Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/cassbeam-1.1/antenna.c Examining data/cassbeam-1.1/antenna.h Examining data/cassbeam-1.1/cassbeam.c Examining data/cassbeam-1.1/constants.h Examining data/cassbeam-1.1/illum.c Examining data/cassbeam-1.1/illum.h Examining data/cassbeam-1.1/image-vector.c Examining data/cassbeam-1.1/image-vector.h Examining data/cassbeam-1.1/image.c Examining data/cassbeam-1.1/image.h Examining data/cassbeam-1.1/intvector.c Examining data/cassbeam-1.1/intvector.h Examining data/cassbeam-1.1/keyvalue.c Examining data/cassbeam-1.1/keyvalue.h Examining data/cassbeam-1.1/mathfunc.c Examining data/cassbeam-1.1/mathfunc.h Examining data/cassbeam-1.1/polygon.c Examining data/cassbeam-1.1/polygon.h Examining data/cassbeam-1.1/randdist.c Examining data/cassbeam-1.1/randdist.h Examining data/cassbeam-1.1/vecarray.c Examining data/cassbeam-1.1/vecarray.h Examining data/cassbeam-1.1/vector-fftw.c Examining data/cassbeam-1.1/vector-fftw.h Examining data/cassbeam-1.1/vector.c Examining data/cassbeam-1.1/vector.h FINAL RESULTS: data/cassbeam-1.1/cassbeam.c:297:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.illumamp.pgm", I->prefix); data/cassbeam-1.1/cassbeam.c:299:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.illumphase.pgm", I->prefix); data/cassbeam-1.1/cassbeam.c:301:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.illumblock.pgm", I->prefix); data/cassbeam-1.1/cassbeam.c:335:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.params", I->prefix); data/cassbeam-1.1/cassbeam.c:371:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if(sscanf(argv[i], "%s %s", k, v) != 2) continue; data/cassbeam-1.1/illum.c:393:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.jones.dat", I->prefix); data/cassbeam-1.1/illum.c:451:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s.%s.pgm", I->prefix, stokename[i]); data/cassbeam-1.1/keyvalue.c:123:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if(sscanf(str, "%s %s\n", K, V) != 2) continue; data/cassbeam-1.1/vecarray.c:549:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, f, a[j][i]); data/cassbeam-1.1/vector.c:677:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, format, v[i]); data/cassbeam-1.1/vector.c:1056:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. n = sscanf(l , format, d , d+1 , d+2 , d+3 , data/cassbeam-1.1/vector.c:1078:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. n = sscanf(l , format, d , d+1 , d+2 , d+3 , data/cassbeam-1.1/vector.c:1177:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, format, data[i][j]); data/cassbeam-1.1/antenna.c:451:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramfile[100]; data/cassbeam-1.1/cassbeam.c:293:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1000]; data/cassbeam-1.1/cassbeam.c:311:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1000]; data/cassbeam-1.1/cassbeam.c:352:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char k[100], v[100]; data/cassbeam-1.1/illum.c:249:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1000]; data/cassbeam-1.1/illum.c:394:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/cassbeam-1.1/image.c:52:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int readpgmline(FILE *in, char line[100], const char *filename) data/cassbeam-1.1/image.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[100]; data/cassbeam-1.1/image.c:84:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "r"); data/cassbeam-1.1/image.c:159:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[100]; data/cassbeam-1.1/image.c:164:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "r"); data/cassbeam-1.1/image.c:247:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/cassbeam-1.1/intvector.c:91:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/cassbeam-1.1/keyvalue.c:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[100]; data/cassbeam-1.1/keyvalue.c:79:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(v, "%f", value); data/cassbeam-1.1/keyvalue.c:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1000], K[200], V[200]; data/cassbeam-1.1/keyvalue.c:103:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else in = fopen(filename, "r"); data/cassbeam-1.1/keyvalue.c:137:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/cassbeam-1.1/keyvalue.c:164:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(p->value[i]); data/cassbeam-1.1/keyvalue.h:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *key[KV_MAXPARMS]; data/cassbeam-1.1/keyvalue.h:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *value[KV_MAXPARMS]; data/cassbeam-1.1/vecarray.c:467:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/cassbeam-1.1/vecarray.c:469:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "r"); data/cassbeam-1.1/vecarray.c:491:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "r"); data/cassbeam-1.1/vecarray.c:535:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/cassbeam-1.1/vector.c:654:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/cassbeam-1.1/vector.c:670:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/cassbeam-1.1/vector.c:691:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else out = fopen(filename, "w"); data/cassbeam-1.1/vector.c:710:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else in = fopen(filename, "r"); data/cassbeam-1.1/vector.c:1016:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[100]; data/cassbeam-1.1/vector.c:1022:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%f", v[0]); data/cassbeam-1.1/vector.c:1027:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, ", %f", v[i]); data/cassbeam-1.1/vector.c:1043:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char l[1000]; data/cassbeam-1.1/vector.c:1045:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "r"); data/cassbeam-1.1/vector.c:1072:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "r"); data/cassbeam-1.1/vector.c:1123:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/cassbeam-1.1/vector.c:1166:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/cassbeam-1.1/vector.c:1213:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/cassbeam-1.1/vector.c:1257:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(filename, "w"); data/cassbeam-1.1/vector.c:1426:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else out = fopen(filename, "w"); data/cassbeam-1.1/vector.c:1449:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else in = fopen(filename, "r"); data/cassbeam-1.1/antenna.c:457:20: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if(paramfilename) strncpy(paramfile, paramfilename, 99); data/cassbeam-1.1/antenna.c:458:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. else strncpy(paramfile, "(input file)", 99); data/cassbeam-1.1/image.c:63:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(line) > 98) ANALYSIS SUMMARY: Hits = 57 Lines analyzed = 10967 in approximately 0.32 seconds (34634 lines/second) Physical Source Lines of Code (SLOC) = 8483 Hits@level = [0] 183 [1] 3 [2] 41 [3] 0 [4] 13 [5] 0 Hits@level+ = [0+] 240 [1+] 57 [2+] 54 [3+] 13 [4+] 13 [5+] 0 Hits/KSLOC@level+ = [0+] 28.2919 [1+] 6.71932 [2+] 6.36567 [3+] 1.53248 [4+] 1.53248 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.