpp
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/fake_wallet_backend.c
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_internal_wallet.h
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_osx_keychain.cpp
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/libsecret.c
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_libsecret.cpp
Parsing failed to find end of parameter list; semicolon terminated it in (walletName,
applicationName,
[&](bool e) {m_opened = e;loop.exit();},
parent,
password,
displayApplicationName);
loop.exec();
return m_opened;
}
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/changepassworddialog.cpp
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_libsecret.h
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_kwallet.cpp
Parsing failed to find end of parameter list; semicolon terminated it in (walletName,
applicationName,
[&](bool e) {opened = e;loop.exit();},
parent,
password,
displayApplicationName);
loop.exec();
return opened;
}
void LXQt::Wallet::kwallet::op
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_wallet.cpp
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_wallet.h
Parsing failed to find end of parameter list; semicolon terminated it in ("test", "test", [this](bool walletIsOpen)
{
if (walletIsOpen)
{
qDebug() << "wallet is open.\n";
this->addKey();
this->
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/password_dialog.cpp
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_kwallet.h
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/changepassworddialog.h
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/task.h
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/password_dialog.h
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_internal_wallet.cpp
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.h
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_osx_keychain.h
Examining data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_osx_keychain_private.h
Examining data/sirikali-1.4.7/src/checkforupdateswindow.cpp
Examining data/sirikali-1.4.7/src/dialogmsg.cpp
Examining data/sirikali-1.4.7/src/systemsignalhandler.h
Examining data/sirikali-1.4.7/src/favorites2.cpp
Parsing failed to find end of parameter list; semicolon terminated it in ( [ this ](){
for( const auto& it : this->readAllKeys() ){
tablewidget::addRow( m_ui->tableWidgetWallet,{ it } ) ;
}
},_hide_ui( [ this ](){ this->hide() ; },bk ),[ this ]( bool opened ){
Examining data/sirikali-1.4.7/src/configfileoption.h
Examining data/sirikali-1.4.7/src/plugin.h
Examining data/sirikali-1.4.7/src/engines/ecryptfscreateoptions.cpp
Examining data/sirikali-1.4.7/src/engines/gocryptfs.h
Examining data/sirikali-1.4.7/src/engines/cryfscreateoptions.cpp
Examining data/sirikali-1.4.7/src/engines/customcreateoptions.h
Examining data/sirikali-1.4.7/src/engines/unknown.cpp
Examining data/sirikali-1.4.7/src/engines/sshfs.cpp
Examining data/sirikali-1.4.7/src/engines/encfscreateoptions.h
Examining data/sirikali-1.4.7/src/engines/cryfscreateoptions.h
Examining data/sirikali-1.4.7/src/engines/cryfs.cpp
Examining data/sirikali-1.4.7/src/engines/custom.h
Examining data/sirikali-1.4.7/src/engines/ecryptfs.cpp
Examining data/sirikali-1.4.7/src/engines/securefs.cpp
Examining data/sirikali-1.4.7/src/engines/fscrypt.h
Examining data/sirikali-1.4.7/src/engines/encfs.h
Examining data/sirikali-1.4.7/src/engines/options.cpp
Examining data/sirikali-1.4.7/src/engines/encfs.cpp
Examining data/sirikali-1.4.7/src/engines/fscryptcreateoptions.h
Examining data/sirikali-1.4.7/src/engines/securefscreateoptions.h
Examining data/sirikali-1.4.7/src/engines/gocryptfs.cpp
Examining data/sirikali-1.4.7/src/engines/unknown.h
Examining data/sirikali-1.4.7/src/engines/custom.cpp
Examining data/sirikali-1.4.7/src/engines/options.h
Examining data/sirikali-1.4.7/src/engines/securefs.h
Examining data/sirikali-1.4.7/src/engines/fscryptcreateoptions.cpp
Examining data/sirikali-1.4.7/src/engines/ecryptfscreateoptions.h
Examining data/sirikali-1.4.7/src/engines/fscrypt.cpp
Examining data/sirikali-1.4.7/src/engines/customcreateoptions.cpp
Examining data/sirikali-1.4.7/src/engines/encfscreateoptions.cpp
Examining data/sirikali-1.4.7/src/engines/sshfs.h
Examining data/sirikali-1.4.7/src/engines/ecryptfs.h
Examining data/sirikali-1.4.7/src/engines/securefscreateoptions.cpp
Examining data/sirikali-1.4.7/src/engines/gocryptfscreateoptions.h
Examining data/sirikali-1.4.7/src/engines/gocryptfscreateoptions.cpp
Examining data/sirikali-1.4.7/src/engines/cryfs.h
Examining data/sirikali-1.4.7/src/utility2.cpp
Examining data/sirikali-1.4.7/src/main.cpp
Examining data/sirikali-1.4.7/src/siripolkit/main.cpp
Examining data/sirikali-1.4.7/src/siripolkit/zulupolkit.cpp
Examining data/sirikali-1.4.7/src/siripolkit/zulupolkit.h
Examining data/sirikali-1.4.7/src/crypto.h
Examining data/sirikali-1.4.7/src/siritask.cpp
Examining data/sirikali-1.4.7/src/readonlywarning.cpp
Examining data/sirikali-1.4.7/src/utility2.h
Examining data/sirikali-1.4.7/src/crypto.cpp
Examining data/sirikali-1.4.7/src/sirikali.h
Examining data/sirikali-1.4.7/src/help.cpp
Examining data/sirikali-1.4.7/src/favorites2.h
Examining data/sirikali-1.4.7/src/checkforupdates.h
Examining data/sirikali-1.4.7/src/dialogok.h
Examining data/sirikali-1.4.7/src/dialogok.cpp
Examining data/sirikali-1.4.7/src/keydialog.h
Examining data/sirikali-1.4.7/src/siritask.h
Examining data/sirikali-1.4.7/src/runinthread.cpp
Examining data/sirikali-1.4.7/src/engines.cpp
Examining data/sirikali-1.4.7/src/createbackendwindow.cpp
Examining data/sirikali-1.4.7/src/tablewidget.cpp
Examining data/sirikali-1.4.7/src/dialogmsg.h
Examining data/sirikali-1.4.7/src/favorites.cpp
Examining data/sirikali-1.4.7/src/configoptions.h
Examining data/sirikali-1.4.7/src/win.cpp
Examining data/sirikali-1.4.7/src/utility.cpp
