Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/bitwise-0.41/inc/shunting-yard.h Examining data/bitwise-0.41/inc/bitwise.h Examining data/bitwise-0.41/inc/stack.h Examining data/bitwise-0.41/src/misc.c Examining data/bitwise-0.41/src/cmd.c Examining data/bitwise-0.41/src/shunting-yard.c Examining data/bitwise-0.41/src/help.c Examining data/bitwise-0.41/src/interactive.c Examining data/bitwise-0.41/src/main.c Examining data/bitwise-0.41/src/stack.c Examining data/bitwise-0.41/tests/test-shunting-yard.c FINAL RESULTS: data/bitwise-0.41/inc/bitwise.h:99:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fd, __VA_ARGS__); \ data/bitwise-0.41/src/main.c:68:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. pos += sprintf(&binary[pos], "%s", color_white); data/bitwise-0.41/src/main.c:74:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. pos += sprintf(&binary[pos], "%s", color_blue); data/bitwise-0.41/src/main.c:78:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. pos += sprintf(&binary[pos], "%s", color_magenta); data/bitwise-0.41/src/main.c:101:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(PACKAGE " " VERSION "\n"); data/bitwise-0.41/src/misc.c:97:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, args); data/bitwise-0.41/src/misc.c:164:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. ret = sscanf(buf, "%" PRIu64, value); data/bitwise-0.41/src/misc.c:167:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. ret = sscanf(buf, "%" PRIX64, value); data/bitwise-0.41/src/misc.c:170:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. ret = sscanf(buf, "%" PRIo64, value); data/bitwise-0.41/src/misc.c:211:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. rc = sprintf(buf, "%" PRIu64, val); data/bitwise-0.41/src/misc.c:214:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. rc = sprintf(buf, "%" PRIx64, val); data/bitwise-0.41/src/misc.c:217:8: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. rc = sprintf(buf, "%" PRIo64, val); data/bitwise-0.41/src/misc.c:238:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "Decimal: %" PRIu64, val); data/bitwise-0.41/src/misc.c:241:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "Hexadecimal: 0x%" PRIx64, val); data/bitwise-0.41/src/misc.c:244:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "Octal: 0%" PRIo64, val); data/bitwise-0.41/src/misc.c:290:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. ret = sprintf(buf, "%" PRIu64, val); data/bitwise-0.41/src/misc.c:303:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. ret = sprintf(buf, "%" PRIu64, val); data/bitwise-0.41/src/main.c:146:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "vhisw:", long_options, &option_index); data/bitwise-0.41/src/cmd.c:99:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *tokens[MAX_TOKENS]; data/bitwise-0.41/src/cmd.c:148:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_string[256]; data/bitwise-0.41/src/interactive.c:125:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binary_field[DBL_BINARY_WIN_LEN]; data/bitwise-0.41/src/interactive.c:266:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number[64]; data/bitwise-0.41/src/main.c:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_size[16]; data/bitwise-0.41/src/main.c:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char binary[512]; data/bitwise-0.41/src/main.c:128:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen("log.txt", "w"); data/bitwise-0.41/src/misc.c:221:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Not implemeted"); data/bitwise-0.41/src/misc.c:247:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos = sprintf(buf, "Binary: "); data/bitwise-0.41/src/misc.c:280:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ret = sprintf(buf, "%.2lf PB", f_val / PB); data/bitwise-0.41/src/misc.c:282:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ret = sprintf(buf, "%.2lf TB", f_val / TB); data/bitwise-0.41/src/misc.c:284:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ret = sprintf(buf, "%.2lf GB", f_val / GB); data/bitwise-0.41/src/misc.c:286:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ret = sprintf(buf, "%.2lf MB", f_val / MB); data/bitwise-0.41/src/misc.c:288:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ret = sprintf(buf, "%.2lf Kb", f_val / kB); data/bitwise-0.41/src/misc.c:293:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ret = sprintf(buf, "%.2lf PiB", f_val / PiB); data/bitwise-0.41/src/misc.c:295:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ret = sprintf(buf, "%.2lf TiB", f_val / TiB); data/bitwise-0.41/src/misc.c:297:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ret = sprintf(buf, "%.2lf GiB", f_val / GiB); data/bitwise-0.41/src/misc.c:299:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ret = sprintf(buf, "%.2lf MiB", f_val / MiB); data/bitwise-0.41/src/misc.c:301:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ret = sprintf(buf, "%.2lf KiB", f_val / KiB); data/bitwise-0.41/src/shunting-yard.c:143:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cur_token[MAX_TOKEN_SIZE]; data/bitwise-0.41/src/cmd.c:37:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(cmds[i].name, cmd_name, strlen(cmds[i].name))) data/bitwise-0.41/src/cmd.c:90:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(string); i++) data/bitwise-0.41/src/help.c:46:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mvwprintw(help_win, 0, COLS / 2 - strlen(help_header), "%s", data/bitwise-0.41/src/interactive.c:570:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mvprintw(0, (COLS - strlen(title)) / 2, "%s", title); data/bitwise-0.41/src/interactive.c:572:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mvwprintw(fields_win, 0, (cols + 6 - strlen(width_str)) / 2, "%s", data/bitwise-0.41/src/main.c:182:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). expr_len += strlen(argv[i]); data/bitwise-0.41/src/main.c:192:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&expression[expr_pos], argv[i], expr_len - expr_pos); data/bitwise-0.41/src/main.c:193:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). expr_pos += strlen(argv[i]); data/bitwise-0.41/src/shunting-yard.c:172:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c += token.value ? strlen(token.value) : 1; ANALYSIS SUMMARY: Hits = 47 Lines analyzed = 2605 in approximately 0.07 seconds (36152 lines/second) Physical Source Lines of Code (SLOC) = 2140 Hits@level = [0] 30 [1] 9 [2] 20 [3] 1 [4] 17 [5] 0 Hits@level+ = [0+] 77 [1+] 47 [2+] 38 [3+] 18 [4+] 17 [5+] 0 Hits/KSLOC@level+ = [0+] 35.9813 [1+] 21.9626 [2+] 17.757 [3+] 8.41121 [4+] 7.94393 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.