Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/thrift-0.13.0/tutorial/c_glib/c_glib_server.c
Examining data/thrift-0.13.0/tutorial/c_glib/c_glib_client.c
Examining data/thrift-0.13.0/tutorial/cpp/CppClient.cpp
Examining data/thrift-0.13.0/tutorial/cpp/CppServer.cpp
Examining data/thrift-0.13.0/test/threads/ThreadsClient.cpp
Examining data/thrift-0.13.0/test/threads/ThreadsServer.cpp
Examining data/thrift-0.13.0/test/c_glib/src/thrift_second_service_handler.c
Examining data/thrift-0.13.0/test/c_glib/src/thrift_second_service_handler.h
Examining data/thrift-0.13.0/test/c_glib/src/test_client.c
Examining data/thrift-0.13.0/test/c_glib/src/thrift_test_handler.h
Examining data/thrift-0.13.0/test/c_glib/src/test_server.c
Examining data/thrift-0.13.0/test/c_glib/src/thrift_test_handler.c
Examining data/thrift-0.13.0/test/cpp/src/StressTest.cpp
Examining data/thrift-0.13.0/test/cpp/src/ThriftTest_extras.cpp
Examining data/thrift-0.13.0/test/cpp/src/StressTestNonBlocking.cpp
Examining data/thrift-0.13.0/test/cpp/src/TestServer.cpp
Examining data/thrift-0.13.0/test/cpp/src/TestClient.cpp
Examining data/thrift-0.13.0/config.h
Examining data/thrift-0.13.0/contrib/zeromq/test-sender.cpp
Examining data/thrift-0.13.0/contrib/zeromq/TZmqServer.cpp
Examining data/thrift-0.13.0/contrib/zeromq/TZmqClient.h
Examining data/thrift-0.13.0/contrib/zeromq/test-client.cpp
Examining data/thrift-0.13.0/contrib/zeromq/test-receiver.cpp
Examining data/thrift-0.13.0/contrib/zeromq/test-server.cpp
Examining data/thrift-0.13.0/contrib/zeromq/TZmqServer.h
Examining data/thrift-0.13.0/contrib/zeromq/TZmqClient.cpp
Examining data/thrift-0.13.0/contrib/transport-sample/client/targetver.h
Examining data/thrift-0.13.0/contrib/transport-sample/client/stdafx.cpp
Examining data/thrift-0.13.0/contrib/transport-sample/client/stdafx.h
Examining data/thrift-0.13.0/contrib/transport-sample/client/client.cpp
Examining data/thrift-0.13.0/contrib/transport-sample/ThriftCommon.cpp
Examining data/thrift-0.13.0/contrib/transport-sample/config.h
Examining data/thrift-0.13.0/contrib/transport-sample/server/targetver.h
Examining data/thrift-0.13.0/contrib/transport-sample/server/stdafx.cpp
Examining data/thrift-0.13.0/contrib/transport-sample/server/stdafx.h
Examining data/thrift-0.13.0/contrib/transport-sample/server/server.cpp
Examining data/thrift-0.13.0/contrib/transport-sample/ThriftCommon.h
Examining data/thrift-0.13.0/contrib/thrift_dump.cpp
Examining data/thrift-0.13.0/contrib/async-test/test-server.cpp
Examining data/thrift-0.13.0/contrib/fb303/TClientInfo.h
Examining data/thrift-0.13.0/contrib/fb303/TClientInfo.cpp
Examining data/thrift-0.13.0/contrib/fb303/cpp/ServiceTracker.cpp
Examining data/thrift-0.13.0/contrib/fb303/cpp/FacebookBase.h
Examining data/thrift-0.13.0/contrib/fb303/cpp/ServiceTracker.h
Examining data/thrift-0.13.0/contrib/fb303/cpp/FacebookBase.cpp
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/thrifty.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/common.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/thriftl.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/logging.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_html_generator.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_erl_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_haxe_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_html_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_delphi_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netstd_generator.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_swift_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_xml_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_perl_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_c_glib_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_xsd_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netstd_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_lua_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_st_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_go_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cl_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netcore_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_java_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_py_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_gv_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_dart_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netcore_generator.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_rs_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_csharp_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_generator_registry.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_d_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_javame_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_oop_generator.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_as3_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_ocaml_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_js_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_hs_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_rb_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_generator.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_json_generator.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/parse.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_base_type.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_set.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_const_value.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_struct.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_service.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_field.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_list.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_container.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_enum.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_enum_value.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_map.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_typedef.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_type.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_typedef.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_function.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_doc.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_program.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_scope.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/parse/t_const.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/platform.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/globals.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/main.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/audit/t_audit.h
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/audit/t_audit.cpp
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc
Examining data/thrift-0.13.0/compiler/cpp/src/thrift/common.cc
Examining data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc
Examining data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.h
Examining data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/thrift_struct.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/thrift_struct.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/thrift.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/thrift_application_exception.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/processor/thrift_processor.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/processor/thrift_multiplexed_processor.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/processor/thrift_multiplexed_processor.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/processor/thrift_dispatch_processor.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/processor/thrift_dispatch_processor.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/processor/thrift_processor.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/server/thrift_server.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/server/thrift_simple_server.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/server/thrift_simple_server.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/server/thrift_server.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/thrift.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_socket.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_socket.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_fd_transport.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_platform_socket.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_transport.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_server_socket.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport_factory.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport_factory.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_memory_buffer.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport_factory.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_transport_factory.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_memory_buffer.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_server_transport.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_fd_transport.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_server_socket.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_transport_factory.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport_factory.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_transport.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_server_transport.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_compact_protocol_factory.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_protocol_factory.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_multiplexed_protocol.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_protocol.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_protocol_decorator.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_compact_protocol.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_binary_protocol.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_compact_protocol.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_protocol_decorator.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_protocol_factory.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_multiplexed_protocol.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_stored_message_protocol.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_binary_protocol_factory.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_binary_protocol_factory.h
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_stored_message_protocol.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_binary_protocol.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_compact_protocol_factory.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_protocol.c
Examining data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/thrift_application_exception.c
Examining data/thrift-0.13.0/lib/c_glib/test/testmemorybuffer.c
Examining data/thrift-0.13.0/lib/c_glib/test/testoptionalrequired.c
Examining data/thrift-0.13.0/lib/c_glib/test/testserialization.c
Examining data/thrift-0.13.0/lib/c_glib/test/testcontainertest.c
Examining data/thrift-0.13.0/lib/c_glib/test/testframedtransport.c
Examining data/thrift-0.13.0/lib/c_glib/test/teststruct.c
Examining data/thrift-0.13.0/lib/c_glib/test/testthrifttest.c
Examining data/thrift-0.13.0/lib/c_glib/test/testthrifttestclient.cpp
Examining data/thrift-0.13.0/lib/c_glib/test/testtransportsslsocket.c
Examining data/thrift-0.13.0/lib/c_glib/test/testbinaryprotocol.c
Examining data/thrift-0.13.0/lib/c_glib/test/testfdtransport.c
Examining data/thrift-0.13.0/lib/c_glib/test/testcompactprotocol.c
Examining data/thrift-0.13.0/lib/c_glib/test/testsimpleserver.c
Examining data/thrift-0.13.0/lib/c_glib/test/testapplicationexception.c
Examining data/thrift-0.13.0/lib/c_glib/test/testbufferedtransport.c
Examining data/thrift-0.13.0/lib/c_glib/test/testtransportsocket.c
Examining data/thrift-0.13.0/lib/c_glib/test/testdebugproto.c
Examining data/thrift-0.13.0/lib/cpp/src/thrift/TApplicationException.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/TOutput.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/TBase.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/thrift-config.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/TProcessor.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/TDispatchProcessor.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/SocketPair.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/OverlappedSubmissionThread.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/WinFcntl.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/TWinsockSingleton.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/Sync.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/SocketPair.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/GetTimeOfDay.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/config.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/TWinsockSingleton.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/GetTimeOfDay.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/WinFcntl.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/Operators.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/windows/OverlappedSubmissionThread.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/TToString.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/TLogging.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/TApplicationException.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TEvhttpClientChannel.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TAsyncProtocolProcessor.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TAsyncChannel.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TAsyncBufferProcessor.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TEvhttpServer.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TEvhttpClientChannel.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TAsyncProtocolProcessor.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TAsyncDispatchProcessor.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TConcurrentClientSyncInfo.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TAsyncProcessor.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TConcurrentClientSyncInfo.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TEvhttpServer.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/async/TAsyncChannel.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/processor/StatsProcessor.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/processor/PeekProcessor.