Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dballe-8.6/bench/query.cc Examining data/dballe-8.6/bench/import.cc Examining data/dballe-8.6/src/dbadb.cc Examining data/dballe-8.6/src/dbamsg.cc Examining data/dballe-8.6/src/dbatbl.cc Examining data/dballe-8.6/dballe/values.cc Examining data/dballe-8.6/dballe/file.cc Examining data/dballe-8.6/dballe/query.cc Examining data/dballe-8.6/dballe/types.cc Examining data/dballe-8.6/dballe/value-test.cc Examining data/dballe-8.6/dballe/python.h Examining data/dballe-8.6/dballe/cursor.cc Examining data/dballe-8.6/dballe/db.cc Examining data/dballe-8.6/dballe/tests-main.cc Examining data/dballe-8.6/dballe/value.h Examining data/dballe-8.6/dballe/types.h Examining data/dballe-8.6/dballe/db-test.cc Examining data/dballe-8.6/dballe/cursor.h Examining data/dballe-8.6/dballe/data-test.cc Examining data/dballe-8.6/dballe/message-test.cc Examining data/dballe-8.6/dballe/types-test.cc Examining data/dballe-8.6/dballe/cmdline/conversion.cc Examining data/dballe-8.6/dballe/cmdline/processor-test.cc Examining data/dballe-8.6/dballe/cmdline/dbadb.h Examining data/dballe-8.6/dballe/cmdline/conversion.h Examining data/dballe-8.6/dballe/cmdline/processor.h Examining data/dballe-8.6/dballe/cmdline/dbadb.cc Examining data/dballe-8.6/dballe/cmdline/cmdline.cc Examining data/dballe-8.6/dballe/cmdline/processor.cc Examining data/dballe-8.6/dballe/cmdline/cmdline.h Examining data/dballe-8.6/dballe/cmdline/dbadb-test.cc Examining data/dballe-8.6/dballe/core/error.h Examining data/dballe-8.6/dballe/core/aliases-test.cc Examining data/dballe-8.6/dballe/core/shortcuts-access.in.cc Examining data/dballe-8.6/dballe/core/values.cc Examining data/dballe-8.6/dballe/core/file.cc Examining data/dballe-8.6/dballe/core/shortcuts-test.cc Examining data/dballe-8.6/dballe/core/error.cc Examining data/dballe-8.6/dballe/core/query.cc Examining data/dballe-8.6/dballe/core/matcher.h Examining data/dballe-8.6/dballe/core/cursor.cc Examining data/dballe-8.6/dballe/core/benchmark.h Examining data/dballe-8.6/dballe/core/structbuf.h Examining data/dballe-8.6/dballe/core/structbuf.cc Examining data/dballe-8.6/dballe/core/matcher-test.cc Examining data/dballe-8.6/dballe/core/data-access.in.cc Examining data/dballe-8.6/dballe/core/csv.cc Examining data/dballe-8.6/dballe/core/json.h Examining data/dballe-8.6/dballe/core/varmatch.h Examining data/dballe-8.6/dballe/core/tests.h Examining data/dballe-8.6/dballe/core/aliases.cc Examining data/dballe-8.6/dballe/core/string.cc Examining data/dballe-8.6/dballe/core/defs.h Examining data/dballe-8.6/dballe/core/cursor.h Examining data/dballe-8.6/dballe/core/data-test.cc Examining data/dballe-8.6/dballe/core/smallset.h Examining data/dballe-8.6/dballe/core/query-access.cc Examining data/dballe-8.6/dballe/core/data-access.cc Examining data/dballe-8.6/dballe/core/cursor-test.cc Examining data/dballe-8.6/dballe/core/shortcuts.cc Examining data/dballe-8.6/dballe/core/csv.h Examining data/dballe-8.6/dballe/core/values.h Examining data/dballe-8.6/dballe/core/csv-test.cc Examining data/dballe-8.6/dballe/core/json-test.cc Examining data/dballe-8.6/dballe/core/string.h Examining data/dballe-8.6/dballe/core/var.h Examining data/dballe-8.6/dballe/core/structbuf-test.cc Examining data/dballe-8.6/dballe/core/varmatch-test.cc Examining data/dballe-8.6/dballe/core/aliases.h Examining data/dballe-8.6/dballe/core/vasprintf.h Examining data/dballe-8.6/dballe/core/data.cc Examining data/dballe-8.6/dballe/core/defs.cc Examining data/dballe-8.6/dballe/core/data.h Examining data/dballe-8.6/dballe/core/enq.h Examining data/dballe-8.6/dballe/core/match-wreport-test.cc Examining data/dballe-8.6/dballe/core/query-test.cc Examining data/dballe-8.6/dballe/core/arrayfile.h Examining data/dballe-8.6/dballe/core/smallset-test.cc Examining data/dballe-8.6/dballe/core/fwd.h Examining data/dballe-8.6/dballe/core/shortcuts-access.cc Examining data/dballe-8.6/dballe/core/shortcuts.h Examining data/dballe-8.6/dballe/core/var.cc Examining data/dballe-8.6/dballe/core/values-test.cc Examining data/dballe-8.6/dballe/core/match-wreport.cc Examining data/dballe-8.6/dballe/core/arrayfile.cc Examining data/dballe-8.6/dballe/core/query.h Examining data/dballe-8.6/dballe/core/file.h Examining data/dballe-8.6/dballe/core/json.cc Examining data/dballe-8.6/dballe/core/string-test.cc Examining data/dballe-8.6/dballe/core/defs-test.cc Examining data/dballe-8.6/dballe/core/varmatch.cc Examining data/dballe-8.6/dballe/core/tests.cc Examining data/dballe-8.6/dballe/core/var-test.cc Examining data/dballe-8.6/dballe/core/file-test.cc Examining data/dballe-8.6/dballe/core/matcher.cc Examining data/dballe-8.6/dballe/core/byteswap.h Examining data/dballe-8.6/dballe/core/trace.h Examining data/dballe-8.6/dballe/core/match-wreport.h Examining data/dballe-8.6/dballe/core/benchmark.cc Examining data/dballe-8.6/dballe/core/query-access.in.cc Examining data/dballe-8.6/dballe/db/db-query-summary-test.cc Examining data/dballe-8.6/dballe/db/db-query-station-test.cc Examining data/dballe-8.6/dballe/db/db-import-test.cc Examining data/dballe-8.6/dballe/db/db-query-data-test.cc Examining data/dballe-8.6/dballe/db/summary-test.cc Examining data/dballe-8.6/dballe/db/db.cc Examining data/dballe-8.6/dballe/db/tests.h Examining data/dballe-8.6/dballe/db/explorer.cc Examining data/dballe-8.6/dballe/db/db-misc-test.cc Examining data/dballe-8.6/dballe/db/summary.cc Examining