Examining data/sirikali-1.4.7/src/filemanager.h
Examining data/sirikali-1.4.7/src/help.h
Examining data/sirikali-1.4.7/src/createbackendwindow.h
Examining data/sirikali-1.4.7/src/checkforupdates.cpp
Examining data/sirikali-1.4.7/src/compatibility.hpp
Examining data/sirikali-1.4.7/src/json_parser.hpp
Examining data/sirikali-1.4.7/src/engines.h
Examining data/sirikali-1.4.7/src/volumeinfo.h
Examining data/sirikali-1.4.7/src/debugwindow.cpp
Examining data/sirikali-1.4.7/src/filemanager.cpp
Examining data/sirikali-1.4.7/src/plugins.h
Examining data/sirikali-1.4.7/src/mountinfo.cpp
Examining data/sirikali-1.4.7/src/secrets.h
Examining data/sirikali-1.4.7/src/settings.cpp
Examining data/sirikali-1.4.7/src/systemsignalhandler.cpp
Examining data/sirikali-1.4.7/src/utility.h
Examining data/sirikali-1.4.7/src/mountinfo.h
Examining data/sirikali-1.4.7/src/oneinstance.h
Examining data/sirikali-1.4.7/src/secrets.cpp
Examining data/sirikali-1.4.7/src/configoptions.cpp
Examining data/sirikali-1.4.7/src/plugin.cpp
Examining data/sirikali-1.4.7/src/debugwindow.h
Examining data/sirikali-1.4.7/src/oneinstance.cpp
Examining data/sirikali-1.4.7/src/volumeinfo.cpp
Examining data/sirikali-1.4.7/src/win.h
Examining data/sirikali-1.4.7/src/configfileoption.cpp
Examining data/sirikali-1.4.7/src/keydialog.cpp
Parsing failed to find end of parameter list; semicolon terminated it in ( [](){ return true ; } ) ;
}
}() ;
if( m ){
QString id ;
if( m_create ){
id = m_ui->lineEditFolderPath->text() ;
}else{
id = m_path ;
}
if( w->readValue( id ).isEmpty() ){
Examining data/sirikali-1.4.7/src/readonlywarning.h
Examining data/sirikali-1.4.7/src/tablewidget.h
Examining data/sirikali-1.4.7/src/favorites.h
Examining data/sirikali-1.4.7/src/checkforupdateswindow.h
Examining data/sirikali-1.4.7/src/runinthread.h
Examining data/sirikali-1.4.7/src/settings.h
FINAL RESULTS:
data/sirikali-1.4.7/src/compatibility.hpp:177:19: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
static inline int chown( const char * a,int b,int c )
data/sirikali-1.4.7/src/siripolkit/zulupolkit.cpp:145:8: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if( chown( s.constData(),id,id ) ){}
data/sirikali-1.4.7/src/siripolkit/zulupolkit.cpp:146:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if( chmod( s.constData(),0700 ) ){}
data/sirikali-1.4.7/src/utility.cpp:456:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if( chown( s.constData(),uid,uid ) ){}
data/sirikali-1.4.7/src/utility.cpp:457:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if( chmod( s.constData(),0700 ) ){}
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:1337:86: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define JSON_HEDLEY_PRINTF_FORMAT(string_idx,first_to_check) __declspec(vaformat(printf,string_idx,first_to_check))
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:6047:23: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(cr.data(), cr.size(), "%.2hhX", static_cast<unsigned char>(element_type));
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:8002:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(cr.data(), cr.size(), "%.2hhX", static_cast<unsigned char>(current));
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:9443:23: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(cs.data(), cs.size(), "<U+%.4X>", static_cast<unsigned char>(c));
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:15360:43: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(string_buffer.data() + bytes, 7, "\\u%04x",
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:15366:43: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(string_buffer.data() + bytes, 13, "\\u%04x\\u%04x",
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:15404:35: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(&sn[0], sn.size(), "%.2X", byte);
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:15498:27: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(std::snprintf)(&sn[0], sn.size(), "%.2X", static_cast<std::uint8_t>(s.back()));
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:15700:36: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
std::ptrdiff_t len = (std::snprintf)(number_buffer.data(), number_buffer.size(), "%.*g", d, x);
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:1811:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((struct { char v[sizeof(void) * 2]; } *) 1) \
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:7912:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&result, vec.data(), sizeof(NumberType));
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:13719:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(vec.data(), &n, sizeof(NumberType));
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:13750:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&result, &x, sizeof(x));
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:13851:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&target, &source, sizeof(Source));