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/processor/TMultiplexedProcessor.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/processor/PeekProcessor.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TThreadedServer.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TThreadPoolServer.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TThreadedServer.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TNonblockingServer.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TConnectedClient.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TNonblockingServer.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TConnectedClient.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TServer.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TSimpleServer.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TSimpleServer.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TServerFramework.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TServer.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TThreadPoolServer.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/server/TServerFramework.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/thrift_export.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpClient.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocketPool.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TZlibTransport.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLServerSocket.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TServerTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLServerSocket.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpClient.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSimpleFileTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFDTransport.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocketPool.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportException.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TVirtualTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TServerSocket.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/PlatformSocket.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportException.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipeServer.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TNonblockingServerSocket.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TServerSocket.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpServer.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFDTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TZlibTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSimpleFileTransport.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TNonblockingSSLServerSocket.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipeServer.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TShortReadTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TNonblockingServerTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpServer.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TNonblockingSSLServerSocket.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/TNonblockingServerSocket.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpTransport.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/TOutput.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/VirtualProfiling.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TMultiplexedProtocol.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TVirtualProtocol.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TDebugProtocol.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TDebugProtocol.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TProtocol.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TProtocolTap.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/THeaderProtocol.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TBase64Utils.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/THeaderProtocol.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TCompactProtocol.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TProtocolException.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TProtocol.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TBase64Utils.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TBinaryProtocol.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TProtocolTypes.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TMultiplexedProtocol.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TProtocolDecorator.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/TimerManager.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/ThreadManager.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/ThreadManager.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/Monitor.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/Thread.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/Thread.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/ThreadFactory.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/TimerManager.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/Exception.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/Monitor.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/FunctionRunner.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/ThreadFactory.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/Mutex.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/concurrency/Mutex.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/qt/TQIODeviceTransport.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/qt/TQTcpServer.cpp
Examining data/thrift-0.13.0/lib/cpp/src/thrift/qt/TQIODeviceTransport.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/qt/TQTcpServer.h
Examining data/thrift-0.13.0/lib/cpp/src/thrift/Thrift.h
Examining data/thrift-0.13.0/lib/cpp/test/TMemoryBufferTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TServerSocketTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/UnitTestMain.cpp
Examining data/thrift-0.13.0/lib/cpp/test/EnumTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/JSONProtoTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TTransportCheckThrow.h
Examining data/thrift-0.13.0/lib/cpp/test/Benchmark.cpp
Examining data/thrift-0.13.0/lib/cpp/test/AnnotationTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/RenderedDoubleConstantsTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/OptionalRequiredTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TBufferBaseTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/ThriftTest_extras.cpp
Examining data/thrift-0.13.0/lib/cpp/test/ZlibTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TFDTransportTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/GenericHelpers.h
Examining data/thrift-0.13.0/lib/cpp/test/TSocketInterruptTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TNonblockingServerTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TFileTransportTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/ToStringTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/Base64Test.cpp
Examining data/thrift-0.13.0/lib/cpp/test/AllProtocolTests.cpp
Examining data/thrift-0.13.0/lib/cpp/test/DebugProtoTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/processor/ServerThread.h
Examining data/thrift-0.13.0/lib/cpp/test/processor/EventLog.cpp
Examining data/thrift-0.13.0/lib/cpp/test/processor/EventLog.h
Examining data/thrift-0.13.0/lib/cpp/test/processor/ServerThread.cpp
Examining data/thrift-0.13.0/lib/cpp/test/processor/ProcessorTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/processor/Handlers.h
Examining data/thrift-0.13.0/lib/cpp/test/TServerTransportTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/OpenSSLManualInitTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/SpecializationTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/concurrency/TimerManagerTests.h
Examining data/thrift-0.13.0/lib/cpp/test/concurrency/Tests.cpp
Examining data/thrift-0.13.0/lib/cpp/test/concurrency/ThreadManagerTests.h
Examining data/thrift-0.13.0/lib/cpp/test/concurrency/ThreadFactoryTests.h
Examining data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/qt/TQTcpServerTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TPipedTransportTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/OneWayHTTPTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/RecursiveTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/link/TemplatedService2.cpp
Examining data/thrift-0.13.0/lib/cpp/test/link/LinkTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/link/TemplatedService1.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TPipeInterruptTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/DebugProtoTest_extras.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TNonblockingSSLServerTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/TypedefTest.cpp
Examining data/thrift-0.13.0/lib/cpp/test/SecurityTest.cpp
Examining data/thrift-0.13.0/lib/rb/ext/thrift_native.c
Examining data/thrift-0.13.0/lib/rb/ext/bytes.c
Examining data/thrift-0.13.0/lib/rb/ext/bytes.h
Examining data/thrift-0.13.0/lib/rb/ext/protocol.h
Examining data/thrift-0.13.0/lib/rb/ext/compact_protocol.c
Examining data/thrift-0.13.0/lib/rb/ext/binary_protocol_accelerated.h
Examining data/thrift-0.13.0/lib/rb/ext/constants.h
Examining data/thrift-0.13.0/lib/rb/ext/compact_protocol.h
Examining data/thrift-0.13.0/lib/rb/ext/memory_buffer.c
Examining data/thrift-0.13.0/lib/rb/ext/strlcpy.h
Examining data/thrift-0.13.0/lib/rb/ext/binary_protocol_accelerated.c
Examining data/thrift-0.13.0/lib/rb/ext/strlcpy.c
Examining data/thrift-0.13.0/lib/rb/ext/memory_buffer.h
Examining data/thrift-0.13.0/lib/rb/ext/macros.h
Examining data/thrift-0.13.0/lib/rb/ext/struct.c
Examining data/thrift-0.13.0/lib/rb/ext/struct.h
Examining data/thrift-0.13.0/lib/rb/ext/protocol.c
Examining data/thrift-0.13.0/lib/py/src/ext/endian.h
Examining data/thrift-0.13.0/lib/py/src/ext/binary.cpp
Examining data/thrift-0.13.0/lib/py/src/ext/protocol.h
Examining data/thrift-0.13.0/lib/py/src/ext/module.cpp
Examining data/thrift-0.13.0/lib/py/src/ext/compact.h
Examining data/thrift-0.13.0/lib/py/src/ext/binary.h
Examining data/thrift-0.13.0/lib/py/src/ext/types.cpp
Examining data/thrift-0.13.0/lib/py/src/ext/types.h
Examining data/thrift-0.13.0/lib/py/src/ext/compact.cpp
Examining data/thrift-0.13.0/lib/py/compat/win32/stdint.h
Examining data/thrift-0.13.0/lib/lua/src/longnumberutils.c
Examining data/thrift-0.13.0/lib/lua/src/luabpack.c
Examining data/thrift-0.13.0/lib/lua/src/usocket.c
Examining data/thrift-0.13.0/lib/lua/src/socket.h
Examining data/thrift-0.13.0/lib/lua/src/lualongnumber.c
Examining data/thrift-0.13.0/lib/lua/src/luabitwise.c
Examining data/thrift-0.13.0/lib/lua/src/luasocket.c
FINAL RESULTS:
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_go_generator.cc:2583:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(f_remote_name.c_str(),
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_py_generator.cc:1777:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(f_remote_name.c_str(),
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipeServer.cpp:396:8: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
if (!SetSecurityDescriptorDacl(&sd, true, NULL, false))
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipeServer.cpp:396:8: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
if (!SetSecurityDescriptorDacl(&sd, true, NULL, false))
data/thrift-0.13.0/compiler/cpp/src/thrift/audit/t_audit.cpp:37:4: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/thrift-0.13.0/compiler/cpp/src/thrift/audit/t_audit.cpp:46:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_swift_generator.cc:1002:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
out << indent() << access << " static var fieldIds: [String: Int32]";
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_swift_generator.cc:1019:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
out << indent() << access << " static var structName: String { return \""
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:173:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(resolved_path, path);
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:175:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(resolved_path, buf);
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:234:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:252:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:268:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:284:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, args);
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:298:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:544:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(doctext, docstring.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/thrifty.cc:904:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/thrift-0.13.0/contrib/transport-sample/ThriftCommon.cpp:21:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(handles, "%s %d %d", app.c_str(),
data/thrift-0.13.0/contrib/transport-sample/client/client.cpp:45:6: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
r = vprintf (_Format, ap);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_platform_socket.h:60:27: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define THRIFT_SNPRINTF _snprintf
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_platform_socket.h:108:27: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define THRIFT_SNPRINTF snprintf
data/thrift-0.13.0/lib/cpp/src/thrift/TLogging.h:78:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/thrift-0.13.0/lib/cpp/src/thrift/TLogging.h:114:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/thrift-0.13.0/lib/cpp/src/thrift/TLogging.h:135:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/thrift-0.13.0/lib/cpp/src/thrift/TOutput.cpp:34:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void TOutput::printf(const char* message, ...) {
data/thrift-0.13.0/lib/cpp/src/thrift/TOutput.cpp:55:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int need = vsnprintf(stack_buf, STACK_BUF_SIZE, message, ap);
data/thrift-0.13.0/lib/cpp/src/thrift/TOutput.cpp:77:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int rval = vsnprintf(heap_buf, need + 1, message, ap);
data/thrift-0.13.0/lib/cpp/src/thrift/TOutput.h:45:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void printf(const char* message, ...);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/PlatformSocket.h:65:29: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define THRIFT_SNPRINTF _snprintf