data/dballe-8.6/dballe/db/defs.h Examining data/dballe-8.6/dballe/db/db-test.cc Examining data/dballe-8.6/dballe/db/db-basic-test.cc Examining data/dballe-8.6/dballe/db/summary-access.cc Examining data/dballe-8.6/dballe/db/db-export-test.cc Examining data/dballe-8.6/dballe/db/db.h Examining data/dballe-8.6/dballe/db/v7/internals.h Examining data/dballe-8.6/dballe/db/v7/levtr-test.cc Examining data/dballe-8.6/dballe/db/v7/postgresql/levtr.h Examining data/dballe-8.6/dballe/db/v7/postgresql/station.h Examining data/dballe-8.6/dballe/db/v7/postgresql/driver.h Examining data/dballe-8.6/dballe/db/v7/postgresql/repinfo.h Examining data/dballe-8.6/dballe/db/v7/postgresql/repinfo.cc Examining data/dballe-8.6/dballe/db/v7/postgresql/data.cc Examining data/dballe-8.6/dballe/db/v7/postgresql/data.h Examining data/dballe-8.6/dballe/db/v7/postgresql/levtr.cc Examining data/dballe-8.6/dballe/db/v7/postgresql/station.cc Examining data/dballe-8.6/dballe/db/v7/postgresql/driver.cc Examining data/dballe-8.6/dballe/db/v7/utils.cc Examining data/dballe-8.6/dballe/db/v7/cache-test.cc Examining data/dballe-8.6/dballe/db/v7/batch.h Examining data/dballe-8.6/dballe/db/v7/cursor.cc Examining data/dballe-8.6/dballe/db/v7/cursor-access.cc Examining data/dballe-8.6/dballe/db/v7/cache.cc Examining data/dballe-8.6/dballe/db/v7/db.cc Examining data/dballe-8.6/dballe/db/v7/levtr.h Examining data/dballe-8.6/dballe/db/v7/cache.h Examining data/dballe-8.6/dballe/db/v7/station.h Examining data/dballe-8.6/dballe/db/v7/cursor.h Examining data/dballe-8.6/dballe/db/v7/data-test.cc Examining data/dballe-8.6/dballe/db/v7/transaction.cc Examining data/dballe-8.6/dballe/db/v7/batch.cc Examining data/dballe-8.6/dballe/db/v7/mysql/levtr.h Examining data/dballe-8.6/dballe/db/v7/mysql/station.h Examining data/dballe-8.6/dballe/db/v7/mysql/driver.h Examining data/dballe-8.6/dballe/db/v7/mysql/repinfo.h Examining data/dballe-8.6/dballe/db/v7/mysql/repinfo.cc Examining data/dballe-8.6/dballe/db/v7/mysql/data.cc Examining data/dballe-8.6/dballe/db/v7/mysql/data.h Examining data/dballe-8.6/dballe/db/v7/mysql/levtr.cc Examining data/dballe-8.6/dballe/db/v7/mysql/station.cc Examining data/dballe-8.6/dballe/db/v7/mysql/driver.cc Examining data/dballe-8.6/dballe/db/v7/cursor-access.in.cc Examining data/dballe-8.6/dballe/db/v7/driver.h Examining data/dballe-8.6/dballe/db/v7/db.h Examining data/dballe-8.6/dballe/db/v7/repinfo.h Examining data/dballe-8.6/dballe/db/v7/batch-test.cc Examining data/dballe-8.6/dballe/db/v7/qbuilder.cc Examining data/dballe-8.6/dballe/db/v7/repinfo.cc Examining data/dballe-8.6/dballe/db/v7/data.cc Examining data/dballe-8.6/dballe/db/v7/import.cc Examining data/dballe-8.6/dballe/db/v7/data.h Examining data/dballe-8.6/dballe/db/v7/transaction.h Examining data/dballe-8.6/dballe/db/v7/levtr.cc Examining data/dballe-8.6/dballe/db/v7/fwd.h Examining data/dballe-8.6/dballe/db/v7/utils.h Examining data/dballe-8.6/dballe/db/v7/trace-test.cc Examining data/dballe-8.6/dballe/db/v7/repinfo-test.cc Examining data/dballe-8.6/dballe/db/v7/station.cc Examining data/dballe-8.6/dballe/db/v7/export.cc Examining data/dballe-8.6/dballe/db/v7/utils-test.cc Examining data/dballe-8.6/dballe/db/v7/sqlite/levtr.h Examining data/dballe-8.6/dballe/db/v7/sqlite/station.h Examining data/dballe-8.6/dballe/db/v7/sqlite/driver.h Examining data/dballe-8.6/dballe/db/v7/sqlite/repinfo.h Examining data/dballe-8.6/dballe/db/v7/sqlite/repinfo.cc Examining data/dballe-8.6/dballe/db/v7/sqlite/data.cc Examining data/dballe-8.6/dballe/db/v7/sqlite/data.h Examining data/dballe-8.6/dballe/db/v7/sqlite/levtr.cc Examining data/dballe-8.6/dballe/db/v7/sqlite/station.cc Examining data/dballe-8.6/dballe/db/v7/sqlite/driver.cc Examining data/dballe-8.6/dballe/db/v7/trace.cc Examining data/dballe-8.6/dballe/db/v7/trace.h Examining data/dballe-8.6/dballe/db/v7/station-test.cc Examining data/dballe-8.6/dballe/db/v7/qbuilder.h Examining data/dballe-8.6/dballe/db/v7/driver.cc Examining data/dballe-8.6/dballe/db/fwd.h Examining data/dballe-8.6/dballe/db/explorer.h Examining data/dballe-8.6/dballe/db/explorer-test.cc Examining data/dballe-8.6/dballe/db/summary.h Examining data/dballe-8.6/dballe/db/tests.cc Examining data/dballe-8.6/dballe/db/summary-access.in.cc Examining data/dballe-8.6/dballe/cursor-test.cc Examining data/dballe-8.6/dballe/msg/context-test.cc Examining data/dballe-8.6/dballe/msg/wr_importers/flight.cc Examining data/dballe-8.6/dballe/msg/wr_importers/generic.cc Examining data/dballe-8.6/dballe/msg/wr_importers/pollution.cc Examining data/dballe-8.6/dballe/msg/wr_importers/metar.cc Examining data/dballe-8.6/dballe/msg/wr_importers/base.cc Examining data/dballe-8.6/dballe/msg/wr_importers/temp.cc Examining data/dballe-8.6/dballe/msg/wr_importers/ship.cc Examining data/dballe-8.6/dballe/msg/wr_importers/synop.cc Examining data/dballe-8.6/dballe/msg/wr_importers/base.h Examining data/dballe-8.6/dballe/msg/bulletin.cc Examining data/dballe-8.6/dballe/msg/cursor.cc Examining data/dballe-8.6/dballe/msg/cursor-access.cc Examining data/dballe-8.6/dballe/msg/wr_codec.cc Examining data/dballe-8.6/dballe/msg/tests.h Examining data/dballe-8.6/dballe/msg/cursor.h Examining data/dballe-8.6/dballe/msg/wr_import-test.cc Examining data/dballe-8.6/dballe/msg/bulletin.h Examining data/dballe-8.6/dballe/msg/cursor-test.cc Examining data/dballe-8.6/dballe/msg/cursor-access.in.cc Examining data/dballe-8.6/dballe/msg/msg.cc Examining