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[ PASSWORD_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[ SALT_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:152:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static gcry_error_t _create_key( const char salt[ SALT_SIZE ],char output_key[ PASSWORD_SIZE ],const char * input_key,uint32_t input_key_length ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:152:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static gcry_error_t _create_key( const char salt[ SALT_SIZE ],char output_key[ PASSWORD_SIZE ],const char * input_key,uint32_t input_key_length ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:156:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void _get_iv_from_wallet_header( char iv[ IV_SIZE ],int fd ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:158:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void _get_salt_from_wallet_header( char salt[ SALT_SIZE ],int fd ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:160:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void _get_volume_info( char buffer[ MAGIC_STRING_BUFFER_SIZE + BLOCK_SIZE ],int fd ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:164:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void _create_magic_string_header( char magic_string[ MAGIC_STRING_BUFFER_SIZE ] ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:204:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( first,str,sizeof( uint32_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:205:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( second,str + sizeof( uint32_t ),sizeof( uint32_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ PATH_MAX ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iv[ IV_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[ PASSWORD_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[ SALT_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ MAGIC_STRING_BUFFER_SIZE + BLOCK_SIZE ] = { '\0' } ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:313:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( path,O_WRONLY|O_CREAT,0600 ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iv[ IV_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[ PASSWORD_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[ SALT_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ MAGIC_STRING_BUFFER_SIZE + BLOCK_SIZE ] = { '\0' } ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:351:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_buffer[ FILE_BLOCK_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:374:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_dest = open( destination,O_WRONLY|O_CREAT,0600 ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:378:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_src = open( source,O_RDONLY ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:397:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buffer + MAGIC_STRING_BUFFER_SIZE,&size,sizeof( uint64_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[ PASSWORD_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:450:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( wallet->key,key,PASSWORD_SIZE ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:479:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iv[ IV_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ MAGIC_STRING_BUFFER_SIZE + BLOCK_SIZE ] = { '\0' } ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_buffer[ FILE_BLOCK_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:560:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_src = open( source,O_RDONLY ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:573:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_dest = open( destination,O_WRONLY|O_CREAT,0600 ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:630:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ PATH_MAX ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:640:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( path,O_RDONLY ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:661:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( w->wallet_name,wallet_name,len + 1 ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:671:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( w->application_name,application_name,len + 1 ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:698:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ MAGIC_STRING_BUFFER_SIZE + BLOCK_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:775:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ MAGIC_STRING_BUFFER_SIZE + BLOCK_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:909:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( e,&key_size,sizeof( uint32_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:910:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( e + sizeof( uint32_t ),&key_value_length,sizeof( uint32_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:911:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( e + NODE_HEADER_SIZE,key,key_size ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:912:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( e + NODE_HEADER_SIZE + key_size,value,key_value_length ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1046:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ PATH_MAX ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1078:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iv[ IV_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1079:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ PATH_MAX ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1080:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_1[ PATH_MAX + 16 ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1081:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ MAGIC_STRING_BUFFER_SIZE + BLOCK_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1124:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buffer + MAGIC_STRING_BUFFER_SIZE,&wallet->wallet_data_size,sizeof( uint64_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buffer + MAGIC_STRING_BUFFER_SIZE + sizeof( uint64_t ),&wallet->wallet_data_entry_count,sizeof( uint64_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1139:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( path_1,O_WRONLY|O_CREAT,0600 ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1163:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( path_1,O_WRONLY|O_CREAT,0600 ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ PATH_MAX ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1217:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( e,entry->d_name,len ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ PATH_MAX ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_1[ PATH_MAX - 16 ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ PATH_MAX ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1309:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output_key,digest,output_key_size ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1321:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static gcry_error_t _create_key( const char salt[ SALT_SIZE ],