data/thrift-0.13.0/lib/cpp/src/thrift/transport/PlatformSocket.h:67:29: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define THRIFT_SNPRINTF snprintf
data/thrift-0.13.0/lib/cpp/src/thrift/transport/PlatformSocket.h:122:27: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define THRIFT_SNPRINTF snprintf
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpServer.cpp:155:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff,
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.cpp:917:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ssl->access(access_);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.h:100:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
virtual void access(std::shared_ptr<AccessManager> manager) { access_ = manager; }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.h:302:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
virtual void access(std::shared_ptr<AccessManager> manager) { access_ = manager; }
data/thrift-0.13.0/lib/cpp/src/thrift/windows/GetTimeOfDay.cpp:93:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(_buf, ctime(_clock));
data/thrift-0.13.0/lib/cpp/test/processor/EventLog.cpp:36:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/thrift-0.13.0/lib/lua/src/lualongnumber.c:34:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, len, "%"PRId64, val);
data/thrift-0.13.0/lib/lua/src/lualongnumber.c:42:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rv = sscanf(buf, "%"PRIx64, &data);
data/thrift-0.13.0/lib/lua/src/lualongnumber.c:44:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rv = sscanf(buf, "%"PRId64, &data);
data/thrift-0.13.0/lib/lua/src/luasocket.c:49:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s expected, got %s", expected, luaL_typename(L, index));
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:188:10: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
return realpath(path, resolved_path);
data/thrift-0.13.0/lib/cpp/src/thrift/windows/Sync.h:41:24: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
TCriticalSection() { InitializeCriticalSection(&cs); }
data/thrift-0.13.0/lib/cpp/src/thrift/windows/Sync.h:50:60: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
explicit TAutoCrit(TCriticalSection& cs) : cs_(&cs.cs) { EnterCriticalSection(cs_); }
data/thrift-0.13.0/lib/cpp/test/TBufferBaseTest.cpp:167:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(42);
data/thrift-0.13.0/lib/cpp/test/TFileTransportTest.cpp:356:19: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int optchar = getopt_long(argc, argv, "ht:", long_opts, nullptr);
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:270:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* tmp_dir = getenv("TMP");
data/thrift-0.13.0/lib/cpp/test/concurrency/Tests.cpp:42:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("VALGRIND") != nullptr) {
data/thrift-0.13.0/lib/cpp/test/processor/EventLog.cpp:30:38: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
static const char * DEBUG_EVENTLOG = getenv("DEBUG_EVENTLOG");
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_as3_generator.cc:357:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_enum.open(f_enum_name);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_as3_generator.cc:420:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_as3_generator.cc:648:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct.open(f_struct_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_as3_generator.cc:1426:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_as3_generator.cc:1452:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_as3_generator.cc:1487:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_c_glib_generator.cc:234:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_c_glib_generator.cc:236:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_impl_.open(f_types_impl_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_c_glib_generator.cc:456:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_header_.open(f_header_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_c_glib_generator.cc:483:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cl_generator.cc:131:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cl_generator.cc:133:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_vars_.open(f_vars_name);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cl_generator.cc:142:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_asd_.open(f_asd_name);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:391:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:394:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_impl_.open(f_types_impl_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:400:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_tcc_.open(f_types_tcc_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:684:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:688:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts_impl.open(f_consts_impl_name);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:1755:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_header_.open(f_header_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:1791:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:1802:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_tcc_.open(f_service_tcc_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:2119:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_skeleton.open(f_skeleton_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:3734:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_skeleton.open(f_skeleton_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_csharp_generator.cc:444:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_enum.open(f_enum_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_csharp_generator.cc:477:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_csharp_generator.cc:678:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct.open(f_struct_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_csharp_generator.cc:1240:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_union.open(f_union_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_csharp_generator.cc:1451:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_d_generator.cc:103:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_d_generator.cc:130:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_d_generator.cc:213:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service.open(f_servicename.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_d_generator.cc:351:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_skeleton.open(f_skeletonname.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_dart_generator.cc:395:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_library.open(f_library_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_dart_generator.cc:417:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_pubspec.open(f_pubspec_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_dart_generator.cc:482:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_enum.open(f_enum_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_dart_generator.cc:544:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_dart_generator.cc:744:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct.open(f_struct_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_dart_generator.cc:1391:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_delphi_generator.cc:789:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_all.open(f_name);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_erl_generator.cc:263:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_file_.open(f_types_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_erl_generator.cc:264:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_hrl_file_.open(f_types_hrl_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_erl_generator.cc:281:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts_file_.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_erl_generator.cc:282:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts_hrl_file_.open(f_consts_hrl_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_erl_generator.cc:902:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_file_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_erl_generator.cc:903:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_hrl_.open(f_service_hrl_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_generator.cc:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_generator.h:393:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(std::string const& output_file_path_) {
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_generator.h:410:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
old_file.open(output_file_path.c_str(), std::ios::in);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_generator.h:427:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_file.open(output_file_path.c_str(), std::ios::out);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_go_generator.cc:751:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name_);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_go_generator.cc:754:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts_.open(f_consts_name_);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_go_generator.cc:766:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_unused_prot_.open(f_unused_prot_name_.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_go_generator.cc:2146:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_remote.open(f_remote_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_gv_generator.cc:108:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_out_.open(fname.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_haxe_generator.cc:390:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_enum.open(f_enum_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_haxe_generator.cc:452:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_haxe_generator.cc:680:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct.open(f_struct_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_haxe_generator.cc:1479:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_haxe_generator.cc:1502:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_haxe_generator.cc:1526:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_hs_generator.cc:193:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_hs_generator.cc:196:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts_.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_hs_generator.cc:828:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_hs_generator.cc:964:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_iface_.open(f_iface_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_hs_generator.cc:1008:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_client_.open(f_client_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_html_generator.cc:252:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_out_.open(fname.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_html_generator.cc:333:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_out_.open(index_fname.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_html_generator.cc:352:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_out_.open(css_fname.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_java_generator.cc:495:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_enum.open(f_enum_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_java_generator.cc:593:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_java_generator.cc:813:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct.open(f_struct_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_java_generator.cc:831:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct.open(f_struct_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_java_generator.cc:2850:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_javame_generator.cc:333:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_enum.open(f_enum_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_javame_generator.cc:412:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_javame_generator.cc:642:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct.open(f_struct_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_javame_generator.cc:659:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct.open(f_struct_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_javame_generator.cc:1869:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_javame_generator.cc:1898:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_iface.open(f_interface_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_js_generator.cc:447:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_episode_.open(f_episode_file_path);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_js_generator.cc:451:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_js_generator.cc:459:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_ts_.open(f_types_ts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_js_generator.cc:1194:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_js_generator.cc:1201:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_ts_.open(f_service_ts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_js_generator.cc:2896:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
episode_file.open(episode_file_path);