data/dballe-8.6/dballe/msg/msg.h Examining data/dballe-8.6/dballe/msg/bulletin-test.cc Examining data/dballe-8.6/dballe/msg/wr_codec_generic-test.cc Examining data/dballe-8.6/dballe/msg/msg-extravars.h Examining data/dballe-8.6/dballe/msg/wr_exporters/flight.cc Examining data/dballe-8.6/dballe/msg/wr_exporters/common.cc Examining data/dballe-8.6/dballe/msg/wr_exporters/generic.cc Examining data/dballe-8.6/dballe/msg/wr_exporters/pollution.cc Examining data/dballe-8.6/dballe/msg/wr_exporters/metar.cc Examining data/dballe-8.6/dballe/msg/wr_exporters/temp.cc Examining data/dballe-8.6/dballe/msg/wr_exporters/common.h Examining data/dballe-8.6/dballe/msg/wr_exporters/ship.cc Examining data/dballe-8.6/dballe/msg/wr_exporters/synop.cc Examining data/dballe-8.6/dballe/msg/wr_exporters/buoy.cc Examining data/dballe-8.6/dballe/msg/wr_codec-test.cc Examining data/dballe-8.6/dballe/msg/fwd.h Examining data/dballe-8.6/dballe/msg/msg-test.cc Examining data/dballe-8.6/dballe/msg/context.cc Examining data/dballe-8.6/dballe/msg/tests.cc Examining data/dballe-8.6/dballe/msg/wr_export-test.cc Examining data/dballe-8.6/dballe/msg/context.h Examining data/dballe-8.6/dballe/msg/wr_codec.h Examining data/dballe-8.6/dballe/values.h Examining data/dballe-8.6/dballe/db.h Examining data/dballe-8.6/dballe/value.cc Examining data/dballe-8.6/dballe/var.h Examining data/dballe-8.6/dballe/message.cc Examining data/dballe-8.6/dballe/data.cc Examining data/dballe-8.6/dballe/exporter.cc Examining data/dballe-8.6/dballe/data.h Examining data/dballe-8.6/dballe/exporter-test.cc Examining data/dballe-8.6/dballe/importer-test.cc Examining data/dballe-8.6/dballe/query-test.cc Examining data/dballe-8.6/dballe/exporter.h Examining data/dballe-8.6/dballe/fortran/commonapi.h Examining data/dballe-8.6/dballe/fortran/api.h Examining data/dballe-8.6/dballe/fortran/commonapi.cc Examining data/dballe-8.6/dballe/fortran/msgapi.cc Examining data/dballe-8.6/dballe/fortran/traced.cc Examining data/dballe-8.6/dballe/fortran/dbapi.h Examining data/dballe-8.6/dballe/fortran/api.cc Examining data/dballe-8.6/dballe/fortran/dbapi-test.cc Examining data/dballe-8.6/dballe/fortran/traced.h Examining data/dballe-8.6/dballe/fortran/enq.h Examining data/dballe-8.6/dballe/fortran/commonapi-access.in.cc Examining data/dballe-8.6/dballe/fortran/msgapi-test.cc Examining data/dballe-8.6/dballe/fortran/dbapi.cc Examining data/dballe-8.6/dballe/fortran/traced-test.cc Examining data/dballe-8.6/dballe/fortran/commonapi-test.cc Examining data/dballe-8.6/dballe/fortran/msgapi.h Examining data/dballe-8.6/dballe/fortran/commonapi-access.cc Examining data/dballe-8.6/dballe/fwd.h Examining data/dballe-8.6/dballe/importer.h Examining data/dballe-8.6/dballe/var.cc Examining data/dballe-8.6/dballe/values-test.cc Examining data/dballe-8.6/dballe/query.h Examining data/dballe-8.6/dballe/profile-main.cc Examining data/dballe-8.6/dballe/file.h Examining data/dballe-8.6/dballe/importer.cc Examining data/dballe-8.6/dballe/sql/sql.cc Examining data/dballe-8.6/dballe/sql/querybuf.h Examining data/dballe-8.6/dballe/sql/postgresql-test.cc Examining data/dballe-8.6/dballe/sql/sql.h Examining data/dballe-8.6/dballe/sql/mysql-test.cc Examining data/dballe-8.6/dballe/sql/mysql.cc Examining data/dballe-8.6/dballe/sql/mysql.h Examining data/dballe-8.6/dballe/sql/sqlite.h Examining data/dballe-8.6/dballe/sql/sqlite.cc Examining data/dballe-8.6/dballe/sql/postgresql.h Examining data/dballe-8.6/dballe/sql/sqlite-test.cc Examining data/dballe-8.6/dballe/sql/querybuf-test.cc Examining data/dballe-8.6/dballe/sql/fwd.h Examining data/dballe-8.6/dballe/sql/querybuf.cc Examining data/dballe-8.6/dballe/sql/postgresql.cc Examining data/dballe-8.6/dballe/var-test.cc Examining data/dballe-8.6/dballe/file-test.cc Examining data/dballe-8.6/dballe/message.h Examining data/dballe-8.6/python/file.cc Examining data/dballe-8.6/python/common.cc Examining data/dballe-8.6/python/types.cc Examining data/dballe-8.6/python/cursor.cc Examining data/dballe-8.6/python/db.cc Examining data/dballe-8.6/python/data-access.in.cc Examining data/dballe-8.6/python/explorer.cc Examining data/dballe-8.6/python/types.h Examining data/dballe-8.6/python/cursor.h Examining data/dballe-8.6/python/query-access.cc Examining data/dballe-8.6/python/data-access.cc Examining data/dballe-8.6/python/db.h Examining data/dballe-8.6/python/message.cc Examining data/dballe-8.6/python/utils/values.cc Examining data/dballe-8.6/python/utils/type.h Examining data/dballe-8.6/python/utils/wreport.h Examining data/dballe-8.6/python/utils/dict.h Examining data/dballe-8.6/python/utils/core.cc Examining data/dballe-8.6/python/utils/values.h Examining data/dballe-8.6/python/utils/core.h Examining data/dballe-8.6/python/utils/methods.cc Examining data/dballe-8.6/python/utils/wreport.cc Examining data/dballe-8.6/python/utils/methods.h Examining data/dballe-8.6/python/data.cc Examining data/dballe-8.6/python/exporter.cc Examining data/dballe-8.6/python/data.h Examining data/dballe-8.6/python/enq.h Examining data/dballe-8.6/python/binarymessage.cc Examining data/dballe-8.6/python/common.h Examining data/dballe-8.6/python/exporter.h Examining data/dballe-8.6/python/importer.h Examining data/dballe-8.6/python/explorer.h Examining data/dballe-8.6/python/file.h Examining data/dballe-8.6/python/importer.cc Examining data/dballe-8.6/python/binarymessage.h Examining data/dballe-8.6/python/dballe.cc Examining data/dballe-8.6/python/message.h