Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/inform6-library-6.12.2+dfsg.1/english.h
Examining data/inform6-library-6.12.2+dfsg.1/verblib.h
Examining data/inform6-library-6.12.2+dfsg.1/parser.h
Examining data/inform6-library-6.12.2+dfsg.1/grammar.h
Examining data/inform6-library-6.12.2+dfsg.1/infix.h
Examining data/inform6-library-6.12.2+dfsg.1/linklpa.h
FINAL RESULTS:
data/inform6-library-6.12.2+dfsg.1/parser.h:4128:28: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
! First, a scope token gets priority here:
data/inform6-library-6.12.2+dfsg.1/parser.h:25:43: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
! Definition of grammar token numbering system used by Inform
data/inform6-library-6.12.2+dfsg.1/linklpa.h:55:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Attribute open;
data/inform6-library-6.12.2+dfsg.1/parser.h:2383:55: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (noun has container && noun hasnt open) L__M(##Take, 9, noun);
data/inform6-library-6.12.2+dfsg.1/parser.h:2468:58: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(act has container && act has open)))
data/inform6-library-6.12.2+dfsg.1/parser.h:3774:73: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(its_owner has container && its_owner has open)))
data/inform6-library-6.12.2+dfsg.1/parser.h:4179:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(o has container && o has open))
data/inform6-library-6.12.2+dfsg.1/parser.h:5716:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (i has open || i has transparent)
data/inform6-library-6.12.2+dfsg.1/parser.h:5729:46: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (obj has container) return (obj hasnt open);
data/inform6-library-6.12.2+dfsg.1/parser.h:6296:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
! Now re-open the windows to apply the hints
data/inform6-library-6.12.2+dfsg.1/parser.h:6584:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
! If we can't even open one window, there's no point in going on.
data/inform6-library-6.12.2+dfsg.1/verblib.h:223:71: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((o has transparent or supporter) || (o has container && o has open)) rtrue;
data/inform6-library-6.12.2+dfsg.1/verblib.h:235:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((o1 has open && o2 hasnt open) || (o2 has open && o1 hasnt open))
data/inform6-library-6.12.2+dfsg.1/verblib.h:235:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((o1 has open && o2 hasnt open) || (o2 has open && o1 hasnt open))
data/inform6-library-6.12.2+dfsg.1/verblib.h:235:59: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((o1 has open && o2 hasnt open) || (o2 has open && o1 hasnt open))
data/inform6-library-6.12.2+dfsg.1/verblib.h:235:76: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((o1 has open && o2 hasnt open) || (o2 has open && o1 hasnt open))
data/inform6-library-6.12.2+dfsg.1/verblib.h:620:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (o has container && o hasnt open) combo=combo+2;
data/inform6-library-6.12.2+dfsg.1/verblib.h:621:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((o has container && (o has open || o has transparent))) {
data/inform6-library-6.12.2+dfsg.1/verblib.h:646:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (o has open)
data/inform6-library-6.12.2+dfsg.1/verblib.h:684:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (o has container && (o has open || o has transparent)) {
data/inform6-library-6.12.2+dfsg.1/verblib.h:738:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
! To deal with supporters and open containers, so that objects are processed
data/inform6-library-6.12.2+dfsg.1/verblib.h:741:71: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
! if ((o has transparent or supporter) || (o has container && o has open)) rtrue;
data/inform6-library-6.12.2+dfsg.1/verblib.h:1729:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (obj hasnt open) rfalse;
data/inform6-library-6.12.2+dfsg.1/verblib.h:1737:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (obj has open) rtrue;
data/inform6-library-6.12.2+dfsg.1/verblib.h:1744:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (obj has open) rfalse;
data/inform6-library-6.12.2+dfsg.1/verblib.h:1753:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (obj hasnt open) rtrue;
data/inform6-library-6.12.2+dfsg.1/verblib.h:1798:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (i && i has container && i hasnt open && ImplicitOpen(i)) return L__M(##Remove, 1, i);
data/inform6-library-6.12.2+dfsg.1/verblib.h:1869:50: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (second has container && second hasnt open && ImplicitOpen(second))
data/inform6-library-6.12.2+dfsg.1/verblib.h:1910:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (noun hasnt open && ImplicitOpen(noun)) return L__M(##EmptyT, 2, noun);
data/inform6-library-6.12.2+dfsg.1/verblib.h:1914:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (second hasnt open && ImplicitOpen(second))
data/inform6-library-6.12.2+dfsg.1/verblib.h:1925:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (noun hasnt open) flag = true;
data/inform6-library-6.12.2+dfsg.1/verblib.h:1929:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (second hasnt open) flag = true;
data/inform6-library-6.12.2+dfsg.1/verblib.h:2004:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (noun has container && noun hasnt open && ImplicitOpen(noun)) return L__M(##Enter, 3, noun);
data/inform6-library-6.12.2+dfsg.1/verblib.h:2029:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (p has container && p hasnt open && ImplicitOpen(p))
data/inform6-library-6.12.2+dfsg.1/verblib.h:2087:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (next_loc hasnt open && ImplicitOpen(next_loc)) {
data/inform6-library-6.12.2+dfsg.1/verblib.h:2167:56: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((o has door or container) && o has open && o provides when_open) {
data/inform6-library-6.12.2+dfsg.1/verblib.h:2170:58: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((o has door or container) && o hasnt open && o provides when_closed) {
data/inform6-library-6.12.2+dfsg.1/parser.h:1094:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read a_buffer a_table;
data/inform6-library-6.12.2+dfsg.1/parser.h:2040:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
! put back the non-preposition we just read
data/inform6-library-6.12.2+dfsg.1/parser.h:2824:41: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
! So, two cases. Case 1: token not equal to "held"
data/inform6-library-6.12.2+dfsg.1/verblib.h:796:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read buffer parse;
data/inform6-library-6.12.2+dfsg.1/verblib.h:798:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read buffer parse DrawStatusLine;
data/inform6-library-6.12.2+dfsg.1/verblib.h:1112:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read buffer parse;
data/inform6-library-6.12.2+dfsg.1/verblib.h:1113:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else read buffer parse DrawStatusLine;
ANALYSIS SUMMARY:
Hits = 44
Lines analyzed = 13613 in approximately 0.41 seconds (33337 lines/second)
Physical Source Lines of Code (SLOC) = 6885
Hits@level = [0] 0 [1] 7 [2] 35 [3] 0 [4] 1 [5] 1
Hits@level+ = [0+] 44 [1+] 44 [2+] 37 [3+] 2 [4+] 2 [5+] 1
Hits/KSLOC@level+ = [0+] 6.3907 [1+] 6.3907 [2+] 5.374 [3+] 0.290487 [4+] 0.290487 [5+] 0.145243
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.