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1322:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_key[ PASSWORD_SIZE ],const char * input_key,uint32_t input_key_length )
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_key[ PASSWORD_SIZE ] ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1335:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void _get_iv_from_wallet_header( char iv[ IV_SIZE ],int fd )
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1341:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void _get_salt_from_wallet_header( char salt[ SALT_SIZE ],int fd )
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1347:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void _get_volume_info( char buffer[ MAGIC_STRING_BUFFER_SIZE + BLOCK_SIZE ],int fd )
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1356:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &w->wallet_data_size,buffer,sizeof( uint64_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1357:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &w->wallet_data_entry_count,buffer + sizeof( uint64_t ),sizeof( uint64_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1363:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open( "/dev/urandom",O_RDONLY ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1377:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void _create_magic_string_header( char magic_string[ MAGIC_STRING_BUFFER_SIZE ] )
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1383:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( magic_string,MAGIC_STRING,MAGIC_STRING_SIZE ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1387:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( magic_string + MAGIC_STRING_SIZE,&version,sizeof( uint16_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1393:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &version,buffer + MAGIC_STRING_SIZE,sizeof( uint16_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1403:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &version,buffer + MAGIC_STRING_SIZE,sizeof( uint16_t ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/libsecret.c:81:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e = atoi(c);
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/libsecret.c:103:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e = atoi(c);
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/libsecret.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wallet_size[ BUFFER_SIZE ];
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/libsecret.c:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wallet_size[ BUFFER_SIZE ];
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_internal_wallet.cpp:83:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool LXQt::Wallet::internalWallet::open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_internal_wallet.cpp:89:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->open(walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_internal_wallet.cpp:101:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void LXQt::Wallet::internalWallet::open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_internal_wallet.cpp:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ 4096 ];
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_internal_wallet.h:66:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_internal_wallet.h:73:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_kwallet.cpp:58:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool LXQt::Wallet::kwallet::open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_kwallet.cpp:66:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->open(walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_kwallet.cpp:95:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void LXQt::Wallet::kwallet::open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_kwallet.h:57:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_kwallet.h:64:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_libsecret.cpp:89:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool LXQt::Wallet::libsecret::open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_libsecret.cpp:96:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->open(walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_libsecret.cpp:106:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void LXQt::Wallet::libsecret::open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_libsecret.h:57:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_libsecret.h:64:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_osx_keychain.cpp:62:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void LXQt::Wallet::osxKeyChain::open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_osx_keychain.cpp:80:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool LXQt::Wallet::osxKeyChain::open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_osx_keychain.h:57:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_osx_keychain.h:64:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_wallet.cpp:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[4096];
