Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/wxmaxima-19.07.0/art/config/images.h
Examining data/wxmaxima-19.07.0/art/draw/images.h
Examining data/wxmaxima-19.07.0/art/statusbar/images.h
Examining data/wxmaxima-19.07.0/art/toolbar/images.h
Examining data/wxmaxima-19.07.0/data/icon.h
Examining data/wxmaxima-19.07.0/data/wxMathML.h
Examining data/wxmaxima-19.07.0/src/AbsCell.cpp
Examining data/wxmaxima-19.07.0/src/AbsCell.h
Examining data/wxmaxima-19.07.0/src/ActualValuesStorageWiz.cpp
Examining data/wxmaxima-19.07.0/src/ActualValuesStorageWiz.h
Examining data/wxmaxima-19.07.0/src/AtCell.cpp
Examining data/wxmaxima-19.07.0/src/AtCell.h
Examining data/wxmaxima-19.07.0/src/Autocomplete.cpp
Examining data/wxmaxima-19.07.0/src/Autocomplete.h
Examining data/wxmaxima-19.07.0/src/AutocompletePopup.cpp
Examining data/wxmaxima-19.07.0/src/AutocompletePopup.h
Examining data/wxmaxima-19.07.0/src/BC2Wiz.cpp
Examining data/wxmaxima-19.07.0/src/BC2Wiz.h
Examining data/wxmaxima-19.07.0/src/BTextCtrl.cpp
Examining data/wxmaxima-19.07.0/src/BTextCtrl.h
Examining data/wxmaxima-19.07.0/src/BitmapOut.cpp
Examining data/wxmaxima-19.07.0/src/BitmapOut.h
Examining data/wxmaxima-19.07.0/src/Cell.cpp
Examining data/wxmaxima-19.07.0/src/Cell.h
Examining data/wxmaxima-19.07.0/src/ConfigDialogue.cpp
Examining data/wxmaxima-19.07.0/src/ConfigDialogue.h
Examining data/wxmaxima-19.07.0/src/Configuration.cpp
Examining data/wxmaxima-19.07.0/src/Configuration.h
Examining data/wxmaxima-19.07.0/src/ConjugateCell.cpp
Examining data/wxmaxima-19.07.0/src/ConjugateCell.h
Examining data/wxmaxima-19.07.0/src/DiffCell.cpp
Examining data/wxmaxima-19.07.0/src/DiffCell.h
Examining data/wxmaxima-19.07.0/src/Dirstructure.cpp
Examining data/wxmaxima-19.07.0/src/Dirstructure.h
Examining data/wxmaxima-19.07.0/src/DrawWiz.cpp
Examining data/wxmaxima-19.07.0/src/DrawWiz.h
Examining data/wxmaxima-19.07.0/src/EMFout.cpp
Examining data/wxmaxima-19.07.0/src/EMFout.h
Examining data/wxmaxima-19.07.0/src/EditorCell.cpp
Examining data/wxmaxima-19.07.0/src/EditorCell.h
Examining data/wxmaxima-19.07.0/src/ErrorRedirector.cpp
Examining data/wxmaxima-19.07.0/src/ErrorRedirector.h
Examining data/wxmaxima-19.07.0/src/EvaluationQueue.cpp
Examining data/wxmaxima-19.07.0/src/EvaluationQueue.h
Examining data/wxmaxima-19.07.0/src/ExptCell.cpp
Examining data/wxmaxima-19.07.0/src/ExptCell.h
Examining data/wxmaxima-19.07.0/src/FindReplaceDialog.cpp
Examining data/wxmaxima-19.07.0/src/FindReplaceDialog.h
Examining data/wxmaxima-19.07.0/src/FindReplacePane.cpp
Examining data/wxmaxima-19.07.0/src/FindReplacePane.h
Examining data/wxmaxima-19.07.0/src/FracCell.cpp
Examining data/wxmaxima-19.07.0/src/FracCell.h
Examining data/wxmaxima-19.07.0/src/FunCell.cpp
Examining data/wxmaxima-19.07.0/src/FunCell.h
Examining data/wxmaxima-19.07.0/src/Gen1Wiz.cpp
Examining data/wxmaxima-19.07.0/src/Gen1Wiz.h
Examining data/wxmaxima-19.07.0/src/Gen2Wiz.cpp
Examining data/wxmaxima-19.07.0/src/Gen2Wiz.h
Examining data/wxmaxima-19.07.0/src/Gen3Wiz.cpp
Examining data/wxmaxima-19.07.0/src/Gen3Wiz.h
Examining data/wxmaxima-19.07.0/src/Gen4Wiz.cpp
Examining data/wxmaxima-19.07.0/src/Gen4Wiz.h
Examining data/wxmaxima-19.07.0/src/Gen5Wiz.cpp
Examining data/wxmaxima-19.07.0/src/Gen5Wiz.h
Examining data/wxmaxima-19.07.0/src/GroupCell.cpp