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_json_generator.cc:140:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_json_.open(f_json_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_lua_generator.cc:178:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts_.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_lua_generator.cc:180:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_lua_generator.cc:506:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netcore_generator.cc:404:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_enum.open(f_enum_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netcore_generator.cc:445:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netcore_generator.cc:694:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct.open(f_struct_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netcore_generator.cc:1331:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_union.open(f_union_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netcore_generator.cc:1572:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netcore_generator.cc:3095:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netstd_generator.cc:387:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_enum.open(f_enum_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netstd_generator.cc:428:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netstd_generator.cc:677:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct.open(f_struct_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netstd_generator.cc:1283:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_union.open(f_union_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netstd_generator.cc:1522:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netstd_generator.cc:2987:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_ocaml_generator.cc:236:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_ocaml_generator.cc:238:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_i_.open(f_types_i_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_ocaml_generator.cc:241:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts_.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_ocaml_generator.cc:894:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_ocaml_generator.cc:896:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_i_.open(f_service_i_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_perl_generator.cc:240:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_perl_generator.cc:242:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts_.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_perl_generator.cc:675:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc:432:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc:515:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_enum.open(f_enum_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc:569:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc:736:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct.open(f_struct_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc:1255:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc:1286:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_processor.open(f_service_processor_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc:1559:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct_definition.open(f_struct_definition_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc:1596:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_struct_helper.open(f_struct_helper_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc:1615:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_interface.open(f_service_interface_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc:1654:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_rest.open(f_service_rest_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_php_generator.cc:1735:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_client.open(f_service_client_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_py_generator.cc:380:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_py_generator.cc:383:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts_.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_py_generator.cc:387:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_init.open(f_init_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_py_generator.cc:1115:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_py_generator.cc:1599:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_remote.open(f_remote_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_rb_generator.cc:279:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_rb_generator.cc:282:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts_.open(f_consts_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_rb_generator.cc:787:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_rs_generator.cc:531:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_gen_.open(f_gen_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_st_generator.cc:176:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_.open(f_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_st_generator.cc:274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[50];
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_swift_generator.cc:314:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_decl_.open(f_decl_fullname.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_swift_generator.cc:323:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_impl_.open(f_impl_fullname.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_xml_generator.cc:160:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_xml_.open(f_xml_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_xsd_generator.cc:121:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_php_.open(f_php_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_xsd_generator.cc:275:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_xsd_.open(f_xsd_name.c_str());
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PATH];
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rp[THRIFT_PATH_MAX];
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:361:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rp[THRIFT_PATH_MAX];
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:918:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen(path.c_str(), "r");
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:960:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen(path.c_str(), "r");
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:1151:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_thrift_file_rp[THRIFT_PATH_MAX];
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:1206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_thrift_file_rp[THRIFT_PATH_MAX];
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:1232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rp[THRIFT_PATH_MAX];
data/thrift-0.13.0/compiler/cpp/src/thrift/thriftl.cc:760:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yytext[YYLMAX];
data/thrift-0.13.0/compiler/cpp/src/thrift/thrifty.cc:1150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/thrift-0.13.0/compiler/cpp/src/thrift/thrifty.cc:1337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:391:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_.open(f_types_name);
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:394:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_impl_.open(f_types_impl_name.c_str());
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:400:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_types_tcc_.open(f_types_tcc_name.c_str());
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:684:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts.open(f_consts_name);
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:688:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_consts_impl.open(f_consts_impl_name);
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:1755:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_header_.open(f_header_name.c_str());
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:1791:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_.open(f_service_name.c_str());
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:1802:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_service_tcc_.open(f_service_tcc_name.c_str());
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:2119:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_skeleton.open(f_skeleton_name.c_str());
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:3734:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_skeleton.open(f_skeleton_name.c_str());
data/thrift-0.13.0/contrib/fb303/TClientInfo.cpp:39:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&addr_.ipv4, (const void *)addr, sizeof(sockaddr_in));
data/thrift-0.13.0/contrib/fb303/TClientInfo.cpp:42:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&addr_.ipv6, (const void *)addr, sizeof(sockaddr_in6));
data/thrift-0.13.0/contrib/fb303/TClientInfo.cpp:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrBuf[INET6_ADDRSTRLEN];
data/thrift-0.13.0/contrib/fb303/TClientInfo.cpp:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/thrift-0.13.0/contrib/fb303/TClientInfo.h:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call_[kNameLen]; ///< The name of the thrift call
data/thrift-0.13.0/contrib/fb303/cpp/ServiceTracker.cpp:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char now_pretty[26];
data/thrift-0.13.0/contrib/transport-sample/ThriftCommon.cpp:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char handles[MAX_PATH]; //Stores pipe handles converted to text
data/thrift-0.13.0/contrib/transport-sample/client/client.cpp:160:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport->open();
data/thrift-0.13.0/contrib/transport-sample/config.h:22:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(str);
data/thrift-0.13.0/contrib/transport-sample/server/server.cpp:155:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport->open();
data/thrift-0.13.0/contrib/zeromq/TZmqClient.cpp:42:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(msg.data(), buf, size);
data/thrift-0.13.0/contrib/zeromq/TZmqClient.h:39:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/thrift-0.13.0/contrib/zeromq/TZmqServer.cpp:51:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(msg.data(), buf, size);
data/thrift-0.13.0/contrib/zeromq/test-client.cpp:18:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
incr = atoi(argv[1]);
data/thrift-0.13.0/contrib/zeromq/test-client.cpp:29:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport->open();
data/thrift-0.13.0/contrib/zeromq/test-sender.cpp:18:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
incr = atoi(argv[1]);
data/thrift-0.13.0/contrib/zeromq/test-sender.cpp:26:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport->open();
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c:62:53: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return THRIFT_TRANSPORT_GET_CLASS (t->transport)->open (t->transport, error);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, t->r_buf, t->r_buf->len);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((guint8 *)buf + have, tmpdata, got);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c:128:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((guint8 *)buf + len - want, t->r_buf->data, give);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, t->r_buf->data, len);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c:64:53: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return THRIFT_TRANSPORT_GET_CLASS (t->transport)->open (t->transport, error);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c:127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, t->r_buf, t->r_buf->len);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((guint8 *)buf + len - want, t->r_buf->data, give);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c:160:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, t->r_buf->data, len);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c:236:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmpdata, (guint8 *) &sz_nbo, sizeof (sz_nbo));
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c:240:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmpdata + sizeof (sz_nbo), t->w_buf->data, t->w_buf->len);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_memory_buffer.c:84:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, t->buf->data, give);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_platform_socket.h:98:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define THRIFT_OPEN open
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_server_socket.c:82:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pin.sun_path, tsocket->path, strlen(tsocket->path) + 1);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_socket.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_socket.c:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pin.sun_path, tsocket->path, strlen(tsocket->path) + 1);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buffer[255];
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_transport.c:43:50: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return THRIFT_TRANSPORT_GET_CLASS (transport)->open (transport, error);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_transport.h:67:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gboolean (*open) (ThriftTransport *transport, GError **error);
data/thrift-0.13.0/lib/c_glib/test/testfdtransport.c:66:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_assert (klass->open (transport, &error));
data/thrift-0.13.0/lib/c_glib/test/testfdtransport.c:71:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_assert (! klass->open (transport, &error));
data/thrift-0.13.0/lib/c_glib/test/testfdtransport.c:94:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_assert (! klass->open (transport, &error));
data/thrift-0.13.0/lib/c_glib/test/testfdtransport.c:131:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY, S_IRUSR | S_IWUSR);
data/thrift-0.13.0/lib/c_glib/test/testtransportsslsocket.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errormsg[255];
data/thrift-0.13.0/lib/c_glib/test/testtransportsslsocket.c:268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dnshost[INET6_ADDRSTRLEN]; /* bigger addr supported IPV6 */
data/thrift-0.13.0/lib/c_glib/test/testtransportsslsocket.c:269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char socket_ip[INET6_ADDRSTRLEN];
data/thrift-0.13.0/lib/c_glib/test/testtransportsslsocket.c:299:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file_name,"r"); /* read mode */
data/thrift-0.13.0/lib/c_glib/test/testtransportsslsocket.c:453:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cert_buffer[65534];
data/thrift-0.13.0/lib/cpp/src/thrift/TLogging.h:74:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgtime[26]; \
data/thrift-0.13.0/lib/cpp/src/thrift/TLogging.h:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgtime[26]; \
data/thrift-0.13.0/lib/cpp/src/thrift/TLogging.h:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgtime[26]; \
data/thrift-0.13.0/lib/cpp/src/thrift/TLogging.h:154:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgtime[26]; \
data/thrift-0.13.0/lib/cpp/src/thrift/TOutput.cpp:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_buf[STACK_BUF_SIZE];
data/thrift-0.13.0/lib/cpp/src/thrift/TOutput.cpp:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbgtime[26];