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_wallet.h:229:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_wallet.h:236:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_wallet.h:343:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_wallet->open("test", "test", [this](bool walletIsOpen)
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:218:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool LXQt::Wallet::windows_dpapi::open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:233:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->open(walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:245:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void LXQt::Wallet::windows_dpapi::open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:381:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&test, data, int_size);
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:392:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&s, data + int_size, int_size);
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:407:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&keySize, data, int_size);
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:408:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&valueSize, data + int_size, int_size);
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2 * int_size];
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:428:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buffer, &TEST_VALUE, int_size);
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:432:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buffer + int_size, &s, int_size);
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[header_size];
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:450:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buffer, &keySize, int_size);
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:451:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buffer + int_size, &valueSize, int_size);
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.h:58:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QString &walletName,
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.h:65:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const QString &walletName,
data/sirikali-1.4.7/src/crypto.cpp:70:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( file.open( QIODevice::ReadOnly ) ){
data/sirikali-1.4.7/src/engines/custom.cpp:128:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( file.open( QIODevice::ReadOnly ) ){
data/sirikali-1.4.7/src/favorites2.cpp:808:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_wallet.open( [ this ](){
data/sirikali-1.4.7/src/favorites2.h:135:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open( Args&& ... args )
data/sirikali-1.4.7/src/favorites2.h:137:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_w->wallet.open( std::forward< Args >( args ) ... ) ;
data/sirikali-1.4.7/src/json_parser.hpp:256:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( file.open( QIODevice::WriteOnly ) ){
data/sirikali-1.4.7/src/json_parser.hpp:327:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !f.open( QIODevice::ReadOnly ) ){
data/sirikali-1.4.7/src/keydialog.cpp:1429:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return w.open( [](){ return true ; } ) ;
data/sirikali-1.4.7/src/keydialog.h:367:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( s->open( walletName,appName ) ){
data/sirikali-1.4.7/src/mountinfo.cpp:351:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s.open( QIODevice::ReadOnly ) ;
data/sirikali-1.4.7/src/secrets.cpp:129:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
w.opened = m_wallet->open( wlt.walletName( s ),wlt.applicationName() ) ;
data/sirikali-1.4.7/src/secrets.h:84:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto m = m_wallet->open( s.walletName,s.appName ) ;
data/sirikali-1.4.7/src/secrets.h:98:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
utility2::result< std::result_of_t< Function() > > open( Function&& function )
data/sirikali-1.4.7/src/secrets.h:103:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open()
data/sirikali-1.4.7/src/secrets.h:109:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open( Opened&& o,Before&& b,After&& a )
data/sirikali-1.4.7/src/secrets.h:126:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_wallet->open( s.walletName,s.appName,std::move( a ) ) ;
data/sirikali-1.4.7/src/secrets.h:131:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open( Opened&& ofunction,After&& afunction )
data/sirikali-1.4.7/src/secrets.h:133:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
this->open( std::move( ofunction ),[](){},std::move( afunction ) ) ;
data/sirikali-1.4.7/src/sirikali.cpp:725:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m.open( [ & ](){
data/sirikali-1.4.7/src/sirikali.cpp:1199:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !m.open() ){
data/sirikali-1.4.7/src/sirikali.cpp:1648:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( wallet.open() ){
data/sirikali-1.4.7/src/siripolkit/zulupolkit.cpp:106:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open( QIODevice::WriteOnly ) ;
data/sirikali-1.4.7/src/utility.cpp:1068:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[ 3 ] = { 'Z',':','\0' } ;
data/sirikali-1.4.7/src/utility.cpp:1129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[ 3 ] = { 'G',':','\0' } ;
data/sirikali-1.4.7/src/utility.h:504:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open( QIODevice::ReadOnly ) ;
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:4474:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return std::fgetc(m_file);