Examining data/wxmaxima-19.07.0/src/GroupCell.h
Examining data/wxmaxima-19.07.0/src/History.cpp
Examining data/wxmaxima-19.07.0/src/History.h
Examining data/wxmaxima-19.07.0/src/Image.cpp
Examining data/wxmaxima-19.07.0/src/Image.h
Examining data/wxmaxima-19.07.0/src/ImgCell.cpp
Examining data/wxmaxima-19.07.0/src/ImgCell.h
Examining data/wxmaxima-19.07.0/src/IntCell.cpp
Examining data/wxmaxima-19.07.0/src/IntCell.h
Examining data/wxmaxima-19.07.0/src/IntegrateWiz.cpp
Examining data/wxmaxima-19.07.0/src/IntegrateWiz.h
Examining data/wxmaxima-19.07.0/src/LimitCell.cpp
Examining data/wxmaxima-19.07.0/src/LimitCell.h
Examining data/wxmaxima-19.07.0/src/LimitWiz.cpp
Examining data/wxmaxima-19.07.0/src/LimitWiz.h
Examining data/wxmaxima-19.07.0/src/ListSortWiz.cpp
Examining data/wxmaxima-19.07.0/src/ListSortWiz.h
Examining data/wxmaxima-19.07.0/src/LogPane.cpp
Examining data/wxmaxima-19.07.0/src/LogPane.h
Examining data/wxmaxima-19.07.0/src/MainMenuBar.cpp
Examining data/wxmaxima-19.07.0/src/MainMenuBar.h
Examining data/wxmaxima-19.07.0/src/MarkDown.cpp
Examining data/wxmaxima-19.07.0/src/MarkDown.h
Examining data/wxmaxima-19.07.0/src/MatWiz.cpp
Examining data/wxmaxima-19.07.0/src/MatWiz.h
Examining data/wxmaxima-19.07.0/src/MathParser.cpp
Examining data/wxmaxima-19.07.0/src/MathParser.h
Examining data/wxmaxima-19.07.0/src/MatrCell.cpp
Examining data/wxmaxima-19.07.0/src/MatrCell.h
Examining data/wxmaxima-19.07.0/src/MaxSizeChooser.cpp
Examining data/wxmaxima-19.07.0/src/MaxSizeChooser.h
Examining data/wxmaxima-19.07.0/src/Notification.cpp
Examining data/wxmaxima-19.07.0/src/Notification.h
Examining data/wxmaxima-19.07.0/src/ParenCell.cpp
Examining data/wxmaxima-19.07.0/src/ParenCell.h
Examining data/wxmaxima-19.07.0/src/Plot2dWiz.cpp
Examining data/wxmaxima-19.07.0/src/Plot2dWiz.h
Examining data/wxmaxima-19.07.0/src/Plot3dWiz.cpp
Examining data/wxmaxima-19.07.0/src/Plot3dWiz.h
Examining data/wxmaxima-19.07.0/src/PlotFormatWiz.cpp
Examining data/wxmaxima-19.07.0/src/PlotFormatWiz.h
Examining data/wxmaxima-19.07.0/src/Printout.cpp
Examining data/wxmaxima-19.07.0/src/Printout.h
Examining data/wxmaxima-19.07.0/src/RecentDocuments.cpp
Examining data/wxmaxima-19.07.0/src/RecentDocuments.h
Examining data/wxmaxima-19.07.0/src/SVGout.cpp
Examining data/wxmaxima-19.07.0/src/SVGout.h
Examining data/wxmaxima-19.07.0/src/SeriesWiz.cpp
Examining data/wxmaxima-19.07.0/src/SeriesWiz.h
Examining data/wxmaxima-19.07.0/src/SlideShowCell.cpp
Examining data/wxmaxima-19.07.0/src/SlideShowCell.h
Examining data/wxmaxima-19.07.0/src/SqrtCell.cpp
Examining data/wxmaxima-19.07.0/src/SqrtCell.h
Examining data/wxmaxima-19.07.0/src/StatusBar.cpp
Examining data/wxmaxima-19.07.0/src/StatusBar.h
Examining data/wxmaxima-19.07.0/src/SubCell.cpp
Examining data/wxmaxima-19.07.0/src/SubCell.h
Examining data/wxmaxima-19.07.0/src/SubSupCell.cpp
Examining data/wxmaxima-19.07.0/src/SubSupCell.h
Examining data/wxmaxima-19.07.0/src/SubstituteWiz.cpp
Examining data/wxmaxima-19.07.0/src/SubstituteWiz.h
Examining data/wxmaxima-19.07.0/src/SumCell.cpp
Examining data/wxmaxima-19.07.0/src/SumCell.h
Examining data/wxmaxima-19.07.0/src/SumWiz.cpp
Examining data/wxmaxima-19.07.0/src/SumWiz.h
Examining data/wxmaxima-19.07.0/src/SystemWiz.cpp
Examining data/wxmaxima-19.07.0/src/SystemWiz.h
Examining data/wxmaxima-19.07.0/src/TableOfContents.cpp