data/thrift-0.13.0/lib/cpp/src/thrift/TOutput.cpp:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b_errbuf[1024] = {'\0'};
data/thrift-0.13.0/lib/cpp/src/thrift/VirtualProfiling.cpp:63:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(callers_, bt.callers_, numCallers_ * sizeof(void*));
data/thrift-0.13.0/lib/cpp/src/thrift/VirtualProfiling.cpp:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(callers_, bt.callers_, numCallers_ * sizeof(void*));
data/thrift-0.13.0/lib/cpp/src/thrift/VirtualProfiling.cpp:377:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* proc_maps = fopen("/proc/self/maps", "r");
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TDebugProtocol.cpp:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TDebugProtocol.cpp:32:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int ret = std::sprintf(buf, "%02x", (int)byte);
data/thrift-0.13.0/lib/cpp/src/thrift/qt/TQIODeviceTransport.cpp:42:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TQIODeviceTransport::open() {
data/thrift-0.13.0/lib/cpp/src/thrift/qt/TQIODeviceTransport.h:42:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override;
data/thrift-0.13.0/lib/cpp/src/thrift/server/TNonblockingServer.cpp:691:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writeBuffer_, &frameSize, 4);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/PlatformSocket.h:110:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define THRIFT_OPEN open
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:43:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, rBase_, have);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:57:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, rBase_, give);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wBase_, buf, space);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wBuf_.get(), buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:148:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, rBase_, have);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, rBase_, give);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:237:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buf, wBuf_.get(), have);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:246:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wBase_, buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:257:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wBuf_.get(), (uint8_t*)&sz_nbo, sizeof(sz_nbo));
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:331:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, start, give);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:392:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wBase_, buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.h:67:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, rBase_, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.h:80:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, rBase_, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.h:99:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wBase_, buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.h:218:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { transport_->open(); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.h:218:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { transport_->open(); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.h:346:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { transport_->open(); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.h:346:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { transport_->open(); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.h:557:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override {}
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFDTransport.h:58:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override {}
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.cpp:227:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(toEnqueue->eventBuff_, (void*)(&eventLen), 4);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.cpp:229:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(toEnqueue->eventBuff_ + 4, buf, eventLen);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.cpp:587:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, currentEvent_->eventBuff_ + currentEvent_->eventBuffPos_, remaining);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.cpp:595:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, currentEvent_->eventBuff_ + currentEvent_->eventBuffPos_, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.cpp:698:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(readState_.event_->eventBuff_ + readState_.event_->eventBuffPos_,
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.cpp:782:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorMsg[1024];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.cpp:783:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errorMsg,
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rBuf_.get(), &szN, sizeof(szN));
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rBuf_.get(), &szN, sizeof(szN));
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rBuf_.get(), &magic_n, sizeof(magic_n));
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:301:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, tBuf_.get(), sz);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:365:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, tBuf_.get(), sz);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:394:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, str.c_str(), strLen); // no need to write \0
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:463:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt, &headerN, sizeof(headerN));
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:466:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt, &flagsN, sizeof(flagsN));
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:469:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt, &seqIdN, sizeof(seqIdN));
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:520:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(headerSizePtr, &headerSizeN, sizeof(headerSizeN));
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:524:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pktStart, &szNbo, sizeof(szNbo));
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpClient.cpp:62:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contentLength_ = atoi(value);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpServer.cpp:66:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contentLength_ = atoi(value);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpServer.cpp:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpTransport.h:43:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { transport_->open(); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpTransport.h:43:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { transport_->open(); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TNonblockingServerSocket.cpp:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[sizeof("65535")];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TNonblockingServerSocket.cpp:386:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(address.sun_path, path_.c_str(), len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TNonblockingServerSocket.cpp:444:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.cpp:163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &buffer_[begin_unread_idx_], bytes_to_copy);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.cpp:265:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TPipe::open() {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.h:72:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override;
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.cpp:328:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TSSLSocket::open() {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.cpp:332:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TSocket::open();
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.cpp:1013:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.cpp:1038:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.h:78:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override;
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TServerSocket.cpp:262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[sizeof("65535")];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TServerSocket.cpp:448:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(address.sun_path, path_.c_str(), len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TServerSocket.cpp:506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TShortReadTransport.h:48:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { transport_->open(); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TShortReadTransport.h:48:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { transport_->open(); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSimpleFileTransport.cpp:63:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:335:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(address.sun_path, path_.c_str(), len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:422:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TSocket::open() {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[sizeof("65535")];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:464:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port, "%d", port_);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:754:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errBuf[512];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:755:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errBuf, "TSocket::setGenericTimeout with negative input: %d\n", timeout_ms);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:847:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clienthost[NI_MAXHOST];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:848:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientservice[NI_MAXSERV];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:885:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clienthost[NI_MAXHOST];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:886:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clientservice[NI_MAXSERV];
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:897:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
peerPort_ = std::atoi(clientservice);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:915:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&cachedPeerAddr_.ipv4, (void*)addr, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:921:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)&cachedPeerAddr_.ipv6, (void*)addr, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.h:98:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override;
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocketPool.cpp:182:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TSocketPool::open() {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocketPool.cpp:229:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TSocket::open();
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocketPool.h:158:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override;
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransport.h:84:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open() {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.cpp:35:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, rBuf_ + rPos_, rLen_ - rPos_);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.cpp:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, rBuf_ + rPos_, give);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.cpp:90:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wBuf_ + wLen_, buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.cpp:121:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TPipedFileReaderTransport::open() {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.cpp:122:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
TPipedTransport::open();
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.h:51:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override {}
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.h:135:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { srcTrans_->open(); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.h:135:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { srcTrans_->open(); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.h:158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rBuf_, rBuf_ + rPos_, read_ahead);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.h:251:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override;
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TZlibTransport.cpp:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, urbuf_ + urpos_, give);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TZlibTransport.cpp:248:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uwbuf_ + uwpos_, buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TZlibTransport.h:144:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { transport_->open(); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TZlibTransport.h:144:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override { transport_->open(); }
data/thrift-0.13.0/lib/cpp/test/AllProtocolTests.cpp:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorMessage[ERR_LEN];
data/thrift-0.13.0/lib/cpp/test/OneWayHTTPTest.cpp:216:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport->open();
data/thrift-0.13.0/lib/cpp/test/SecurityTest.cpp:168:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pClientSocket->open();
data/thrift-0.13.0/lib/cpp/test/SecurityTest.cpp:197:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *strings[apache::thrift::transport::LATEST + 1] =
data/thrift-0.13.0/lib/cpp/test/TFileTransportTest.cpp:94:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ = open(path_,O_CREAT | O_RDWR | O_BINARY,S_IREAD | S_IWRITE);
data/thrift-0.13.0/lib/cpp/test/TFileTransportTest.cpp:106:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd_ = mkstemp(path_);
data/thrift-0.13.0/lib/cpp/test/TNonblockingSSLServerTest.cpp:233:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket->open();
data/thrift-0.13.0/lib/cpp/test/TNonblockingServerTest.cpp:162:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket->open();
