Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp Examining data/solarpowerlog-0.24/src/Connections/CAsyncCommand.h Examining data/solarpowerlog-0.24/src/Connections/factories/IConnectFactory.h Examining data/solarpowerlog-0.24/src/Connections/factories/IConnectFactory.cpp Examining data/solarpowerlog-0.24/src/Connections/CConnectDummy.cpp Examining data/solarpowerlog-0.24/src/Connections/interfaces/IConnect.cpp Examining data/solarpowerlog-0.24/src/Connections/interfaces/IConnect.h Examining data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp Examining data/solarpowerlog-0.24/src/Connections/CConnectDummy.h Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnection.cpp Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnectionMaster.h Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnection.h Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnectionMaster.cpp Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnectionSlave.cpp Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnectionSlave.h Examining data/solarpowerlog-0.24/src/Connections/CAsyncCommand.cpp Examining data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.h Examining data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.h Examining data/solarpowerlog-0.24/src/interfaces/CTimedWork.h Examining data/solarpowerlog-0.24/src/interfaces/CMutexHelper.h Examining data/solarpowerlog-0.24/src/interfaces/CDebugHelper.h Examining data/solarpowerlog-0.24/src/interfaces/CWorkScheduler.cpp Examining data/solarpowerlog-0.24/src/interfaces/CCapability.cpp Examining data/solarpowerlog-0.24/src/interfaces/CMutexHelper.cpp Examining data/solarpowerlog-0.24/src/interfaces/CTimedWork.cpp Examining data/solarpowerlog-0.24/src/interfaces/CCapability.h Examining data/solarpowerlog-0.24/src/interfaces/CWorkScheduler.h Examining data/solarpowerlog-0.24/src/interfaces/CDebugHelper.cpp Examining data/solarpowerlog-0.24/src/daemon.h Examining data/solarpowerlog-0.24/src/DataFilters/interfaces/IDataFilter.h Examining data/solarpowerlog-0.24/src/DataFilters/interfaces/factories/IDataFilterFactory.h Examining data/solarpowerlog-0.24/src/DataFilters/interfaces/factories/IDataFilterFactory.cpp Examining data/solarpowerlog-0.24/src/DataFilters/interfaces/IDataFilter.cpp Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/CFormaterWebRootStrip.cpp Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/IFormater.h Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/CFormatterSearchCSVEntry.h Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/CFormatterSearchCSVEntry.cpp Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/CFormaterWebRootStrip.h Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/IFormater.cpp Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.h Examining data/solarpowerlog-0.24/src/DataFilters/CCSVOutputFilter.cpp Examining data/solarpowerlog-0.24/src/DataFilters/CCSVOutputFilter.h Examining data/solarpowerlog-0.24/src/DataFilters/CDumpOutputFilter.h Examining data/solarpowerlog-0.24/src/DataFilters/CDumpOutputFilter.cpp Examining data/solarpowerlog-0.24/src/daemon.cpp Examining data/solarpowerlog-0.24/src/configuration/ILogger.cpp Examining data/solarpowerlog-0.24/src/configuration/CConfigHelper.cpp Examining data/solarpowerlog-0.24/src/configuration/ILogger.h Examining data/solarpowerlog-0.24/src/configuration/Registry.h Examining data/solarpowerlog-0.24/src/configuration/CConfigHelper.h Examining data/solarpowerlog-0.24/src/configuration/Registry.cpp Examining data/solarpowerlog-0.24/src/porting.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandSoftwareVersion.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandSoftwareVersion.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandTYP.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/ISputnikCommand.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommand.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandSYS.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandSYS.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/ISputnikCommand.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOOnce.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOAlways.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/ISputnikCommandBackoffStrategy.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/ISputnikCommandBackoffStrategy.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOIfSupported.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOTimed.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOOnce.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOTimed.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOAlways.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOIfSupported.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommand.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandTYP.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterFactorySputnik.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.h Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterFactorySputnik.cpp Examining data/solarpowerlog-0.24/src/Inverters/factories/InverterFactoryFactory.h Examining data/solarpowerlog-0.24/src/Inverters/factories/IInverterFactory.cpp Examining data/solarpowerlog-0.24/src/Inverters/factories/IInverterFactory.h Examining data/solarpowerlog-0.24/src/Inverters/factories/InverterFactoryFactory.cpp Examining data/solarpowerlog-0.24/src/Inverters/interfaces/ICapaIterator.cpp Examining data/solarpowerlog-0.24/src/Inverters/interfaces/CNestedCapaIterator.cpp Examining data/solarpowerlog-0.24/src/Inverters/interfaces/InverterBase.cpp Examining data/solarpowerlog-0.24/src/Inverters/interfaces/InverterBase.h Examining data/solarpowerlog-0.24/src/Inverters/interfaces/ICapaIterator.h Examining data/solarpowerlog-0.24/src/Inverters/interfaces/CNestedCapaIterator.h Examining data/solarpowerlog-0.24/src/Inverters/Capabilites.h Examining data/solarpowerlog-0.24/src/Inverters/BasicCommands.h Examining data/solarpowerlog-0.24/src/Inverters/DummyInverter/CInverterDummy.cpp Examining data/solarpowerlog-0.24/src/Inverters/DummyInverter/CInverterFactoryDummy.h Examining data/solarpowerlog-0.24/src/Inverters/DummyInverter/CInverterFactoryDummy.cpp