data/sirikali-1.4.7/src/3rdParty/json/nlohmann/json.hpp:4835:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auto length = std::strlen(reinterpret_cast<const char*>(b));
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:145:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( read( x,y,z ) ){}
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:411:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
k = (int)read( fd_src,file_buffer,FILE_BLOCK_SIZE ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:654:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( wallet_name ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:664:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( application_name ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1211:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = ( uint32_t )( strlen( entry->d_name ) - strlen( WALLET_EXTENSION ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.c:1211:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = ( uint32_t )( strlen( entry->d_name ) - strlen( WALLET_EXTENSION ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:273:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = lxqt_wallet_create( f,strlen( f ),wallet_name,application_name ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:285:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = lxqt_wallet_open( &wallet,f,strlen( f ),wallet_name,application_name ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:297:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = lxqt_wallet_add_key( wallet,f,strlen( f ) + 1,z,strlen( z ) + 1 ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:297:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = lxqt_wallet_add_key( wallet,f,strlen( f ) + 1,z,strlen( z ) + 1 ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:311:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = lxqt_wallet_open( &wallet,f,strlen( f ),wallet_name,application_name ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:322:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( lxqt_wallet_read_key_value( wallet,f,strlen( f ) + 1,&value ) ){
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:340:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = lxqt_wallet_open( &wallet,f,strlen( f ),wallet_name,application_name ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:369:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = lxqt_wallet_open( &wallet,f,strlen( f ),wallet_name,application_name ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:374:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = lxqt_wallet_delete_key( wallet,f,strlen( f ) + 1 ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:393:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = lxqt_wallet_open( &wallet,f,strlen( f ),wallet_name,application_name ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:398:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = lxqt_wallet_change_wallet_password( wallet,f,strlen( f ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:417:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = lxqt_wallet_open( &wallet,f,strlen( f ),wallet_name,application_name ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:422:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( lxqt_wallet_wallet_has_value( wallet,f,strlen( f ) + 1,&value ) ){
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/backend/lxqtwallet.h:445:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf( "%d\n",lxqt_wallet_volume_version( wallet_name,application_name,f,strlen( f ) ) ) ;
data/sirikali-1.4.7/src/3rdParty/lxqt_wallet/frontend/lxqt_windows_dpapi.cpp:92:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static_cast<ULONG>(strlen(ss)),
data/sirikali-1.4.7/src/engines.h:116:48: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
enum class Operator{ less,lessOrEqual,equal,notEqual,greater,greaterOrEqual } ;
data/sirikali-1.4.7/src/engines.h:137:46: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
case engines::version::Operator::equal : return a == b ;
data/sirikali-1.4.7/src/mountinfo.h:242:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto s = read( m_inotify_fd,buffer.data(),buffer.size() ) ;
data/sirikali-1.4.7/src/siripolkit/zulupolkit.cpp:102:17: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
for( decltype( umask( 0 ) ) i = 0 ; i < 1000 ; i++ ){
data/sirikali-1.4.7/src/siripolkit/zulupolkit.cpp:104:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask( i ) ;
data/sirikali-1.4.7/src/siripolkit/zulupolkit.cpp:151:12: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
auto s = umask( 0 ) ;
data/sirikali-1.4.7/src/siripolkit/zulupolkit.cpp:157:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask( s ) ;
data/sirikali-1.4.7/src/siripolkit/zulupolkit.cpp:260:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = std::getchar() ;
data/sirikali-1.4.7/src/systemsignalhandler.cpp:101:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
::read( sighupFd[ 1 ],&tmp,sizeof( tmp ) ) ;
data/sirikali-1.4.7/src/systemsignalhandler.cpp:120:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
::read( sighupFd[ 1 ],&tmp,sizeof( tmp ) ) ;
data/sirikali-1.4.7/src/utility.cpp:944:13: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = std::getchar() ;
data/sirikali-1.4.7/src/utility.cpp:975:13: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = std::getchar() ;
ANALYSIS SUMMARY:
Hits = 192
Lines analyzed = 58556 in approximately 1.28 seconds (45881 lines/second)
Physical Source Lines of Code (SLOC) = 36904
Hits@level = [0] 14 [1] 35 [2] 143 [3] 0 [4] 9 [5] 5
Hits@level+ = [0+] 206 [1+] 192 [2+] 157 [3+] 14 [4+] 14 [5+] 5
Hits/KSLOC@level+ = [0+] 5.58205 [1+] 5.20269 [2+] 4.25428 [3+] 0.379363 [4+] 0.379363 [5+] 0.135487
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.