data/thrift-0.13.0/lib/cpp/test/TPipeInterruptTest.cpp:81:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
client.open();
data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp:147:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientSock->open();
data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp:167:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientSock->open();
data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp:189:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientSock->open();
data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp:242:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientSock->open();
data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp:264:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientSock->open();
data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp:235:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pClientSock->open();
data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp:312:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pSocket->open();
data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp:442:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pClientSock1->open();
data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp:446:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pClientSock2->open();
data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp:473:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pClientSock1->open();
data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp:477:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pClientSock2->open();
data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp:509:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pClientSock1->open();
data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp:515:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pClientSock2->open();
data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp:526:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pClientSock2->open();
data/thrift-0.13.0/lib/cpp/test/TServerSocketTest.cpp:40:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientSock.open();
data/thrift-0.13.0/lib/cpp/test/TSocketInterruptTest.cpp:58:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientSock.open();
data/thrift-0.13.0/lib/cpp/test/TSocketInterruptTest.cpp:77:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientSock.open();
data/thrift-0.13.0/lib/cpp/test/TSocketInterruptTest.cpp:109:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientSock.open();
data/thrift-0.13.0/lib/cpp/test/TSocketInterruptTest.cpp:129:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientSock.open();
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:235:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in->open();
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:992:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1024];
data/thrift-0.13.0/lib/cpp/test/processor/ProcessorTest.cpp:268:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport->open();
data/thrift-0.13.0/lib/cpp/test/processor/ProcessorTest.cpp:518:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket->open();
data/thrift-0.13.0/lib/lua/src/lualongnumber.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/thrift-0.13.0/lib/lua/src/luasocket.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/thrift-0.13.0/lib/lua/src/luasocket.c:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LUA_READ_STEP];
data/thrift-0.13.0/lib/lua/src/luasocket.c:282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/thrift-0.13.0/lib/lua/src/usocket.c:314:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&local.sin_addr,
data/thrift-0.13.0/lib/lua/src/usocket.c:347:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&remote.sin_addr,
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _what[40];
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:192:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_ptr, data, len);
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:323:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, buffer_ptr, chunk_size);
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:383:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, Z_STRVAL(retval), buffer_used);
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:503:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[128];
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:504:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errbuf, "Unknown thrift typeID %ld", thrift_typeID);
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:547:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[128];
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:597:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[size+1];
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:676:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[128];
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:677:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errbuf, "Unknown thrift typeID %d", thrift_typeID);
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:853:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[128];
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:934:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[128];
data/thrift-0.13.0/lib/py/src/ext/binary.h:116:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, buf, sizeof(int16_t));
data/thrift-0.13.0/lib/py/src/ext/binary.h:126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, buf, sizeof(int32_t));
data/thrift-0.13.0/lib/py/src/ext/binary.h:136:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, buf, sizeof(int64_t));
data/thrift-0.13.0/lib/py/src/ext/compact.h:165:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&transfer.f, buf, sizeof(int64_t));
data/thrift-0.13.0/lib/py/src/ext/types.h:127:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char refill_signature[3];
data/thrift-0.13.0/lib/rb/ext/binary_protocol_accelerated.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[2];
data/thrift-0.13.0/lib/rb/ext/binary_protocol_accelerated.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4];
data/thrift-0.13.0/lib/rb/ext/binary_protocol_accelerated.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[8];
data/thrift-0.13.0/lib/rb/ext/compact_protocol.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[50];
data/thrift-0.13.0/lib/rb/ext/compact_protocol.c:91:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "don't know what type: %d", type);
data/thrift-0.13.0/lib/rb/ext/compact_protocol.c:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/thrift-0.13.0/lib/rb/ext/compact_protocol.c:361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[50];
data/thrift-0.13.0/lib/rb/ext/compact_protocol.c:362:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "don't know what type: %d", ctype);
data/thrift-0.13.0/lib/rb/ext/compact_protocol.c:439:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/thrift-0.13.0/lib/rb/ext/compact_protocol.c:440:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(buf, "Expected protocol id %d but got %d", PROTOCOL_ID, protocol_id);
data/thrift-0.13.0/lib/rb/ext/compact_protocol.c:448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/thrift-0.13.0/lib/rb/ext/compact_protocol.c:449:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(buf, "Expected version id %d but got %d", version, VERSION);
data/thrift-0.13.0/lib/rb/ext/struct.c:217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[RSTRING_LEN(field_name) + 2];
data/thrift-0.13.0/lib/rb/ext/struct.c:408:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[RSTRING_LEN(field_name) + 2];
data/thrift-0.13.0/test/c_glib/src/test_client.c:615:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const signed char bin_data[256]
data/thrift-0.13.0/test/c_glib/src/test_client.c:654:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int val = ((signed char *)ptr)[i];
data/thrift-0.13.0/test/cpp/src/StressTest.cpp:138:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_transport->open();
data/thrift-0.13.0/test/cpp/src/StressTest.cpp:326:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clientCount = atoi(args["clients"].c_str());
data/thrift-0.13.0/test/cpp/src/StressTest.cpp:335:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loopCount = atoi(args["loop"].c_str());
data/thrift-0.13.0/test/cpp/src/StressTest.cpp:343:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(args["port"].c_str());
data/thrift-0.13.0/test/cpp/src/StressTest.cpp:385:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
workerCount = atoi(args["workers"].c_str());
data/thrift-0.13.0/test/cpp/src/StressTest.cpp:521:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket->open();
data/thrift-0.13.0/test/cpp/src/StressTestNonBlocking.cpp:136:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_transport->open();
data/thrift-0.13.0/test/cpp/src/StressTestNonBlocking.cpp:300:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clientCount = atoi(args["clients"].c_str());
data/thrift-0.13.0/test/cpp/src/StressTestNonBlocking.cpp:309:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loopCount = atoi(args["loop"].c_str());
data/thrift-0.13.0/test/cpp/src/StressTestNonBlocking.cpp:317:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(args["port"].c_str());
data/thrift-0.13.0/test/cpp/src/StressTestNonBlocking.cpp:337:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
workerCount = atoi(args["workers"].c_str());
data/thrift-0.13.0/test/cpp/src/TestClient.cpp:410:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport->open();
data/thrift-0.13.0/test/cpp/src/TestClient.cpp:1172:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char bin_data[256]
data/thrift-0.13.0/test/threads/ThreadsClient.cpp:52:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport->open();
data/thrift-0.13.0/tutorial/cpp/CppClient.cpp:43:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
transport->open();
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_c_glib_generator.cc:82:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int i = 0; i < strlen(tmp); i++) {
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_c_glib_generator.cc:87:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
this->nspace = string(tmp, strlen(tmp));
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:1017:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read,
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:1045:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (has_nonrequired_fields && (!pointers || read)) {
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:1153:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
!read) << endl;
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:1157:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (has_nonrequired_fields && (!pointers || read)) {
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_cpp_generator.cc:1214:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_generator.cc:182:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > 0) {
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netcore_generator.cc:3099:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 0 && line_prefix == "" && !docs.eof())
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netcore_generator.cc:3103:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > 0 || !docs.eof())
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netstd_generator.cc:2991:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 0 && line_prefix == "" && !docs.eof())
data/thrift-0.13.0/compiler/cpp/src/thrift/generate/t_netstd_generator.cc:2995:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(line) > 0 || !docs.eof())
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:180:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t resolved_len = strlen(resolved_path);
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:543:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (docstring.length() <= strlen(doctext)) {
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:893:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(f) == 0xEF) {
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:894:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(f) == 0xBB) {
data/thrift-0.13.0/compiler/cpp/src/thrift/main.cc:895:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fgetc(f) == 0xBF) {
data/thrift-0.13.0/compiler/cpp/src/thrift/thriftl.cc:970:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/thrift-0.13.0/compiler/cpp/src/thrift/thriftl.cc:1190:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(g_doctext) >= 2);
data/thrift-0.13.0/compiler/cpp/src/thrift/thriftl.cc:1191:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_doctext[strlen(g_doctext) - 2] = ' ';
data/thrift-0.13.0/compiler/cpp/src/thrift/thriftl.cc:1192:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_doctext[strlen(g_doctext) - 1] = '\0';
data/thrift-0.13.0/compiler/cpp/src/thrift/thriftl.cc:2351:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes( yystr, (int) strlen(yystr) );
data/thrift-0.13.0/compiler/cpp/src/thrift/thrifty.cc:1050:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:1017:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read,
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:1045:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (has_nonrequired_fields && (!pointers || read)) {
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:1153:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
!read) << endl;
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:1157:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (has_nonrequired_fields && (!pointers || read)) {
data/thrift-0.13.0/compiler/cpp/test/plugin/t_cpp_generator.cc:1214:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/thrift-0.13.0/contrib/fb303/TClientInfo.cpp:63:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(call_, name, kNameLen - 1); // NUL terminator set in constructor
data/thrift-0.13.0/contrib/zeromq/TZmqClient.cpp:30:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return rbuf_.read(buf, len);
data/thrift-0.13.0/contrib/zeromq/test-client.cpp:33:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/thrift-0.13.0/contrib/zeromq/test-sender.cpp:29:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_binary_protocol.c:363:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = str != NULL ? strlen (str) : 0;