Examining data/solarpowerlog-0.24/src/Inverters/DummyInverter/CInverterDummy.h Examining data/solarpowerlog-0.24/src/ctemplate/ctemplate.c Examining data/solarpowerlog-0.24/src/ctemplate/ctemplate.h Examining data/solarpowerlog-0.24/src/patterns/ICommandTarget.h Examining data/solarpowerlog-0.24/src/patterns/ICommand.cpp Examining data/solarpowerlog-0.24/src/patterns/ICommandTarget.cpp Examining data/solarpowerlog-0.24/src/patterns/IObserverObserver.cpp Examining data/solarpowerlog-0.24/src/patterns/CValue.h Examining data/solarpowerlog-0.24/src/patterns/ICommand.h Examining data/solarpowerlog-0.24/src/patterns/IValue.h Examining data/solarpowerlog-0.24/src/patterns/IValue.cpp Examining data/solarpowerlog-0.24/src/patterns/IObserverObserver.h Examining data/solarpowerlog-0.24/src/patterns/IObserverSubject.h Examining data/solarpowerlog-0.24/src/patterns/IObserverSubject.cpp Examining data/solarpowerlog-0.24/src/solarpowerlog.cpp FINAL RESULTS: data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:75:50: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. asyncASIOCompletionHandler(size_t *b, boost::system::error_code *ec) data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:81:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void operator()(const boost::system::error_code& e, data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:90:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code *ec; data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:112:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:421:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:457:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. } catch (boost::system::system_error &e) { data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:474:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec, ec2; data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:524:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec, handlerec; data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:731:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec, handlerec; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:71:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. asyncASIOCompletionHandler( size_t *b, boost::system::error_code *ec ) data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:75:32: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void operator()( const boost::system::error_code& e, data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:82:32: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void operator() (const boost::system::error_code& e) data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:90:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code *ec; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:122:16: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:340:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code handlerec; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:378:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:449:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec, ec2; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:502:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:503:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code read_handlerec; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:671:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:672:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code write_handlerec; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:844:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:851:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. } catch (boost::system::system_error &e) { data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1145:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(newfile, inclfile); data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1147:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newfile, parentfile); data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1149:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cp == 0 ? newfile : cp + 1, inclfile + 4); data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1319:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(var->value, value); data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1320:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). var->name = strcpy(var->value + vlen, name); data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1460:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newfmt->name, name); data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:434:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ec = port->open(portname, ec); data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:529:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2] = {0,0}; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:507:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]; data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:620:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recved[avail + 2]; data/solarpowerlog-0.24/src/DataFilters/CCSVOutputFilter.cpp:293:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[tmp.size() + 10]; data/solarpowerlog-0.24/src/DataFilters/CCSVOutputFilter.cpp:309:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(tmp.c_str(), fstream::out | fstream::in | fstream::app data/solarpowerlog-0.24/src/DataFilters/CCSVOutputFilter.cpp:315:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(tmp.c_str(), fstream::out | fstream::app | fstream::binary); data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp:309:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fs.open(s.c_str(), fstream::out | fstream::trunc | fstream::binary); data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp:314:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fs.open(s.c_str(), fstream::out | fstream::app | fstream::binary); data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp:515:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[htmlfile.size() + 10]; //note: the %s will be removed, so +10 is