Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/facter-3.14.12/exe/facter.cc
Examining data/facter-3.14.12/lib/inc/facter/cwrapper.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/array_value.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/base_resolver.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/external/resolver.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/external_resolvers_factory.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/fact.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/map_value.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/os.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/os_family.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/resolver.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/scalar_value.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/value.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/vm.hpp
Examining data/facter-3.14.12/lib/inc/facter/facts/collection.hpp
Examining data/facter-3.14.12/lib/inc/facter/logging/logging.hpp
Examining data/facter-3.14.12/lib/inc/facter/ruby/ruby.hpp
Examining data/facter-3.14.12/lib/inc/facter/util/config.hpp
Examining data/facter-3.14.12/lib/inc/facter/util/string.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/aix/disk_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/aix/filesystem_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/aix/kernel_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/aix/load_average_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/aix/memory_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/aix/networking_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/aix/nim_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/aix/operating_system_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/aix/processor_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/aix/serial_number_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/bsd/filesystem_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/bsd/networking_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/bsd/uptime_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/cache.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/external/execution_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/external/json_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/external/text_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/external/windows/powershell_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/external/yaml_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/freebsd/disk_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/freebsd/dmi_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/freebsd/filesystem_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/freebsd/memory_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/freebsd/networking_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/freebsd/operating_system_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/freebsd/processor_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/freebsd/virtualization_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/freebsd/zfs_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/freebsd/zpool_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/glib/load_average_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/disk_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/dmi_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/filesystem_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/fips_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/kernel_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/memory_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/networking_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/operating_system_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/os_cisco.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/os_linux.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/os_osrelease.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/processor_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/release_file.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/uptime_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/linux/virtualization_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/openbsd/dmi_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/openbsd/memory_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/openbsd/networking_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/openbsd/processor_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/openbsd/virtualization_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/osx/dmi_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/osx/memory_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/osx/networking_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/osx/operating_system_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/osx/processor_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/osx/system_profiler_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/osx/virtualization_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/posix/identity_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/posix/kernel_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/posix/networking_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/posix/operating_system_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/posix/processor_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/posix/timezone_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/posix/uptime_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/posix/xen_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/augeas_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/disk_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/dmi_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/ec2_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/filesystem_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/fips_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/gce_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/hypervisors_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/identity_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/kernel_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/ldom_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/load_average_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/memory_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/networking_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/operating_system_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