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/protocol/thrift_compact_protocol.c:794:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = str != NULL ? strlen (str) : 0;
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/thrift_struct.c:30:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return THRIFT_STRUCT_GET_CLASS (object)->read (object, protocol, error);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/thrift_struct.h:53:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gint32 (*read) (ThriftStruct *object, ThriftProtocol *protocol,
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c:101:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ret = THRIFT_TRANSPORT_GET_CLASS (t->transport)->read (t->transport,
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c:115:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ret = THRIFT_TRANSPORT_GET_CLASS (t->transport)->read (t->transport,
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_fd_transport.c:90:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read (t->fd, (guint8 *) buf, len);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_platform_socket.h:103:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# define THRIFT_READ read
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_platform_socket.h:110:29: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
# define THRIFT_SLEEP_USEC usleep
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_server_socket.c:82:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(pin.sun_path, tsocket->path, strlen(tsocket->path) + 1);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_socket.c:139:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(pin.sun_path, tsocket->path, strlen(tsocket->path) + 1);
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_ssl_socket.c:464:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BIO *mem = BIO_new_mem_buf(chain_certs,strlen(chain_certs));
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_transport.c:56:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return THRIFT_TRANSPORT_GET_CLASS (transport)->read (transport, buf,
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_transport.c:122:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ret = ttc->read (transport, (gpointer) (bytes + have), len - have,
data/thrift-0.13.0/lib/c_glib/src/thrift/c_glib/transport/thrift_transport.h:69:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gint32 (*read) (ThriftTransport *transport, gpointer buf,
data/thrift-0.13.0/lib/c_glib/test/testbinaryprotocol.c:136:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint32 len = strlen (TEST_STRING);
data/thrift-0.13.0/lib/c_glib/test/testbinaryprotocol.c:405:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const guint32 len = strlen (TEST_STRING);
data/thrift-0.13.0/lib/c_glib/test/testcompactprotocol.c:143:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint32 len = strlen (TEST_STRING);
data/thrift-0.13.0/lib/c_glib/test/testcompactprotocol.c:565:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const guint32 len = strlen (TEST_STRING);
data/thrift-0.13.0/lib/c_glib/test/testfdtransport.c:143:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
got = klass->read (transport, (gpointer) b, want, &error);
data/thrift-0.13.0/lib/c_glib/test/testfdtransport.c:154:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
got = klass->read (transport, (gpointer) b, want, &error);
data/thrift-0.13.0/lib/c_glib/test/testmemorybuffer.c:119:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gchar read[10];
data/thrift-0.13.0/lib/c_glib/test/testmemorybuffer.c:137:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memset(read, 0, 10);
data/thrift-0.13.0/lib/c_glib/test/testmemorybuffer.c:138:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = read;
data/thrift-0.13.0/lib/c_glib/test/testmemorybuffer.c:148:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_assert (memcmp (read, TEST_DATA, 10) == 0);
data/thrift-0.13.0/lib/c_glib/test/testmemorybuffer.c:157:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gchar read[10];
data/thrift-0.13.0/lib/c_glib/test/testmemorybuffer.c:169:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memset(read, 0, 10);
data/thrift-0.13.0/lib/c_glib/test/testmemorybuffer.c:170:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = read;
data/thrift-0.13.0/lib/c_glib/test/testmemorybuffer.c:180:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
g_assert (memcmp (read, TEST_DATA, 10) == 0);
data/thrift-0.13.0/lib/c_glib/test/testserialization.c:24:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_len = THRIFT_STRUCT_CLASS(cls)->read(THRIFT_STRUCT(dst), protocol, &error);
data/thrift-0.13.0/lib/c_glib/test/testserialization.c:49:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_len = THRIFT_STRUCT_CLASS(cls)->read(THRIFT_STRUCT(dst), protocol, &error);
data/thrift-0.13.0/lib/c_glib/test/testserialization.c:74:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_len = THRIFT_STRUCT_CLASS(cls)->read(THRIFT_STRUCT(dst), protocol, &error);
data/thrift-0.13.0/lib/c_glib/test/testtransportsslsocket.c:272:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sizeip = socket_ip!=NULL ? strlen(socket_ip) : 0;
data/thrift-0.13.0/lib/c_glib/test/testtransportsslsocket.c:309:30: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(index<size && ( ch = fgetc(fp) ) != EOF ){
data/thrift-0.13.0/lib/c_glib/test/testtransportsslsocket.c:345:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(serial_number, tmp, strlen(serial_number))){
data/thrift-0.13.0/lib/c_glib/test/testtransportsslsocket.c:371:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(ISSUER_CN_PINNING, issuer, strlen(ISSUER_CN_PINNING))){
data/thrift-0.13.0/lib/c_glib/test/testtransportsslsocket.c:388:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(SUBJECT_CN_PINNING, subject, strlen(SUBJECT_CN_PINNING))){
data/thrift-0.13.0/lib/cpp/src/thrift/TApplicationException.cpp:26:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t TApplicationException::read(apache::thrift::protocol::TProtocol* iprot) {
data/thrift-0.13.0/lib/cpp/src/thrift/TApplicationException.h:103:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(protocol::TProtocol* iprot);
data/thrift-0.13.0/lib/cpp/src/thrift/TBase.h:32:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual uint32_t read(protocol::TProtocol* iprot) = 0;
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:230:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t ch2 = reader.read();
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:319:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual uint32_t read(TJSONProtocol::LookaheadReader& reader) {
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:349:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(TJSONProtocol::LookaheadReader& reader) override {
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:385:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(TJSONProtocol::LookaheadReader& reader) override {
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:726:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b[0] = reader_.read();
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:727:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b[1] = reader_.read();
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:728:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b[2] = reader_.read();
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:729:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b[3] = reader_.read();
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:739:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t result = (skipContext ? 0 : context_->read(reader_));
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:745:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = reader_.read();
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:751:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = reader_.read();
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:835:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader_.read();
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:859:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t result = context_->read(reader_);
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:879:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t result = context_->read(reader_);
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:920:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t result = context_->read(reader_);
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.cpp:933:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t result = context_->read(reader_);
data/thrift-0.13.0/lib/cpp/src/thrift/protocol/TJSONProtocol.h:253:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t read() {
data/thrift-0.13.0/lib/cpp/src/thrift/qt/TQIODeviceTransport.cpp:66:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readSize = read(buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/qt/TQIODeviceTransport.cpp:85:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t TQIODeviceTransport::read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/qt/TQIODeviceTransport.cpp:95:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readSize = dev_->read(reinterpret_cast<char*>(buf), actualSize);
data/thrift-0.13.0/lib/cpp/src/thrift/qt/TQIODeviceTransport.h:48:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len);
data/thrift-0.13.0/lib/cpp/src/thrift/server/TNonblockingServer.cpp:437:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fetch = tSocket_->read(&framing.buf[readBufferPos_],
data/thrift-0.13.0/lib/cpp/src/thrift/server/TNonblockingServer.cpp:500:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
got = tSocket_->read(readBuffer_ + readBufferPos_, fetch);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/PlatformSocket.h:115:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# define THRIFT_READ read
data/thrift-0.13.0/lib/cpp/src/thrift/transport/PlatformSocket.h:124:29: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
# define THRIFT_SLEEP_USEC usleep
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:53:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setReadBuffer(rBuf_.get(), transport_->read(rBuf_.get(), rBufSize_));
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.cpp:183:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
= transport_->read(szp, static_cast<uint32_t>(sizeof(sz)) - size_bytes_read);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.h:64:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TBufferTransports.h:224:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setReadBuffer(rBuf_.get(), transport_->read(rBuf_.get(), rBufSize_));
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFDTransport.cpp:54:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t TFDTransport::read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFDTransport.h:62:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.cpp:544:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
get = read(buf + have, len - have);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.cpp:570:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t TFileTransport::read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.h:187:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TFileTransport.h:263:74: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read_virt(uint8_t* buf, uint32_t len) override { return this->read(buf, len); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:48:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return transport_->read(buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THeaderTransport.cpp:83:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t bytesRead = transport_->read(szp, sizeof(szN) - sizeBytesRead);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpTransport.cpp:63:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t THttpTransport::read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpTransport.cpp:71:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return readBuffer_.read(buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpTransport.cpp:126:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 0) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpTransport.cpp:213:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t got = transport_->read((uint8_t*)(httpBuf_ + httpBufLen_), httpBufSize_ - httpBufLen_);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpTransport.cpp:237:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 0) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/THttpTransport.h:51:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.cpp:47:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual uint32_t read(uint8_t* buf, uint32_t len) = 0;
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.cpp:61:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual uint32_t read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.cpp:81:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual uint32_t read(uint8_t* buf, uint32_t len) { return pipe_read(PipeRd_.h, buf, len); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.cpp:117:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual uint32_t read(uint8_t* buf, uint32_t len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.cpp:156:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t TWaitableNamedPipeImpl::read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.cpp:301:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t TPipe::read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.cpp:304:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return impl_->read(buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TPipe.h:78:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual uint32_t read(uint8_t* buf, uint32_t len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.cpp:393:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t TSSLSocket::read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.cpp:1005:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(password, userPassword.c_str(), length);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSSLSocket.h:81:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len) override;
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TShortReadTransport.h:52:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TShortReadTransport.h:60:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return transport_->read(buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSimpleFileTransport.cpp:38:74: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TSimpleFileTransport::TSimpleFileTransport(const std::string& path, bool read, bool write)
