Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/inspect.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/operation.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/error_handling.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/constants.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/ast_fwd_decl.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/util.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass_util.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/to_c.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/context.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/listize.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/plugins.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/kwd_arg_macros.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/functions.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/eval.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/context.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/environment.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass_values.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/paths.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/environment.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/ast_fwd_decl.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/bind.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/expand.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/ast.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/ast_def_macros.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/color_maps.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/inspect.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/base64vlq.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/output.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/prelexer.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/units.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/util.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/node.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/to_c.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/source_map.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass_functions.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/extend.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/cssize.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/expand.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/c99func.c
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/plugins.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/memory/SharedPtr.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/memory/SharedPtr.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/include/sass2scss.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/include/sass/context.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/include/sass/version.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/include/sass/functions.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/include/sass/base.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/include/sass/values.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/include/sass.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/operators.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/emitter.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/node.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/backtrace.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/to_value.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass_util.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/file.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/to_value.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/lexer.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/extend.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/values.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/error_handling.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/debug.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/utf8_string.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/check_nesting.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass_context.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/prelexer.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/check_nesting.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/eval.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/values.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/utf8/checked.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/utf8/core.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/utf8/unchecked.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/bind.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/mapping.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass_functions.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/b64/encode.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/b64/cencode.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/cencode.c
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/emitter.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/remove_placeholders.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/functions.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/units.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/source_map.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/backtrace.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/output.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass_context.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/position.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass_values.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/cssize.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass2scss.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/subset_map.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/constants.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/position.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/utf8_string.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/utf8.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/listize.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/debugger.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/lexer.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/file.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/operators.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/remove_placeholders.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/base64vlq.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/color_maps.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/subset_map.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/ast.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/operation.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/error_handling.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/util.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/sass_util.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/to_c.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/listize.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/plugins.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/kwd_arg_macros.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/functions.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/json.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/eval.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/context.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/paths.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/environment.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/ast_fwd_decl.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/parser.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/to_string.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/ast.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/SharedPtr.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/inspect.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/base64vlq.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/output.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/prelexer.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/source_map.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/extend.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/expand.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/unity.cpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/node.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/file.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/to_value.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/lexer.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/utf8_string.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/check_nesting.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/values.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/bind.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/mapping.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/cencode.c
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/emitter.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/units.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/cssize.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/constants.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/position.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/utf8.h
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/color_names.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/remove_placeholders.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/color_maps.hpp
Examining data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libs/subset_map.hpp
FINAL RESULTS:
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/c99func.c:42:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char* str, size_t size, const char* format, ...)
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/eval.cpp:1465:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:43:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#ifdef snprintf
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:44:8: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#undef snprintf
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:46:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern "C" int snprintf(char *, size_t, const char *, ...);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:60:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, str);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:1372:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(errmsg, 256, __VA_ARGS__); \
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass2scss.cpp:840:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (cstr, scss.c_str());
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/context.cpp:817:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
register_function(ctx, random_sig, random, env);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/eval.cpp:1592:50: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
Selector_List_Obj sl = p.parse_selector_list(chroot);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/functions.cpp:1349:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BUILT_IN(random)
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/functions.hpp:155:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BUILT_IN(random);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.cpp:552:87: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
Selector_Schema_Obj Parser::parse_selector_schema(const char* end_of_selector, bool chroot)
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.cpp:662:54: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
Selector_List_Obj Parser::parse_selector_list(bool chroot)
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.cpp:684:36: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
sel = parse_complex_selector(chroot);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.cpp:718:60: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
Complex_Selector_Obj Parser::parse_complex_selector(bool chroot)
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.cpp:771:36: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (!sel->has_parent_ref() && !chroot) {
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.hpp:259:48: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
Selector_List_Obj parse_selector_list(bool chroot);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.hpp:260:54: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
Complex_Selector_Obj parse_complex_selector(bool chroot);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.hpp:261:81: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
Selector_Schema_Obj parse_selector_schema(const char* end_of_selector, bool chroot);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass2scss.cpp:795:10: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
is.setstate(std::ios::eofbit);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/file.cpp:57:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wd[wd_len];
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/file.cpp:64:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wd[wd_len];
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/file.cpp:79:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t resolved[32768];
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/file.cpp:411:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t resolved[32768];
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sb->cur, bytes, count);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:837:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char throwaway_buffer[4];
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:1227:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(b, "\\uFFFD");
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:1288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:1289:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.16g", num);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:1368:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool json_check(const JsonNode *node, char errmsg[256])
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.hpp:115:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool json_check(const JsonNode *node, char errmsg[256]);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.hpp:354:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
template <Prelexer::prelexer open, Prelexer::prelexer close>
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.hpp:357:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (lex < open >(false)) {
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass.cpp:47:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(cpy, str, len);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass2scss.cpp:701:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (IS_CSS_COMMENT(converter) && open != "")
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass2scss.cpp:713:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
converter.comment = open;
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/util.cpp:292:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char u[5] = {0,0,0,0,0}; utf8::append(cp, u);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/util.cpp:381:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char u[5] = {0,0,0,0,0}; utf8::append(cp, u);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/b64/encode.h:58:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
istream_in.read(plaintext, N);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/eval.cpp:1464:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/file.cpp:443:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read(contents, size);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/functions.cpp:317:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::equal(calc.begin(), calc.end(), ss.begin()) ||
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/functions.cpp:318:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
std::equal(var.begin(), var.end(), ss.begin());
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:57:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ret = (char*) malloc(strlen(str) + 1);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:119:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sb_put(sb, str, (int)strlen(str));
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/json.cpp:125:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(sb->start <= sb->cur && strlen(sb->start) == (size_t)(sb->cur - sb->start));
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/output.hpp:18:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::equal(ending.rbegin(), ending.rend(), value.rbegin());
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.cpp:40:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p.end = p.position + strlen(p.position);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.cpp:54:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p.end = end ? end : p.position + strlen(p.position);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/parser.cpp:88:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p.end = t.end ? t.end : p.position + strlen(p.position);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/position.cpp:15:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*this = inc(string, string + strlen(string));
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/position.cpp:32:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end += strlen(beg);
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/position.hpp:83:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: prefix(str), begin(str), end(str + strlen(str)) { }
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/sass.cpp:45:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str) + 1;
data/golang-github-wellington-go-libsass-0.9.2+git20181130.4ef5b9d/libsass-build/util.cpp:428:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* end = it + strlen(it) + 1;
ANALYSIS SUMMARY:
Hits = 56
Lines analyzed = 38994 in approximately 1.03 seconds (38028 lines/second)
Physical Source Lines of Code (SLOC) = 29568
Hits@level = [0] 1 [1] 17 [2] 18 [3] 13 [4] 8 [5] 0
Hits@level+ = [0+] 57 [1+] 56 [2+] 39 [3+] 21 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 1.92776 [1+] 1.89394 [2+] 1.31899 [3+] 0.710227 [4+] 0.270563 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.