/path_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/processor_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/ruby_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/ssh_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/system_profiler_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/timezone_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/uptime_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/virtualization_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/xen_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/zfs_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/zone_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/resolvers/zpool_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/disk_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/dmi_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/filesystem_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/kernel_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/ldom_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/memory_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/networking_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/operating_system_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/processor_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/virtualization_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/zfs_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/zone_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/solaris/zpool_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/ssh_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/windows/dmi_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/windows/fips_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/windows/identity_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/windows/kernel_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/windows/memory_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/windows/networking_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/windows/operating_system_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/windows/processor_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/windows/timezone_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/windows/uptime_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/facts/windows/virtualization_resolver.hpp
Examining data/facter-3.14.12/lib/inc/internal/ruby/aggregate_resolution.hpp
Examining data/facter-3.14.12/lib/inc/internal/ruby/chunk.hpp
Examining data/facter-3.14.12/lib/inc/internal/ruby/confine.hpp
Examining data/facter-3.14.12/lib/inc/internal/ruby/fact.hpp
Examining data/facter-3.14.12/lib/inc/internal/ruby/module.hpp
Examining data/facter-3.14.12/lib/inc/internal/ruby/resolution.hpp
Examining data/facter-3.14.12/lib/inc/internal/ruby/ruby_value.hpp
Examining data/facter-3.14.12/lib/inc/internal/ruby/simple_resolution.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/agent.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/aix/odm.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/aix/vmount.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/bsd/scoped_ifaddrs.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/freebsd/geom.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/posix/scoped_addrinfo.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/posix/scoped_descriptor.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/posix/utmpx_file.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/scoped_bio.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/scoped_file.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/solaris/k_stat.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/solaris/scoped_kstat.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/versions.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/windows/wsa.hpp
Examining data/facter-3.14.12/lib/inc/internal/util/yaml.hpp
Examining data/facter-3.14.12/lib/src/cwrapper.cc
Examining data/facter-3.14.12/lib/src/facts/aix/collection.cc
Examining data/facter-3.14.12/lib/src/facts/aix/disk_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/aix/filesystem_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/aix/kernel_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/aix/load_average_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/aix/memory_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/aix/networking_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/aix/nim_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/aix/operating_system_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/aix/processor_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/aix/serial_number_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/array_value.cc
Examining data/facter-3.14.12/lib/src/facts/bsd/collection.cc
Examining data/facter-3.14.12/lib/src/facts/bsd/filesystem_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/bsd/networking_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/bsd/uptime_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/cache.cc
Examining data/facter-3.14.12/lib/src/facts/collection.cc
Examining data/facter-3.14.12/lib/src/facts/external/execution_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/external/resolver.cc
Examining data/facter-3.14.12/lib/src/facts/external/text_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/external/windows/powershell_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/external/yaml_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/external/json_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/external_resolvers_factory.cc
Examining data/facter-3.14.12/lib/src/facts/freebsd/collection.cc
Examining data/facter-3.14.12/lib/src/facts/freebsd/disk_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/freebsd/dmi_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/freebsd/filesystem_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/freebsd/memory_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/freebsd/networking_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/freebsd/operating_system_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/freebsd/processor_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/freebsd/virtualization_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/freebsd/zfs_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/freebsd/zpool_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/glib/load_average_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/linux/collection.cc
