Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/actions.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/actions-live.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/alarm-queue.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/alarm-queue-simple.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/appointment.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/clock.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/clock-mock.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/date-time.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/dbus-shared.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/engine-eds.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/engine.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/engine-mock.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/exporter.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/formatter.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/locations.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/locations-settings.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/menu.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/myself.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/planner-aggregate.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/planner.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/planner-month.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/planner-range.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/planner-snooze.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/planner-upcoming.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/settings.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/settings-live.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/settings-shared.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/snap.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/state.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/timezone-geoclue.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/timezone.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/timezones.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/timezones-live.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/timezone-timedated.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/utils.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/wakeup-timer.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/wakeup-timer-mainloop.h
Examining data/ayatana-indicator-datetime-0.8.1/include/datetime/wakeup-timer-powerd.h
Examining data/ayatana-indicator-datetime-0.8.1/include/notifications/awake.h
Examining data/ayatana-indicator-datetime-0.8.1/include/notifications/dbus-shared.h
Examining data/ayatana-indicator-datetime-0.8.1/include/notifications/haptic.h
Examining data/ayatana-indicator-datetime-0.8.1/include/notifications/notifications.h
Examining data/ayatana-indicator-datetime-0.8.1/include/notifications/sound.h
Examining data/ayatana-indicator-datetime-0.8.1/src/actions.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/actions-live.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/alarm-queue-simple.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/appointment.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/awake.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/clock.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/clock-live.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/date-time.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/engine-eds.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/exporter.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/formatter.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/formatter-desktop.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/haptic.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/locations.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/locations-settings.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/main.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/menu.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/myself.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/notifications.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/planner-aggregate.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/planner.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/planner-month.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/planner-range.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/planner-snooze.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/planner-upcoming.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/settings-live.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/snap.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/sound.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/timezone-geoclue.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/timezones-live.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/timezone-timedated.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/utils.c
Examining data/ayatana-indicator-datetime-0.8.1/src/wakeup-timer-mainloop.cpp
Examining data/ayatana-indicator-datetime-0.8.1/src/wakeup-timer-powerd.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/actions-mock.h
Examining data/ayatana-indicator-datetime-0.8.1/tests/geoclue-fixture.h
Examining data/ayatana-indicator-datetime-0.8.1/tests/glib-fixture.h
Examining data/ayatana-indicator-datetime-0.8.1/tests/manual-test-snap.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/planner-mock.h
Examining data/ayatana-indicator-datetime-0.8.1/tests/print-to.h
Examining data/ayatana-indicator-datetime-0.8.1/tests/state-fixture.h
Examining data/ayatana-indicator-datetime-0.8.1/tests/state-mock.h
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-actions.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-alarm-queue.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-clock.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-datetime.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-dbus-fixture.h
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-eds-ics-all-day-events.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-eds-ics-missing-trigger.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-eds-ics-nonrepeating-events.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-eds-ics-repeating-events.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-eds-ics-repeating-valarms.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-eds-ics-tzids-2.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-eds-ics-tzids.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-exporter.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-formatter.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-live-actions.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-locations.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-menus.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-planner.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-settings.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-snap.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-timezone-geoclue.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-timezones.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-timezone-timedated.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/test-utils.cpp
Examining data/ayatana-indicator-datetime-0.8.1/tests/timedated-fixture.h
Examining data/ayatana-indicator-datetime-0.8.1/tests/timezone-mock.h
Examining data/ayatana-indicator-datetime-0.8.1/tests/wakeup-timer-mock.h
FINAL RESULTS:
data/ayatana-indicator-datetime-0.8.1/tests/test-datetime.cpp:61:32: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return DateTime::Local(g_rand_int_range(m_rand, 1970, 3000),
data/ayatana-indicator-datetime-0.8.1/tests/test-datetime.cpp:62:32: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_rand_int_range(m_rand, 1, 13),
data/ayatana-indicator-datetime-0.8.1/tests/test-datetime.cpp:63:32: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_rand_int_range(m_rand, 1, 29),
data/ayatana-indicator-datetime-0.8.1/tests/test-datetime.cpp:64:32: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_rand_int_range(m_rand, 0, 24),
data/ayatana-indicator-datetime-0.8.1/tests/test-datetime.cpp:65:32: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_rand_int_range(m_rand, 0, 60),
data/ayatana-indicator-datetime-0.8.1/tests/test-datetime.cpp:66:32: [3] (random) g_rand_double_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g_rand_double_range(m_rand, 0, 60.0));
data/ayatana-indicator-datetime-0.8.1/tests/test-timezone-timedated.cpp:57:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto fp = fopen(TIMEZONE_FILE, "w+");
data/ayatana-indicator-datetime-0.8.1/tests/test-timezones.cpp:41:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto fp = fopen(TIMEZONE_FILE, "w+");
data/ayatana-indicator-datetime-0.8.1/src/clock-live.cpp:138:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n_bytes = read(fd, &n_interrupts, sizeof(uint64_t));
data/ayatana-indicator-datetime-0.8.1/src/engine-eds.cpp:906:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
identifier = pch + strlen(key);
data/ayatana-indicator-datetime-0.8.1/src/engine-eds.cpp:909:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
identifier = pch + strlen(key);
ANALYSIS SUMMARY:
Hits = 11
Lines analyzed = 16486 in approximately 0.41 seconds (39862 lines/second)
Physical Source Lines of Code (SLOC) = 10293
Hits@level = [0] 2 [1] 3 [2] 2 [3] 6 [4] 0 [5] 0
Hits@level+ = [0+] 13 [1+] 11 [2+] 8 [3+] 6 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.26299 [1+] 1.06869 [2+] 0.777227 [3+] 0.58292 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.