enough. data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp:524:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(buf, "w+"); data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp:530:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(htmlfile.c_str(), "w+"); data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:652:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:654:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%02x", (unsigned char) s[i]); data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:780:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:531:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:533:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%02x", (unsigned char)s[i]); data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:696:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:698:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%02x", (unsigned char)s[i]); data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:895:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/solarpowerlog-0.24/src/configuration/CConfigHelper.h:352:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. store = (const char *)set[setting.c_str()][index]; data/solarpowerlog-0.24/src/configuration/CConfigHelper.h:385:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. store = (const char *) set[i][index]; data/solarpowerlog-0.24/src/configuration/CConfigHelper.h:409:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. store = (const char *) set[i][index]; data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1]; /* name of format function */ data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[1]; /* value and name stored here */ data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:241:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) != 0 && data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:494:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, p, i); data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:715:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((level = atoi(value)) < 1 || level > t->loop_depth) { data/solarpowerlog-0.24/src/daemon.cpp:107:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pidfile_fd = open(pidfile.c_str(),O_WRONLY | O_CREAT | O_EXCL, data/solarpowerlog-0.24/src/daemon.cpp:172:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/solarpowerlog-0.24/src/solarpowerlog.cpp:207:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/solarpowerlog-0.24/src/solarpowerlog.cpp:369:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. name = (const char *) rt[i]["name"]; data/solarpowerlog-0.24/src/solarpowerlog.cpp:370:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. manufactor = (const char *) rt[i]["manufactor"]; data/solarpowerlog-0.24/src/solarpowerlog.cpp:371:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. model = (const char *) rt[i]["model"]; data/solarpowerlog-0.24/src/solarpowerlog.cpp:445:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. name = (const char *) rt[i]["name"]; data/solarpowerlog-0.24/src/solarpowerlog.cpp:446:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. previousfilter = (const char *) rt[i]["datasource"]; data/solarpowerlog-0.24/src/solarpowerlog.cpp:447:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. type = (const char *) rt[i]["type"]; data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:782:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf) + telegram.length() + 10 + 6; data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:925:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while (++i < strlen(delimiters)); data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:937:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while (++i < strlen(delimiters)); data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:955:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while (++i < strlen(delimiters)); data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:964:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while (++i < strlen(delimiters)); data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:1041:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while (++i < strlen(delimiters)); data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:1052:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while (++i < strlen(delimiters)); data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:1070:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while (++i < strlen(delimiters)); data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:1078:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while (++i < strlen(delimiters)); data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:456:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i = strlen(attrname); data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1143:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newfile = mymalloc(strlen(parentfile) + strlen(inclfile)); data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1143:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newfile = mymalloc(strlen(parentfile) + strlen(inclfile)); data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1316:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(name) + 1; data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1317:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vlen = strlen(value) + 1; data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1459:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newfmt = (TMPL_fmtlist *) mymalloc(sizeof(*newfmt) + strlen(name)); data/solarpowerlog-0.24/src/daemon.cpp:165:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0); data/solarpowerlog-0.24/src/daemon.cpp:174:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(pidfile_fd,buf,strlen(buf)); ANALYSIS SUMMARY: Hits = 84 Lines analyzed = 19489 in approximately 0.50 seconds (39042 lines/second) Physical Source Lines of Code (SLOC) = 9950 Hits@level = [0] 27 [1] 17 [2] 38 [3] 0 [4] 29 [5] 0 Hits@level+ = [0+] 111 [1+] 84 [2+] 67 [3+] 29 [4+] 29 [5+] 0 Hits/KSLOC@level+ = [0+] 11.1558 [1+] 8.44221 [2+] 6.73367 [3+] 2.91457 [4+] 2.91457 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.