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSimpleFileTransport.cpp:41:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && write) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSimpleFileTransport.cpp:43:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (read) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.cpp:520:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t TSocket::read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TSocket.h:126:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual uint32_t read(uint8_t* buf, uint32_t len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransport.h:41:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
get = trans.read(buf + have, len - have);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransport.h:103:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.cpp:28:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t TPipedTransport::read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.cpp:52:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rLen_ += srcTrans_->read(rBuf_ + rPos_, rBufSize_ - rPos_);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.cpp:129:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t TPipedFileReaderTransport::read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.cpp:130:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return TPipedTransport::read(buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.cpp:138:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
get = read(buf + have, len - have);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.h:130:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rLen_ += srcTrans_->read(rBuf_ + rPos_, rBufSize_ - rPos_);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.h:143:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.h:184:74: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read_virt(uint8_t* buf, uint32_t len) override { return this->read(buf, len); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.h:253:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TTransportUtils.h:273:74: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read_virt(uint8_t* buf, uint32_t len) override { return this->read(buf, len); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TVirtualTransport.h:51:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len) { return this->TTransport::read_virt(buf, len); }
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TVirtualTransport.h:88:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return static_cast<Transport_*>(this)->read(buf, len);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TZlibTransport.cpp:138:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t TZlibTransport::read(uint8_t* buf, uint32_t len) {
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TZlibTransport.cpp:194:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t got = transport_->read(crbuf_, crbuf_size_);
data/thrift-0.13.0/lib/cpp/src/thrift/transport/TZlibTransport.h:148:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t read(uint8_t* buf, uint32_t len);
data/thrift-0.13.0/lib/cpp/test/Benchmark.cpp:99:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ooe2.read(&prot);
data/thrift-0.13.0/lib/cpp/test/Benchmark.cpp:126:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ooe2.read(&prot);
data/thrift-0.13.0/lib/cpp/test/Benchmark.cpp:153:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ooe2.read(&prot);
data/thrift-0.13.0/lib/cpp/test/Benchmark.cpp:191:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
listDoublePerf2.read(&prot);
data/thrift-0.13.0/lib/cpp/test/Benchmark.cpp:214:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
listDoublePerf2.read(&prot);
data/thrift-0.13.0/lib/cpp/test/Benchmark.cpp:237:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
listDoublePerf2.read(&prot);
data/thrift-0.13.0/lib/cpp/test/GenericHelpers.h:92:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static uint32_t read(std::shared_ptr<apache::thrift::protocol::TProtocol> proto, int8_t& val) { return proto->readByte(val); }
data/thrift-0.13.0/lib/cpp/test/GenericHelpers.h:94:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static uint32_t read(std::shared_ptr<apache::thrift::protocol::TProtocol> proto, int16_t& val) { return proto->readI16(val); }
data/thrift-0.13.0/lib/cpp/test/GenericHelpers.h:96:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static uint32_t read(std::shared_ptr<apache::thrift::protocol::TProtocol> proto, int32_t& val) { return proto->readI32(val); }
data/thrift-0.13.0/lib/cpp/test/GenericHelpers.h:98:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static uint32_t read(std::shared_ptr<apache::thrift::protocol::TProtocol> proto, int64_t& val) { return proto->readI64(val); }
data/thrift-0.13.0/lib/cpp/test/GenericHelpers.h:100:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static uint32_t read(std::shared_ptr<apache::thrift::protocol::TProtocol> proto, double& val) { return proto->readDouble(val); }
data/thrift-0.13.0/lib/cpp/test/GenericHelpers.h:102:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static uint32_t read(std::shared_ptr<apache::thrift::protocol::TProtocol> proto, std::string& val) {
data/thrift-0.13.0/lib/cpp/test/JSONProtoTest.cpp:193:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ooe2.read(proto.get());
data/thrift-0.13.0/lib/cpp/test/JSONProtoTest.cpp:206:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hm2.read(proto.get());
data/thrift-0.13.0/lib/cpp/test/JSONProtoTest.cpp:253:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
base2.read(proto.get());
data/thrift-0.13.0/lib/cpp/test/JSONProtoTest.cpp:267:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const std::size_t bufSiz = strlen(json_string) * sizeof(char);
data/thrift-0.13.0/lib/cpp/test/JSONProtoTest.cpp:274:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOST_CHECK_THROW(ooe2.read(proto.get()),
data/thrift-0.13.0/lib/cpp/test/JSONProtoTest.cpp:302:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ooe2.read(proto.get());
data/thrift-0.13.0/lib/cpp/test/JSONProtoTest.cpp:323:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOST_CHECK_THROW(ooe2.read(proto.get()),
data/thrift-0.13.0/lib/cpp/test/JSONProtoTest.cpp:341:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOST_CHECK_THROW(ooe2.read(proto.get()),
data/thrift-0.13.0/lib/cpp/test/OptionalRequiredTest.cpp:57:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r.read(&protocol);
data/thrift-0.13.0/lib/cpp/test/OptionalRequiredTest.cpp:316:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
o3.read(&protocol);
data/thrift-0.13.0/lib/cpp/test/RecursiveTest.cpp:47:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.read(prot.get());
data/thrift-0.13.0/lib/cpp/test/RecursiveTest.cpp:62:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
resultlist.read(prot.get());
data/thrift-0.13.0/lib/cpp/test/RecursiveTest.cpp:77:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c.read(prot.get());
data/thrift-0.13.0/lib/cpp/test/SecurityTest.cpp:173:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOST_CHECK_EQUAL(2, pClientSocket->read(&buf[0], 2));
data/thrift-0.13.0/lib/cpp/test/SpecializationTest.cpp:90:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ooe2.read(proto.get());
data/thrift-0.13.0/lib/cpp/test/SpecializationTest.cpp:96:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hm2.read(proto.get());
data/thrift-0.13.0/lib/cpp/test/TBufferBaseTest.cpp:218:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int got = buffer.read(&data_out[offset], d2[index]);
data/thrift-0.13.0/lib/cpp/test/TBufferBaseTest.cpp:285:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer.read(&data_out[offset], d2[index]);
data/thrift-0.13.0/lib/cpp/test/TBufferBaseTest.cpp:293:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer.read(data_out, 42);
data/thrift-0.13.0/lib/cpp/test/TBufferBaseTest.cpp:324:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer.read(&data_out[offset], d2[index]);
data/thrift-0.13.0/lib/cpp/test/TBufferBaseTest.cpp:332:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer.read(data_out, 42);
data/thrift-0.13.0/lib/cpp/test/TBufferBaseTest.cpp:365:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int got = buffer.read(&data_out[read_offset], read_amt);
data/thrift-0.13.0/lib/cpp/test/TBufferBaseTest.cpp:512:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer->read(reinterpret_cast<uint8_t*>(&frame_size), sizeof(frame_size));
data/thrift-0.13.0/lib/cpp/test/TBufferBaseTest.cpp:538:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
trans.read(&data_out[offset], d1[index]);
data/thrift-0.13.0/lib/cpp/test/TBufferBaseTest.cpp:594:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int got = trans.read(&data_out[read_offset], 1<<15);
data/thrift-0.13.0/lib/cpp/test/TFileTransportTest.cpp:90:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t path_len = strlen(prefix) + 8;
data/thrift-0.13.0/lib/cpp/test/TFileTransportTest.cpp:102:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t path_len = strlen(directory) + strlen(prefix) + 8;
data/thrift-0.13.0/lib/cpp/test/TFileTransportTest.cpp:102:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t path_len = strlen(directory) + strlen(prefix) + 8;
data/thrift-0.13.0/lib/cpp/test/TFileTransportTest.cpp:260:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(write_us);
data/thrift-0.13.0/lib/cpp/test/TMemoryBufferTest.cpp:56:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uut.read(verify, i);
data/thrift-0.13.0/lib/cpp/test/TMemoryBufferTest.cpp:78:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
a2.read(binaryProtcol2.get());
data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp:100:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tt->read(buf, 1);
data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp:101:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOST_CHECK_EQUAL(expectedResult, tt->read(buf, 4));
data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp:110:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tt->read(buf, 1);
data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp:111:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tt->read(buf, 400);
data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp:218:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tt->read(buf, 1);
data/thrift-0.13.0/lib/cpp/test/TSSLSocketInterruptTest.cpp:228:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tt->read(buf, 1);
data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp:457:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOST_CHECK_EQUAL(0, pClientSock1->read(&buf[0], 1)); // 0 = disconnected
data/thrift-0.13.0/lib/cpp/test/TServerIntegrationTest.cpp:458:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOST_CHECK_EQUAL(0, pClientSock2->read(&buf[0], 1)); // 0 = disconnected
data/thrift-0.13.0/lib/cpp/test/TSocketInterruptTest.cpp:40:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOST_CHECK_EQUAL(expectedResult, tt->read(buf, 4));
data/thrift-0.13.0/lib/cpp/test/TSocketInterruptTest.cpp:46:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tt->read(buf, 4);
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:275:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename.resize(strlen(tmp_dir) + strlen(FILENAME_SUFFIX));
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:275:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename.resize(strlen(tmp_dir) + strlen(FILENAME_SUFFIX));
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:573:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = transports.in->read(rbuf.get() + total_read, read_size);
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:608:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t bytes_read = transports.in->read(read_buf, 10);
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:630:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t bytes_read = transports.in->read(read_buf, 1);
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:635:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = transports.in->read(read_buf, 10);
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:675:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t bytes_read = transports.in->read(read_buf, 4);
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:688:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = transports.in->read(read_buf, 10);
data/thrift-0.13.0/lib/cpp/test/TransportTest.cpp:739:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t bytes_read = transports.in->read(read_buf, 10);
data/thrift-0.13.0/lib/cpp/test/ZlibTest.cpp:240:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t got = zlib_trans->read(mirror.get() + tot, read_len);
data/thrift-0.13.0/lib/lua/src/luasocket.c:354:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000); // sleep for 100ms
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:405:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_string *obj_name = zend_string_init(obj_typename, strlen(obj_typename), 0);
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:931:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zval* prop = zend_read_property(object_class_entry, object, varname, strlen(varname), false, &rv);
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:972:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_update_property(ce, zthis, varname, strlen(varname), &rv);
data/thrift-0.13.0/lib/php/src/ext/thrift_protocol/php_thrift_protocol.cpp:1013:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zval* prop = zend_read_property(Z_OBJCE_P(zthis), zthis, varname, strlen(varname), false, &rv);
data/thrift-0.13.0/lib/rb/ext/strlcpy.c:38:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return n + strlen (src);
data/thrift-0.13.0/test/c_glib/src/thrift_test_handler.c:709:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp (arg0, "Xception", 8) == 0 && strlen(arg0) == 8) {
ANALYSIS SUMMARY:
Hits = 666
Lines analyzed = 166310 in approximately 4.69 seconds (35445 lines/second)
Physical Source Lines of Code (SLOC) = 118186
Hits@level = [0] 568 [1] 220 [2] 397 [3] 8 [4] 37 [5] 4
Hits@level+ = [0+] 1234 [1+] 666 [2+] 446 [3+] 49 [4+] 41 [5+] 4
Hits/KSLOC@level+ = [0+] 10.4412 [1+] 5.63519 [2+] 3.77371 [3+] 0.414601 [4+] 0.346911 [5+] 0.033845
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.