Examining data/facter-3.14.12/lib/src/facts/linux/disk_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/linux/filesystem_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/linux/fips_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/linux/kernel_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/linux/memory_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/linux/networking_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/linux/operating_system_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/linux/os_linux.cc
Examining data/facter-3.14.12/lib/src/facts/linux/processor_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/linux/uptime_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/linux/virtualization_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/map_value.cc
Examining data/facter-3.14.12/lib/src/facts/openbsd/collection.cc
Examining data/facter-3.14.12/lib/src/facts/openbsd/dmi_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/openbsd/memory_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/openbsd/networking_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/openbsd/processor_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/openbsd/virtualization_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/osx/collection.cc
Examining data/facter-3.14.12/lib/src/facts/osx/dmi_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/osx/memory_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/osx/networking_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/osx/operating_system_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/osx/processor_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/osx/system_profiler_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/osx/virtualization_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/posix/cache.cc
Examining data/facter-3.14.12/lib/src/facts/posix/collection.cc
Examining data/facter-3.14.12/lib/src/facts/posix/external_resolvers_factory.cc
Examining data/facter-3.14.12/lib/src/facts/posix/identity_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/posix/kernel_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/posix/networking_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/posix/operatingsystem_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/posix/processor_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/posix/ssh_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/posix/timezone_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/posix/uptime_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/posix/xen_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/augeas_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/disk_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/dmi_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/ec2_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/filesystem_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/fips_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/hypervisors_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/identity_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/kernel_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/ldom_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/load_average_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/memory_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/networking_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/operating_system_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/path_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/processor_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/ruby_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/ssh_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/system_profiler_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/timezone_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/uptime_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/virtualization_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/xen_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/zfs_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/zone_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/zpool_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/resolvers/gce_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/scalar_value.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/collection.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/disk_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/dmi_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/filesystem_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/kernel_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/ldom_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/memory_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/networking_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/operating_system_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/processor_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/virtualization_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/zfs_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/zone_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/solaris/zpool_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/cache.cc
Examining data/facter-3.14.12/lib/src/facts/windows/collection.cc
Examining data/facter-3.14.12/lib/src/facts/windows/dmi_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/external_resolvers_factory.cc
Examining data/facter-3.14.12/lib/src/facts/windows/fips_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/identity_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/kernel_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/memory_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/networking_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/operating_system_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/processor_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/ssh_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/timezone_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/uptime_resolver.cc
Examining data/facter-3.14.12/lib/src/facts/windows/virtualization_resolver.cc
Examining data/facter-3.14.12/lib/src/java/facter.cc
Examining data/facter-3.14.12/lib/src/logging/logging.cc
Examining data/facter-3.14.12/lib/src/ruby/aggregate_resolution.cc
Examining data/facter-3.14.12/lib/src/ruby/chunk.cc
Examining data/facter-3.14.12/lib/src/ruby/confine.cc
Examining data/facter-3.14.12/lib/src/ruby/fact.cc
Examining data/facter-3.14.12/lib/src/ruby/module.cc
Examining data/facter-3.14.12/lib/src/ruby/resolution.cc
Examining data/facter-3.14.12/lib/src/ruby/ruby.cc
Examining data/facter-3.14.12/lib/src/ruby/ruby_value.cc
