Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/colorized-logs-2.5/ansi2html.c
Examining data/colorized-logs-2.5/ansi2txt.c
Examining data/colorized-logs-2.5/pipetty.c
Examining data/colorized-logs-2.5/signals.c
Examining data/colorized-logs-2.5/ttyrec2ansi.c
FINAL RESULTS:
data/colorized-logs-2.5/ansi2html.c:125:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cl+=sprintf(cl, " %s", cols[_fg]);
data/colorized-logs-2.5/ansi2html.c:131:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cl+=sprintf(cl, " B%s", cols[_bg]);
data/colorized-logs-2.5/ansi2html.c:136:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cl+=sprintf(cl, (fl&STRIKE)?" UNDSTR":" UND");
data/colorized-logs-2.5/ansi2html.c:207:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(no_header?"</span>":"</b>");
data/colorized-logs-2.5/pipetty.c:31:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, PN ": ");
data/colorized-logs-2.5/pipetty.c:33:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, ap);
data/colorized-logs-2.5/pipetty.c:84:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[1], (char*const*)argv+1);
data/colorized-logs-2.5/pipetty.c:106:13: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("less", "less", "-R", "-", 0);
data/colorized-logs-2.5/ansi2html.c:245:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "-nwt:lc", long_options, 0);
data/colorized-logs-2.5/ansi2html.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clbuf[32], *cl=clbuf;
data/colorized-logs-2.5/ansi2html.c:128:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cl+=sprintf(cl, " BOLD");
data/colorized-logs-2.5/ansi2html.c:134:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cl+=sprintf(cl, " ITA");
data/colorized-logs-2.5/ansi2html.c:138:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
cl+=sprintf(cl, " STR");
data/colorized-logs-2.5/pipetty.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16384];
data/colorized-logs-2.5/ttyrec2ansi.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFFER_SIZE];
data/colorized-logs-2.5/ansi2html.c:345:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch=getchar();
data/colorized-logs-2.5/ansi2html.c:361:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:365:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:369:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:373:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:378:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:384:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:388:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:392:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:396:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:400:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:404:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:414:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:417:19: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (;;ch=getchar())
data/colorized-logs-2.5/ansi2html.c:421:20: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar(); /* want ESC \ but we accept ESC anything */
data/colorized-logs-2.5/ansi2html.c:423:20: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar(); /* BELL is the alternate terminator */
data/colorized-logs-2.5/ansi2html.c:428:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:430:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:434:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:442:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:448:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:453:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:568:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:578:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:583:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar(); /* invalid/unimplemented code, ignore */
data/colorized-logs-2.5/ansi2html.c:591:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2html.c:594:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2txt.c:8:12: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/ansi2txt.c:10:21: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch=getchar())!=10)
data/colorized-logs-2.5/ansi2txt.c:13:21: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch=getchar())=='[')
data/colorized-logs-2.5/ansi2txt.c:14:28: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch=getchar())==';'||(ch>='0'&&ch<='9')||ch=='?');
data/colorized-logs-2.5/ansi2txt.c:15:35: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (ch==']'&&(ch=getchar())>=0&&ch<='9')
data/colorized-logs-2.5/ansi2txt.c:18:29: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ch=getchar())==EOF||ch==7)
data/colorized-logs-2.5/ansi2txt.c:21:29: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ch=getchar(); break;}
data/colorized-logs-2.5/ansi2txt.c:24:20: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=getchar();
data/colorized-logs-2.5/pipetty.c:43:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen = strlen(proc);
data/colorized-logs-2.5/pipetty.c:44:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nlen = strlen(name);
data/colorized-logs-2.5/pipetty.c:118:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((r=read(master, buf, sizeof(buf)))>0)
ANALYSIS SUMMARY:
Hits = 53
Lines analyzed = 891 in approximately 0.07 seconds (12370 lines/second)
Physical Source Lines of Code (SLOC) = 822
Hits@level = [0] 58 [1] 38 [2] 6 [3] 1 [4] 8 [5] 0
Hits@level+ = [0+] 111 [1+] 53 [2+] 15 [3+] 9 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 135.036 [1+] 64.4769 [2+] 18.2482 [3+] 10.9489 [4+] 9.73236 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.