Examining data/wxmaxima-19.07.0/src/TableOfContents.h
Examining data/wxmaxima-19.07.0/src/TextCell.cpp
Examining data/wxmaxima-19.07.0/src/TextCell.h
Examining data/wxmaxima-19.07.0/src/TextStyle.cpp
Examining data/wxmaxima-19.07.0/src/TextStyle.h
Examining data/wxmaxima-19.07.0/src/TipOfTheDay.cpp
Examining data/wxmaxima-19.07.0/src/TipOfTheDay.h
Examining data/wxmaxima-19.07.0/src/ToolBar.cpp
Examining data/wxmaxima-19.07.0/src/ToolBar.h
Examining data/wxmaxima-19.07.0/src/VariablesPane.cpp
Examining data/wxmaxima-19.07.0/src/VariablesPane.h
Examining data/wxmaxima-19.07.0/src/Worksheet.cpp
Examining data/wxmaxima-19.07.0/src/Worksheet.h
Examining data/wxmaxima-19.07.0/src/XmlInspector.cpp
Examining data/wxmaxima-19.07.0/src/XmlInspector.h
Examining data/wxmaxima-19.07.0/src/invalidImage.h
Examining data/wxmaxima-19.07.0/src/main.cpp
Examining data/wxmaxima-19.07.0/src/wxMathml.cpp
Examining data/wxmaxima-19.07.0/src/wxMathml.h
Examining data/wxmaxima-19.07.0/src/wxMaxima.cpp
Examining data/wxmaxima-19.07.0/src/wxMaxima.h
Examining data/wxmaxima-19.07.0/src/wxMaximaFrame.cpp
Examining data/wxmaxima-19.07.0/src/wxMaximaFrame.h
Examining data/wxmaxima-19.07.0/src/wxMaximaIcon.cpp
Examining data/wxmaxima-19.07.0/src/wxMaximaIcon.h
FINAL RESULTS:
data/wxmaxima-19.07.0/src/BTextCtrl.cpp:112:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void BTextCtrl::CloseParenthesis(wxString open, wxString close, bool fromOpen)
data/wxmaxima-19.07.0/src/BTextCtrl.cpp:129:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(fromOpen ? open : wxT("")) + close +
data/wxmaxima-19.07.0/src/BTextCtrl.h:54:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void CloseParenthesis(wxString open, wxString close, bool fromOpen);
data/wxmaxima-19.07.0/src/ParenCell.cpp:458:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wxT("<mrow><mo>") + XMLescape(open) + wxT("</mo>") +
data/wxmaxima-19.07.0/src/wxMaxima.cpp:1028:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t sharedMemoryName[51];
data/wxmaxima-19.07.0/src/Configuration.cpp:554:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/wxmaxima-19.07.0/src/Gen2Wiz.cpp:34:56: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
wxDialog(parent, id, title, pos, size, style), equal(eq)
data/wxmaxima-19.07.0/src/Gen2Wiz.cpp:41:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
data/wxmaxima-19.07.0/src/Gen2Wiz.h:59:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal;
data/wxmaxima-19.07.0/src/wxMaxima.cpp:1036:5: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(sharedMemoryName, sharedMemoryName1.wchar_str(), 50);
data/wxmaxima-19.07.0/src/wxMaxima.cpp:1044:7: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(sharedMemoryName, sharedMemoryName2.wchar_str(), 50);
data/wxmaxima-19.07.0/src/wxMaxima.cpp:2412:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (wxFile(file, wxFile::read).Eof())
ANALYSIS SUMMARY:
Hits = 12
Lines analyzed = 185161 in approximately 12.58 seconds (14716 lines/second)
Physical Source Lines of Code (SLOC) = 168131
Hits@level = [0] 0 [1] 7 [2] 5 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 12 [1+] 12 [2+] 5 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.0713729 [1+] 0.0713729 [2+] 0.0297387 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.