Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/colortail-0.3.3/Usage.h
Examining data/colortail-0.3.3/acconfig.h
Examining data/colortail-0.3.3/Iterator.h
Examining data/colortail-0.3.3/Colorizer.cc
Examining data/colortail-0.3.3/CfgFileParser.cc
Examining data/colortail-0.3.3/Info.cc
Examining data/colortail-0.3.3/TailFile.cc
Examining data/colortail-0.3.3/Colorizer.h
Examining data/colortail-0.3.3/Info.h
Examining data/colortail-0.3.3/TailFile.h
Examining data/colortail-0.3.3/main.cc
Examining data/colortail-0.3.3/List.h
Examining data/colortail-0.3.3/CfgFileParser.h
Examining data/colortail-0.3.3/main.h
Examining data/colortail-0.3.3/OptionsParser.h
Examining data/colortail-0.3.3/OptionsParser.cc
Examining data/colortail-0.3.3/ColorTail.h
Examining data/colortail-0.3.3/Usage.cc
Examining data/colortail-0.3.3/ColorTail.cc
FINAL RESULTS:
data/colortail-0.3.3/CfgFileParser.cc:69:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_ansi_color_code, color);
data/colortail-0.3.3/CfgFileParser.cc:281:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, BLACK);
data/colortail-0.3.3/CfgFileParser.cc:286:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, RED);
data/colortail-0.3.3/CfgFileParser.cc:291:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, GREEN);
data/colortail-0.3.3/CfgFileParser.cc:296:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, YELLOW);
data/colortail-0.3.3/CfgFileParser.cc:301:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, BLUE);
data/colortail-0.3.3/CfgFileParser.cc:306:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, MAGENTA);
data/colortail-0.3.3/CfgFileParser.cc:311:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, CYAN);
data/colortail-0.3.3/CfgFileParser.cc:316:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, WHITE);
data/colortail-0.3.3/CfgFileParser.cc:321:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, BRIGHTBLACK);
data/colortail-0.3.3/CfgFileParser.cc:326:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, BRIGHTRED);
data/colortail-0.3.3/CfgFileParser.cc:331:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, BRIGHTGREEN);
data/colortail-0.3.3/CfgFileParser.cc:336:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, BRIGHTYELLOW);
data/colortail-0.3.3/CfgFileParser.cc:341:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, BRIGHTBLUE);
data/colortail-0.3.3/CfgFileParser.cc:346:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, BRIGHTMAGENTA);
data/colortail-0.3.3/CfgFileParser.cc:351:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, BRIGHTCYAN);
data/colortail-0.3.3/CfgFileParser.cc:356:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color, BRIGHTWHITE);
data/colortail-0.3.3/CfgFileParser.cc:520:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_filename, filename);
data/colortail-0.3.3/ColorTail.cc:112:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ccade, cade.c_str());
data/colortail-0.3.3/ColorTail.cc:139:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ccade, cade.c_str());
data/colortail-0.3.3/Colorizer.cc:143:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(color[k], current->m_ansi_color_code);
data/colortail-0.3.3/OptionsParser.cc:143:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(cs, str.c_str());
data/colortail-0.3.3/OptionsParser.cc:163:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(cs, str.c_str());
data/colortail-0.3.3/TailFile.cc:78:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_filename, filename);
data/colortail-0.3.3/OptionsParser.cc:101:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "qvn:fk:l", long_options, NULL);
data/colortail-0.3.3/CfgFileParser.cc:504:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_infile.open(filename, ios::in);
data/colortail-0.3.3/ColorTail.cc:101:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
new_tailfile->open(argv[i], colorizer);
data/colortail-0.3.3/ColorTail.cc:114:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
new_tailfile->open(argv[i], colorizer);
data/colortail-0.3.3/ColorTail.cc:129:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
new_tailfile->open(argv[i], colorizer);
data/colortail-0.3.3/ColorTail.cc:141:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
new_tailfile->open(argv[i], colorizer);
data/colortail-0.3.3/ColorTail.cc:150:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
new_tailfile->open(argv[i], NULL);
data/colortail-0.3.3/Colorizer.cc:100:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char color[MAX_CHARS_READ][20];
data/colortail-0.3.3/OptionsParser.cc:76:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m_error, "No error");
data/colortail-0.3.3/OptionsParser.cc:205:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
o->rows = atoi(optarg);
data/colortail-0.3.3/OptionsParser.cc:209:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(m_error,
data/colortail-0.3.3/OptionsParser.h:76:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cfg_filenames[MAX_FILES];
data/colortail-0.3.3/OptionsParser.h:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_error[512];
data/colortail-0.3.3/TailFile.cc:62:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int TailFile::open(char *filename, Colorizer *colorizer)
data/colortail-0.3.3/TailFile.cc:81:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file = fopen(filename, "r");
data/colortail-0.3.3/TailFile.cc:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_CHARS_READ];
data/colortail-0.3.3/TailFile.cc:168:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufSize];
data/colortail-0.3.3/TailFile.cc:195:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufSize];
data/colortail-0.3.3/TailFile.h:56:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(char *filename, Colorizer *colorizer);
data/colortail-0.3.3/CfgFileParser.cc:68:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_ansi_color_code = new char[strlen(color)+1];
data/colortail-0.3.3/CfgFileParser.cc:519:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_filename = new char[strlen(filename) + 1];
data/colortail-0.3.3/Colorizer.cc:158:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(str);
data/colortail-0.3.3/Colorizer.cc:186:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (str[strlen(str)-1] == '\n')
data/colortail-0.3.3/Colorizer.cc:205:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(str);
data/colortail-0.3.3/OptionsParser.cc:251:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = 0, len = strlen(str);
data/colortail-0.3.3/TailFile.cc:77:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_filename = new char[strlen(filename) + 1];
data/colortail-0.3.3/TailFile.cc:233:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buf[j] = fgetc(m_file);
data/colortail-0.3.3/TailFile.cc:352:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = fgetc(m_file);
ANALYSIS SUMMARY:
Hits = 52
Lines analyzed = 2919 in approximately 0.15 seconds (19496 lines/second)
Physical Source Lines of Code (SLOC) = 1547
Hits@level = [0] 0 [1] 9 [2] 18 [3] 1 [4] 24 [5] 0
Hits@level+ = [0+] 52 [1+] 52 [2+] 43 [3+] 25 [4+] 24 [5+] 0
Hits/KSLOC@level+ = [0+] 33.6134 [1+] 33.6134 [2+] 27.7957 [3+] 16.1603 [4+] 15.5139 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.