Examining data/dballe-8.6/python/query-access.in.cc Examining data/dballe-8.6/fortran/error.h Examining data/dballe-8.6/fortran/error.cc Examining data/dballe-8.6/fortran/dballeff.h Examining data/dballe-8.6/fortran/check-utils.h Examining data/dballe-8.6/fortran/binding.cc Examining data/dballe-8.6/fortran/handles.h Examining data/dballe-8.6/fortran/dballef.h FINAL RESULTS: data/dballe-8.6/dballe/cmdline/cmdline.cc:189:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, 512, fmt, ap); data/dballe-8.6/dballe/cmdline/cmdline.cc:201:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/dballe-8.6/dballe/core/trace.h:16:20: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TRACE(...) fprintf(stderr, __VA_ARGS__) data/dballe-8.6/dballe/core/vasprintf.h:83:12: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. return vsprintf (*result, format, args);} data/dballe-8.6/dballe/db/v7/mysql/levtr.cc:117:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(query, 512, R"( data/dballe-8.6/dballe/fortran/traced.cc:95:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(trace_file, std::forward<Args>(args)...); data/dballe-8.6/dballe/msg/wr_importers/temp.cc:16:27: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define debug_groups(...) fprintf(stderr, "grpmatch:" __VA_ARGS__) data/dballe-8.6/dballe/sql/mysql.cc:12:26: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define trace_query(...) fprintf(stderr, "mysql:" __VA_ARGS__) data/dballe-8.6/dballe/sql/mysql.cc:44:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, 512, fmt, ap); data/dballe-8.6/dballe/sql/postgresql.cc:169:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, 512, fmt, ap); data/dballe-8.6/dballe/sql/postgresql.cc:182:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, 512, fmt, ap); data/dballe-8.6/dballe/sql/querybuf.h:57:59: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void appendf(const char* fmt, ...) __attribute__((format(printf, 2, 3))); data/dballe-8.6/dballe/sql/querybuf.h:78:67: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void append_listf(const char* fmt, ...) __attribute__((format(printf, 2, 3))); data/dballe-8.6/dballe/sql/sql.h:23:20: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TRACE(...) fprintf(stderr, __VA_ARGS__) data/dballe-8.6/dballe/sql/sqlite.cc:68:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, 512, fmt, ap); data/dballe-8.6/src/dbamsg.cc:732:14: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE* out = popen(op_bisect_cmd, "w"); data/dballe-8.6/src/dbamsg.cc:771:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, fails ? "fail.\n" : "ok.\n"); data/dballe-8.6/dballe/core/file.cc:51:34: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* testdatadirenv = getenv("DBA_TESTDATA"); data/dballe-8.6/dballe/core/structbuf.cc:33:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* tmpdir = getenv("TMPDIR"); data/dballe-8.6/dballe/core/structbuf.cc:39:29: [3] (tmpfile) tmpnam: Temporary file race condition (CWE-377). int fd = mkstemp((char*)tmpnam.c_str()); data/dballe-8.6/dballe/core/structbuf.cc:43:16: [3] (tmpfile) tmpnam: Temporary file race condition (CWE-377). if (unlink(tmpnam.c_str()) == -1) data/dballe-8.6/dballe/core/tests.cc:174:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* testdatadirenv = getenv("DBA_TESTDATA"); data/dballe-8.6/dballe/db.cc:44:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* envurl = getenv("DBA_DB"); data/dballe-8.6/dballe/db.cc:61:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* envurl = getenv(envname.c_str()); data/dballe-8.6/dballe/db/db-basic-test.cc:62:34: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. f.tr->update_repinfo((string(getenv("DBA_TESTDATA")) + "/test-repinfo1.csv").c_str(), &added, &deleted, &updated); data/dballe-8.6/dballe/db/db.cc:83:35: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* format_override = getenv("DBA_DB_FORMAT"); data/dballe-8.6/dballe/db/db.cc:140:32: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* repinfo_file = getenv("DBA_REPINFO"); data/dballe-8.6/dballe/db/tests.cc:147:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return getenv(envname.c_str()) != NULL; data/dballe-8.6/dballe/db/tests.cc:159:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (db && getenv("PAUSE") == nullptr) data/dballe-8.6/dballe/db/v7/db.cc:33:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("DBA_EXPLAIN") != NULL) data/dballe-8.6/dballe/db/v7/db.cc:36:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (const char* logdir = getenv("DBA_PROFILE")) data/dballe-8.6/dballe/db/v7/repinfo-test.cc:57:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ri.update((string(getenv("DBA_TESTDATA")) + "/test-repinfo1.csv").c_str(), &added, &deleted, &updated); data/dballe-8.6/dballe/db/v7/repinfo-test.cc:73:39: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. wassert(ri.update((string(getenv("DBA_TESTDATA")) + "/test-repinfo2.csv").c_str(), &added, &deleted, &updated)); data/dballe-8.6/dballe/fortran/traced.cc:296:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* tracefile = getenv("DBALLE_TRACE_FORTRAN"); data/dballe-8.6/dballe/fortran/traced.cc:297:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!tracefile) tracefile = getenv("DBA_FORTRAN_TRACE"); data/dballe-8.6/dballe/sql/mysql.cc:269:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* envurl = getenv("DBA_DB_MYSQL"); data/dballe-8.6/dballe/sql/postgresql.cc:208:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char* envurl = getenv("DBA_DB_POSTGRESQL"); data/dballe-8.6/dballe/sql/sqlite.cc:134:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("DBA_INSECURE_SQLITE") != NULL) data/dballe-8.6/dballe/sql/sqlite.cc:137:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("DBA_PROFILE") != nullptr) data/dballe-8.6/dballe/tests-main.cc:30:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. bool verbose = (bool)getenv("TEST_VERBOSE"); data/dballe-8.6/dballe/tests-main.cc:37:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (const char* whitelist = getenv("TEST_WHITELIST")) data/dballe-8.6/dballe/tests-main.cc:40:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (const char* blacklist = getenv("TEST_BLACKLIST")) data/dballe-8.6/fortran/binding.cc:160:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. url = getenv("DBA_DB"); data/dballe-8.6/src/dbadb.cc:70:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. chosen_url = getenv("DBA_DB"); data/dballe-8.6/dballe/cmdline/cmdline.cc:185:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/dballe-8.6/dballe/cmdline/processor.cc:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/dballe-8.6/dballe/core/benchmark.cc:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/dballe-8.6/dballe/core/csv.cc:68:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(pathname); data/dballe-8.6/dballe/core/csv.cc:72:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void CSVReader::open(const std::string& pathname) data/dballe-8.6/dballe/core/csv.cc:272:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[2000]; data/dballe-8.6/dballe/core/csv.cc:335:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer_[BUFFER_SIZE]; data/dballe-8.6/dballe/core/csv.h:78:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const std::string& pathname); data/dballe-8.6/dballe/core/shortcuts.cc:14:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[7]; data/dballe-8.6/dballe/core/structbuf.cc:39:14: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). int fd = mkstemp((char*)tmpnam.c_str()); data/dballe-8.6/dballe/core/var-test.cc:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[7]; data/dballe-8.6/dballe/core/vasprintf.h:19:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((void *)&ap, (void *)&args, sizeof (va_list)); data/dballe-8.6/dballe/db/db-query-data-test.cc:111:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[20]; data/dballe-8.6/dballe/db/summary.cc:64:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[7]; data/dballe-8.6/dballe/db/summary.cc:555:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[7]; data/dballe-8.6/dballe/db/v7/mysql/data.cc:43:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[128]; data/dballe-8.6/dballe/db/v7/mysql/data.cc:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[128]; data/dballe-8.6/dballe/db/v7/mysql/data.cc:123:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/mysql/data.cc:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strquery[128]; data/dballe-8.6/dballe/db/v7/mysql/data.cc:268:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strquery[128]; data/dballe-8.6/dballe/db/v7/mysql/levtr.cc:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[128]; data/dballe-8.6/dballe/db/v7/mysql/levtr.cc:116:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[512]; data/dballe-8.6/dballe/db/v7/mysql/repinfo.cc:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/mysql/repinfo.cc:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/postgresql/data.cc:43:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/postgresql/data.cc:61:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/postgresql/data.cc:77:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/postgresql/data.cc:111:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/postgresql/data.cc:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/postgresql/data.cc:235:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lead[64]; data/dballe-8.6/dballe/db/v7/postgresql/data.cc:376:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val_lead[64]; data/dballe-8.6/dballe/db/v7/qbuilder.cc:76:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(value, "%d", info->encode_decimal(dval)); data/dballe-8.6/dballe/db/v7/qbuilder.cc:88:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char oper[5]; data/dballe-8.6/dballe/db/v7/qbuilder.cc:89:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char value[255]; data/dballe-8.6/dballe/db/v7/qbuilder.cc:90:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char value1[255]; data/dballe-8.6/dballe/db/v7/qbuilder.cc:128:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oper, filter.c_str() + matches[2].rm_so, len); data/dballe-8.6/dballe/db/v7/repinfo.cc:29:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lc_memo[20]; data/dballe-8.6/dballe/db/v7/repinfo.cc:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lc_memo[20]; data/dballe-8.6/dballe/db/v7/repinfo.cc:191:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* in = fopen(deffile, "r"); data/dballe-8.6/dballe/db/v7/sqlite/data.cc:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/sqlite/data.cc:54:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/sqlite/data.cc:71:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/sqlite/data.cc:87:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/sqlite/data.cc:113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/sqlite/data.cc:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[64]; data/dballe-8.6/dballe/db/v7/trace.cc:25:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* in = fopen("/proc/self/cmdline", "rb"); data/dballe-8.6/dballe/db/v7/trace.cc:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/dballe-8.6/dballe/db/v7/trace.cc:62:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/dballe-8.6/dballe/db/v7/trace.cc:259:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(fname.c_str(), "wt"); data/dballe-8.6/dballe/db/v7/transaction.cc:273:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/dballe-8.6/dballe/db/v7/transaction.cc:289:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/dballe-8.6/dballe/exporter.cc:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/dballe-8.6/dballe/file.cc:47:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fp = fopen(pathname.c_str(), mode); data/dballe-8.6/dballe/file.cc:55:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fp = fopen(pathname.c_str(), mode); data/dballe-8.6/dballe/fortran/api.cc:51:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char digits[201] = data/dballe-8.6/dballe/fortran/api.cc:117:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, str, len); data/dballe-8.6/dballe/fortran/api.cc:140:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, str.data(), len); data/dballe-8.6/dballe/fortran/api.cc:151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[len]; data/dballe-8.6/dballe/fortran/commonapi.cc:411:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/dballe-8.6/dballe/fortran/commonapi.cc:455:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char parm[10] = "*"; data/dballe-8.6/dballe/fortran/dbapi-test.cc:247:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[4]; data/dballe-8.6/dballe/fortran/dbapi-test.cc:1190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sres[1]; data/dballe-8.6/dballe/fortran/enq.h:59:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[7]; data/dballe-8.6/dballe/fortran/msgapi-test.cc:41:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen("test-simple-concat.bufr", "w"); data/dballe-8.6/dballe/fortran/msgapi-test.cc:57:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen("test-simple-concat.bufr", "w"); data/dballe-8.6/dballe/fortran/msgapi-test.cc:71:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen("test-simple-concat.bufr", "w"); data/dballe-8.6/dballe/fortran/traced.cc:48:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). trace_file = fopen(fname.c_str(), "at"); data/dballe-8.6/dballe/fortran/traced.cc:57:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trace_tag[16]; data/dballe-8.6/dballe/msg/bulletin.cc:95:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/dballe-8.6/dballe/msg/tests.cc:135:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out1 = fopen(fname1.c_str(), "w"); data/dballe-8.6/dballe/msg/tests.cc:136:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out2 = fopen(fname2.c_str(), "w"); data/dballe-8.6/dballe/msg/tests.cc:182:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(fname.c_str(), "w"); data/dballe-8.6/dballe/msg/tests.cc:195:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(fname.c_str(), "w"); data/dballe-8.6/dballe/msg/tests.cc:208:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(fname.c_str(), "w"); data/dballe-8.6/dballe/msg/tests.cc:217:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(fname1.c_str(), "w"); data/dballe-8.6/dballe/msg/tests.cc:230:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(fname.c_str(), "w"); data/dballe-8.6/dballe/msg/tests.cc:239:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(fname.c_str(), "w"); data/dballe-8.6/dballe/msg/tests.cc:468:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[21]; data/dballe-8.6/dballe/msg/tests.cc:589:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(fname.c_str(), "w"); data/dballe-8.6/dballe/msg/tests.cc:597:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out = fopen(fname.c_str(), "w"); data/dballe-8.6/dballe/msg/tests.cc:604:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(fname.c_str(), "w"); data/dballe-8.6/dballe/msg/wr_export-test.cc:494:38: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out1 = fopen("/tmp/msg1.txt", "w"); data/dballe-8.6/dballe/msg/wr_export-test.cc:495:38: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* out2 = fopen("/tmp/msg2.txt", "w"); data/dballe-8.6/dballe/sql/mysql-test.cc:201:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/dballe-8.6/dballe/sql/mysql.cc:39:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/dballe-8.6/dballe/sql/mysql.cc:234:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void MySQLConnection::open(const mysql::ConnectInfo& info) data/dballe-8.6/dballe/sql/mysql.cc:264:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(info); data/dballe-8.6/dballe/sql/mysql.h:138:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const mysql::ConnectInfo& info); data/dballe-8.6/dballe/sql/postgresql.cc:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/dballe-8.6/dballe/sql/postgresql.cc:177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/dballe-8.6/dballe/sql/postgresql.cc:267:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/dballe-8.6/dballe/sql/postgresql.cc:304:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[256]; data/dballe-8.6/dballe/sql/querybuf.cc:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/dballe-8.6/dballe/sql/querybuf.h:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char