Examining data/facter-3.14.12/lib/src/ruby/simple_resolution.cc
Examining data/facter-3.14.12/lib/src/util/bsd/scoped_ifaddrs.cc
Examining data/facter-3.14.12/lib/src/util/config/config.cc
Examining data/facter-3.14.12/lib/src/util/config/posix/config.cc
Examining data/facter-3.14.12/lib/src/util/config/windows/config.cc
Examining data/facter-3.14.12/lib/src/util/freebsd/geom.cc
Examining data/facter-3.14.12/lib/src/util/posix/scoped_addrinfo.cc
Examining data/facter-3.14.12/lib/src/util/posix/scoped_descriptor.cc
Examining data/facter-3.14.12/lib/src/util/posix/utmpx_file.cc
Examining data/facter-3.14.12/lib/src/util/scoped_bio.cc
Examining data/facter-3.14.12/lib/src/util/scoped_file.cc
Examining data/facter-3.14.12/lib/src/util/solaris/k_stat.cc
Examining data/facter-3.14.12/lib/src/util/solaris/scoped_kstat.cc
Examining data/facter-3.14.12/lib/src/util/string.cc
Examining data/facter-3.14.12/lib/src/util/windows/wsa.cc
Examining data/facter-3.14.12/lib/src/util/yaml.cc
Examining data/facter-3.14.12/lib/tests/collection_fixture.cc
Examining data/facter-3.14.12/lib/tests/collection_fixture.hpp
Examining data/facter-3.14.12/lib/tests/cwrapper.cc
Examining data/facter-3.14.12/lib/tests/facts/array_value.cc
Examining data/facter-3.14.12/lib/tests/facts/boolean_value.cc
Examining data/facter-3.14.12/lib/tests/facts/cache.cc
Examining data/facter-3.14.12/lib/tests/facts/collection.cc
Examining data/facter-3.14.12/lib/tests/facts/external/json_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/external/posix/execution_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/external/text_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/external/windows/execution_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/external/windows/powershell_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/external/yaml_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/external_resolvers_factory.cc
Examining data/facter-3.14.12/lib/tests/facts/integer_value.cc
Examining data/facter-3.14.12/lib/tests/facts/linux/dmi_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/linux/filesystem_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/linux/processor_fixture.cc
Examining data/facter-3.14.12/lib/tests/facts/linux/processor_fixture.hpp
Examining data/facter-3.14.12/lib/tests/facts/linux/processor_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/linux/virtualization_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/map_value.cc
Examining data/facter-3.14.12/lib/tests/facts/posix/collection.cc
Examining data/facter-3.14.12/lib/tests/facts/posix/external_resolvers_factory.cc
Examining data/facter-3.14.12/lib/tests/facts/posix/uptime_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/augeas_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/disk_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/dmi_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/filesystem_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/identity_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/kernel_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/ldom_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/memory_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/networking_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/operating_system_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/processor_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/ruby_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/ssh_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/system_profiler_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/timezone_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/uptime_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/virtualization_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/xen_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/zfs_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/zone_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/resolvers/zpool_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/schema.cc
Examining data/facter-3.14.12/lib/tests/facts/string_value.cc
Examining data/facter-3.14.12/lib/tests/facts/windows/collection.cc
Examining data/facter-3.14.12/lib/tests/facts/windows/external_resolvers_factory.cc
Examining data/facter-3.14.12/lib/tests/facts/windows/networking_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/windows/operating_system_resolver.cc
Examining data/facter-3.14.12/lib/tests/facts/double_value.cc
Examining data/facter-3.14.12/lib/tests/fixtures.cc
Examining data/facter-3.14.12/lib/tests/java/facter.cc
Examining data/facter-3.14.12/lib/tests/log_capture.cc
Examining data/facter-3.14.12/lib/tests/log_capture.hpp
Examining data/facter-3.14.12/lib/tests/logging/logging.cc
Examining data/facter-3.14.12/lib/tests/main.cc
Examining data/facter-3.14.12/lib/tests/mock_server.cc
Examining data/facter-3.14.12/lib/tests/mock_server.hpp
Examining data/facter-3.14.12/lib/tests/ruby/ruby.cc
Examining data/facter-3.14.12/lib/tests/ruby/ruby_dirfacts.cc
Examining data/facter-3.14.12/lib/tests/ruby/ruby_helper.cc
Examining data/facter-3.14.12/lib/tests/ruby/ruby_helper.hpp
Examining data/facter-3.14.12/lib/tests/ruby/windows/ruby.cc
Examining data/facter-3.14.12/lib/tests/util/bsd/scoped_ifaddrs.cc
Examining data/facter-3.14.12/lib/tests/util/posix/scoped_addrinfo.cc
Examining data/facter-3.14.12/lib/tests/util/posix/scoped_descriptor.cc
Examining data/facter-3.14.12/lib/tests/util/scoped_bio.cc
Examining data/facter-3.14.12/lib/tests/util/string.cc
FINAL RESULTS:
data/facter-3.14.12/lib/src/facts/cache.cc:30:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/facter-3.14.12/lib/src/facts/collection.cc:156:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/facter-3.14.12/lib/src/facts/linux/disk_resolver.cc:31:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/facter-3.14.12/lib/src/facts/linux/disk_resolver.cc:50:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:15:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
namespace bs = boost::system;
data/facter-3.14.12/lib/src/facts/linux/filesystem_resolver.cc:23:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
namespace sys = boost::system;
data/facter-3.14.12/lib/src/facts/linux/operating_system_resolver.cc:38:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/facter-3.14.12/lib/src/facts/linux/os_linux.cc:17:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
namespace bs = boost::system;
data/facter-3.14.12/lib/src/facts/linux/virtualization_resolver.cc:21:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
namespace bs = boost::system;
data/facter-3.14.12/lib/src/facts/posix/ssh_resolver.cc:7:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
namespace bs = boost::system;
data/facter-3.14.12/lib/src/facts/posix/xen_resolver.cc:10:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
namespace bs = boost::system;
data/facter-3.14.12/lib/src/facts/windows/ssh_resolver.cc:15:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
namespace bs = boost::system;
data/facter-3.14.12/lib/src/ruby/module.cc:184:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/facter-3.14.12/lib/src/ruby/module.cc:1002:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/facter-3.14.12/lib/src/ruby/module.cc:1063:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/facter-3.14.12/lib/tests/mock_server.cc:13:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code error;
data/facter-3.14.12/lib/tests/mock_server.cc:18:28: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
throw boost::system::system_error(error); // Some other error.
data/facter-3.14.12/lib/tests/mock_server.cc:33:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
acceptor_.async_accept(socket_, [this](boost::system::error_code ec) {
data/facter-3.14.12/lib/inc/internal/util/aix/odm.hpp:37:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static ptr open() {
data/facter-3.14.12/lib/inc/internal/util/aix/odm.hpp:313:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static proxy open(std::string name) {
data/facter-3.14.12/lib/inc/internal/util/aix/odm.hpp:370:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_the_odm = odm::open();
data/facter-3.14.12/lib/src/facts/aix/disk_resolver.cc:22:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto pd_dv_query = odm_class<PdDv>::open("PdDv").query("class=disk");
data/facter-3.14.12/lib/src/facts/aix/disk_resolver.cc:28:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto cu_dv = odm_class<CuDv>::open("CuDv");
data/facter-3.14.12/lib/src/facts/aix/disk_resolver.cc:39:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto descriptor = open(device.c_str(), O_RDONLY);
data/facter-3.14.12/lib/src/facts/aix/filesystem_resolver.cc:85:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto cu_dv = odm_class<CuDv>::open("CuDv");
data/facter-3.14.12/lib/src/facts/aix/filesystem_resolver.cc:86:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto cu_at = odm_class<CuAt>::open("CuAt");
data/facter-3.14.12/lib/src/facts/aix/memory_resolver.cc:35:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto cu_at_query = odm_class<CuAt>::open("CuAt").query("value=paging and attribute=type");
data/facter-3.14.12/lib/src/facts/aix/networking_resolver.cc:142:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(addrs[ RTAX_##a ]), sa, sa->sa_len); \
data/facter-3.14.12/lib/src/facts/aix/operating_system_resolver.cc:35:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto cuat_query = odm_class<CuAt>::open("CuAt").query(query);
data/facter-3.14.12/lib/src/facts/aix/operating_system_resolver.cc:49:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto cudv_query = odm_class<CuDv>::open("CuDv").query(query);
data/facter-3.14.12/lib/src/facts/aix/operating_system_resolver.cc:58:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto pdat_query = odm_class<PdAt>::open("PdAt").query(query);
data/facter-3.14.12/lib/src/facts/aix/processor_resolver.cc:48:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto pd_dv_query = odm_class<PdDv>::open("PdDv").query("class=processor");
data/facter-3.14.12/lib/src/facts/aix/processor_resolver.cc:57:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto cu_dv_query = odm_class<CuDv>::open("CuDv").query(query);
data/facter-3.14.12/lib/src/facts/aix/processor_resolver.cc:67:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto cu_at_query = odm_class<CuAt>::open("CuAt").query(query);
data/facter-3.14.12/lib/src/facts/aix/serial_number_resolver.cc:28:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto cu_at_query = odm_class<CuAt>::open("CuAt").query("name=sys0 and attribute=systemid");
data/facter-3.14.12/lib/src/facts/external/json_resolver.cc:203:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/facter-3.14.12/lib/src/facts/freebsd/dmi_resolver.cc:33:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100] = {};
data/facter-3.14.12/lib/src/facts/linux/filesystem_resolver.cc:75:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/facter-3.14.12/lib/src/facts/openbsd/dmi_resolver.cc:33:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[BUFSIZ];
data/facter-3.14.12/lib/src/facts/posix/networking_resolver.cc:33:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[INET_ADDRSTRLEN] = {};
data/facter-3.14.12/lib/src/facts/posix/networking_resolver.cc:47:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[INET6_ADDRSTRLEN] = {};
data/facter-3.14.12/lib/src/facts/posix/timezone_resolver.cc:13:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16];
data/facter-3.14.12/lib/src/facts/solaris/filesystem_resolver.cc:36:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scoped_file file(fopen("/etc/mnttab", "r"));
data/facter-3.14.12/lib/src/facts/windows/timezone_resolver.cc:20:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buffer[256] = {};
data/facter-3.14.12/lib/src/util/scoped_file.cc:10:39: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scoped_resource(boost::nowide::fopen(path.c_str(), mode.c_str()), close)
data/facter-3.14.12/lib/src/util/windows/wsa.cc:53:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buffer[INET6_ADDRSTRLEN+1];
data/facter-3.14.12/lib/tests/facts/windows/networking_resolver.cc:129:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr.sin6_addr.u.Byte, x.data(), 16*sizeof(u_char));
data/facter-3.14.12/lib/tests/mock_server.cc:11:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/facter-3.14.12/lib/inc/internal/facts/linux/dmi_resolver.hpp:34:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::string read(std::string const& path);
data/facter-3.14.12/lib/inc/internal/facts/windows/dmi_resolver.hpp:34:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::string read(std::string const& path);
data/facter-3.14.12/lib/src/cwrapper.cc:39:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*result, json_facts.c_str(), l);
data/facter-3.14.12/lib/src/facts/freebsd/networking_resolver.cc:49:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, interface.c_str(), sizeof(ifr.ifr_name));
data/facter-3.14.12/lib/src/facts/linux/disk_resolver.cc:63:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string blocks = lth_file::read(size_file_path);