list_sep[10]; data/dballe-8.6/dballe/sql/sqlite-test.cc:83:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/dballe-8.6/dballe/sql/sqlite-test.cc:103:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/dballe-8.6/dballe/sql/sqlite.cc:63:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/dballe-8.6/dballe/types.cc:172:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/dballe-8.6/dballe/types.cc:268:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/dballe-8.6/dballe/types.cc:519:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/dballe-8.6/dballe/types.cc:528:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/dballe-8.6/dballe/types.cc:1069:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/dballe-8.6/dballe/types.cc:1287:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[bufsize]; data/dballe-8.6/dballe/types.cc:1339:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/dballe-8.6/dballe/value.cc:111:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bcode[7]; data/dballe-8.6/dballe/value.cc:124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bcode[7]; data/dballe-8.6/fortran/binding.cc:1092:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8]; data/dballe-8.6/fortran/error.cc:36:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char last_err_msg[1024]; data/dballe-8.6/python/cursor.cc:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bcode[7]; data/dballe-8.6/python/enq.h:55:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[7]; data/dballe-8.6/python/enq.h:128:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[7]; data/dballe-8.6/python/enq.h:138:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[15]; data/dballe-8.6/python/enq.h:148:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[15]; data/dballe-8.6/python/enq.h:212:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[7]; data/dballe-8.6/python/types.cc:789:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[7]; data/dballe-8.6/python/types.cc:1062:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/dballe-8.6/python/types.cc:1081:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/dballe-8.6/python/types.cc:1288:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bcode[7]; data/dballe-8.6/src/dbamsg.cc:436:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/dballe-8.6/src/dbamsg.cc:1037:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[1000]; data/dballe-8.6/src/dbamsg.cc:1225:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(filename, "r"); data/dballe-8.6/dballe/cmdline/cmdline.cc:214:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(type) >= 1) { data/dballe-8.6/dballe/cmdline/dbadb.cc:105:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader.read(fnames, importer); data/dballe-8.6/dballe/cmdline/processor-test.cc:81:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader.read({dballe::tests::datafile("/json/issue134.json")}, action); data/dballe-8.6/dballe/cmdline/processor-test.cc:133:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader.read({dballe::tests::datafile("/json/issue77.json")}, action); data/dballe-8.6/dballe/cmdline/processor.cc:821:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (BinaryMessage bm = file->read()) data/dballe-8.6/dballe/cmdline/processor.cc:878:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void Reader::read(const std::list<std::string>& fnames, Action& action) data/dballe-8.6/dballe/cmdline/processor.h:198:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(const std::list<std::string>& fnames, Action& action); data/dballe-8.6/dballe/core/aliases.cc:146:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). struct aliasdef* res = VarcodeAliases::find(alias, strlen(alias)); data/dballe-8.6/dballe/core/arrayfile.cc:28:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage ArrayFile::read() data/dballe-8.6/dballe/core/arrayfile.h:29:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage read() override; data/dballe-8.6/dballe/core/file.cc:37:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (auto bm = read()) data/dballe-8.6/dballe/core/file.cc:61:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage BufrFile::read() data/dballe-8.6/dballe/core/file.cc:66:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (BufrBulletin::read(fd, res.data, m_name.c_str(), &res.offset)) data/dballe-8.6/dballe/core/file.cc:82:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage CrexFile::read() data/dballe-8.6/dballe/core/file.cc:87:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (CrexBulletin::read(fd, res.data, m_name.c_str(), &res.offset)) data/dballe-8.6/dballe/core/file.h:57:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage read() override; data/dballe-8.6/dballe/core/file.h:68:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage read() override; data/dballe-8.6/dballe/core/shortcuts.cc:9:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const Shortcut& Shortcut::by_name(const char* name) { return by_name(name, strlen(name)); } data/dballe-8.6/dballe/core/tests.cc:187:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage res = f->read(); data/dballe-8.6/dballe/core/vasprintf.h:16:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int total_width = strlen (format) + 