data/facter-3.14.12/lib/src/facts/linux/disk_resolver.cc:73:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d.vendor = lth_file::read(vendor_file_path);
data/facter-3.14.12/lib/src/facts/linux/disk_resolver.cc:79:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d.model = lth_file::read(model_file_path);
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:29:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.bios_vendor = read("/sys/class/dmi/id/bios_vendor");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:30:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.bios_version = read("/sys/class/dmi/id/bios_version");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:31:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.bios_release_date = read("/sys/class/dmi/id/bios_date");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:32:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.board_asset_tag = read("/sys/class/dmi/id/board_asset_tag");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:33:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.board_manufacturer = read("/sys/class/dmi/id/board_vendor");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:34:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.board_product_name = read("/sys/class/dmi/id/board_name");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:35:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.board_serial_number = read("/sys/class/dmi/id/board_serial");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:36:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.chassis_asset_tag = read("/sys/class/dmi/id/chassis_asset_tag");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:37:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.manufacturer = read("/sys/class/dmi/id/sys_vendor");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:38:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.product_name = read("/sys/class/dmi/id/product_name");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:39:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.serial_number = read("/sys/class/dmi/id/product_serial");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:40:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.uuid = read("/sys/class/dmi/id/product_uuid");
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:41:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.chassis_type = to_chassis_description(read("/sys/class/dmi/id/chassis_type"));
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:182:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string dmi_resolver::read(std::string const& path)
data/facter-3.14.12/lib/src/facts/linux/dmi_resolver.cc:191:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!lth_file::read(path, value)) {
data/facter-3.14.12/lib/src/facts/linux/filesystem_resolver.cc:207:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string mapping_name = lth_file::read((block_device_path / "dm" / "name").string());
data/facter-3.14.12/lib/src/facts/linux/filesystem_resolver.cc:222:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
part.backing_file = lth_file::read((block_device_path / "loop" / "backing_file").string());
data/facter-3.14.12/lib/src/facts/linux/filesystem_resolver.cc:289:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string blocks = lth_file::read(device_directory + "/size");
data/facter-3.14.12/lib/src/facts/linux/networking_resolver.cc:91:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(req.ifr_name, interface.c_str(), sizeof(req.ifr_name) - 1);
data/facter-3.14.12/lib/src/facts/linux/operating_system_resolver.cc:73:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result.policy_version = lth_file::read(mountpoint + "/policyvers");
data/facter-3.14.12/lib/src/facts/linux/operating_system_resolver.cc:76:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string enforce = lth_file::read(mountpoint + "/enforce");
data/facter-3.14.12/lib/src/facts/linux/os_linux.cc:97:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string contents = lth_file::read(release_file::redhat);
data/facter-3.14.12/lib/src/facts/linux/os_linux.cc:111:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string contents = lth_file::read(release_file::lsb);
data/facter-3.14.12/lib/src/facts/linux/os_linux.cc:129:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string contents = lth_file::read(release_file::suse);
data/facter-3.14.12/lib/src/facts/linux/os_linux.cc:305:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value = lth_file::read(release_file::debian);
data/facter-3.14.12/lib/src/facts/linux/os_linux.cc:311:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value = lth_file::read(release_file::devuan);
data/facter-3.14.12/lib/src/facts/linux/os_linux.cc:317:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value = lth_file::read(release_file::alpine);
data/facter-3.14.12/lib/src/facts/linux/os_linux.cc:323:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
value = lth_file::read(release_file::huawei);
data/facter-3.14.12/lib/src/facts/linux/os_linux.cc:333:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string contents = lth_file::read(release_file::suse);
data/facter-3.14.12/lib/src/facts/linux/os_linux.cc:350:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string contents = lth_file::read(release_file::lsb);
data/facter-3.14.12/lib/src/facts/linux/os_linux.cc:381:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string contents = lth_file::read(file);
data/facter-3.14.12/lib/src/facts/linux/processor_resolver.cc:81:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string id = lth_file::read(physical_id_path);
data/facter-3.14.12/lib/src/facts/linux/processor_resolver.cc:192:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string speed = lth_file::read(root + "/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq");
data/facter-3.14.12/lib/src/facts/openbsd/networking_resolver.cc:49:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, interface.c_str(), sizeof(ifr.ifr_name));
data/facter-3.14.12/lib/src/facts/resolvers/ssh_resolver.cc:115:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string contents = lth_file::read(key_file.string());
ANALYSIS SUMMARY:
Hits = 90
Lines analyzed = 35168 in approximately 1.74 seconds (20208 lines/second)
Physical Source Lines of Code (SLOC) = 24252
Hits@level = [0] 0 [1] 42 [2] 30 [3] 0 [4] 18 [5] 0
Hits@level+ = [0+] 90 [1+] 90 [2+] 48 [3+] 18 [4+] 18 [5+] 0
Hits/KSLOC@level+ = [0+] 3.71103 [1+] 3.71103 [2+] 1.97922 [3+] 0.742207 [4+] 0.742207 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.