1; data/dballe-8.6/dballe/core/vasprintf.h:71:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_width += strlen (va_arg (ap, char *)); data/dballe-8.6/dballe/db/v7/export.cc:33:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(v7::Transaction& tr, int id_station) data/dballe-8.6/dballe/db/v7/export.cc:163:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). station_values.read(*this, r.first); data/dballe-8.6/dballe/db/v7/trace.cc:30:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(in)) != EOF) data/dballe-8.6/dballe/file-test.cc:32:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage msg = wcallchecked(file->read()); data/dballe-8.6/dballe/file-test.cc:38:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). wassert_throws(wreport::error_consistency, file->read()); data/dballe-8.6/dballe/file-test.cc:43:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage msg = wcallchecked(file->read()); data/dballe-8.6/dballe/file-test.cc:49:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). wassert_throws(wreport::error_consistency, file->read()); data/dballe-8.6/dballe/file.cc:87:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = getc(stream); data/dballe-8.6/dballe/file.h:40:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual BinaryMessage read() = 0; data/dballe-8.6/dballe/fortran/api.cc:114:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/dballe-8.6/dballe/fortran/commonapi.cc:242:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!_seti(param, strlen(param), value)) data/dballe-8.6/dballe/fortran/commonapi.cc:263:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!_setd(param, strlen(param), value)) data/dballe-8.6/dballe/fortran/commonapi.cc:300:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!_setc(param, strlen(param), value)) data/dballe-8.6/dballe/fortran/commonapi.cc:369:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!_unset(param, strlen(param))) data/dballe-8.6/dballe/fortran/commonapi.h:97:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). impl::Enqi enq(param, strlen(param)); data/dballe-8.6/dballe/fortran/commonapi.h:107:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). impl::Enqd enq(param, strlen(param)); data/dballe-8.6/dballe/fortran/commonapi.h:117:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Enqc enq(param, strlen(param), res, res_len); data/dballe-8.6/dballe/fortran/dbapi.cc:56:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage rmsg = input->read(); data/dballe-8.6/dballe/fortran/msgapi.cc:360:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (BinaryMessage raw = file->read()) data/dballe-8.6/dballe/msg/tests.cc:469:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, val, 20); data/dballe-8.6/dballe/sql/mysql.cc:288:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t str_len = strlen(str); data/dballe-8.6/dballe/sql/postgresql.cc:467:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* escaped = PQescapeLiteral(db, str, strlen(str)); data/dballe-8.6/dballe/sql/querybuf.cc:33:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(list_sep, sep, 10); data/dballe-8.6/dballe/types.cc:1506:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res += strlen(ident.get()); data/dballe-8.6/dballe/values-test.cc:31:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wassert(actual(encoded.size()) == (14 + strlen("Test string value") + 1)); data/dballe-8.6/fortran/error.cc:55:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(last_err_msg, e.what(), 1023); data/dballe-8.6/python/db.cc:873:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (auto binmsg = impf->file->file->file().read()) data/dballe-8.6/python/explorer.cc:642:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (auto binmsg = impf->file->file->file().read()) data/dballe-8.6/python/file.cc:307:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (BinaryMessage msg = self->file->file().read()) data/dballe-8.6/python/importer.cc:96:61: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage binmsg = self->file->file->file().read(); data/dballe-8.6/src/dbamsg.cc:571:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader.read(get_filenames(optCon), s); data/dballe-8.6/src/dbamsg.cc:607:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader.read(get_filenames(optCon), head); data/dballe-8.6/src/dbamsg.cc:678:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader.read(get_filenames(optCon), *action); data/dballe-8.6/src/dbamsg.cc:714:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader.read(get_filenames(optCon), wraw); data/dballe-8.6/src/dbamsg.cc:948:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader.read(get_filenames(optCon), conv); data/dballe-8.6/src/dbamsg.cc:1010:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage msg1 = file1->read(); data/dballe-8.6/src/dbamsg.cc:1011:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). BinaryMessage msg2 = file2->read(); data/dballe-8.6/src/dbamsg.cc:1066:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(*value); ANALYSIS SUMMARY: Hits = 224 Lines analyzed = 77594 in approximately 2.11 seconds (36801 lines/second) Physical Source Lines of Code (SLOC) = 59449 Hits@level = [0] 413 [1] 59 [2] 121 [3] 27 [4] 17 [5] 0 Hits@level+ = [0+] 637 [1+] 224 [2+] 165 [3+] 44 [4+] 17 [5+] 0 Hits/KSLOC@level+ = [0+] 10.7151 [1+] 3.76794 [2+] 2.77549 [3+] 0.74013 [4+] 0.285959 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.