Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/itk3-3.4.2/generic/itkStubLib.c
Examining data/itk3-3.4.2/generic/itk_archetype.c
Examining data/itk3-3.4.2/generic/itkStubInit.c
Examining data/itk3-3.4.2/generic/itkDecls.h
Examining data/itk3-3.4.2/generic/itk.h
Examining data/itk3-3.4.2/generic/itk_cmds.c
Examining data/itk3-3.4.2/generic/itk_util.c
Examining data/itk3-3.4.2/generic/itk_option.c
Examining data/itk3-3.4.2/win/dllEntryPoint.c
Examining data/itk3-3.4.2/win/nmakehlp.c
FINAL RESULTS:
data/itk3-3.4.2/generic/itk_archetype.c:808:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, resultStr);
data/itk3-3.4.2/generic/itk_archetype.c:2928:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lastval, v);
data/itk3-3.4.2/generic/itk_archetype.c:3173:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(archOpt->init, init);
data/itk3-3.4.2/generic/itk_archetype.c:3202:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(archComp->pathName, wname);
data/itk3-3.4.2/generic/itk_archetype.c:3272:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name+1, switchName);
data/itk3-3.4.2/generic/itk_archetype.c:3288:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(archOpt->resName, resName);
data/itk3-3.4.2/generic/itk_archetype.c:3301:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(archOpt->resClass, resClass);
data/itk3-3.4.2/generic/itk_archetype.c:3328:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(archOpt->switchName, name);
data/itk3-3.4.2/generic/itk_archetype.c:3332:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(archOpt->resName, resName);
data/itk3-3.4.2/generic/itk_archetype.c:3340:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(archOpt->resClass, resClass);
data/itk3-3.4.2/generic/itk_archetype.c:3454:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(archOpt->init, ival);
data/itk3-3.4.2/generic/itk_archetype.c:3661:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name+1, switchName);
data/itk3-3.4.2/generic/itk_archetype.c:3733:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name+1, switchName);
data/itk3-3.4.2/generic/itk_archetype.c:4101:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name+1, switchName);
data/itk3-3.4.2/generic/itk_option.c:434:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opt->resName, resName);
data/itk3-3.4.2/generic/itk_option.c:437:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opt->resClass, resClass);
data/itk3-3.4.2/generic/itk_option.c:440:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opt->init, defVal);
data/itk3-3.4.2/win/nmakehlp.c:145:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmdline, option);
data/itk3-3.4.2/win/nmakehlp.c:236:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmdline, option);
data/itk3-3.4.2/win/nmakehlp.c:149:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/itk3-3.4.2/win/nmakehlp.c:149:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/itk3-3.4.2/win/nmakehlp.c:238:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/itk3-3.4.2/win/nmakehlp.c:238:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/itk3-3.4.2/generic/itk_archetype.c:2119:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/itk3-3.4.2/generic/itk_archetype.c:2120:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "\n (while adding option \"%.100s\")", token);
data/itk3-3.4.2/generic/itk_archetype.c:2280:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/itk3-3.4.2/generic/itk_archetype.c:2281:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "\n (while removing option \"%.100s\")",
data/itk3-3.4.2/generic/itk_archetype.c:2786:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/itk3-3.4.2/generic/itk_archetype.c:2787:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "\n (error in configuration of public variable \"%.100s\")", vdefn->member->fullname);
data/itk3-3.4.2/generic/itk_archetype.c:2812:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/itk3-3.4.2/generic/itk_archetype.c:2813:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "\n (error in configuration of public variable \"%.100s\")", vdefn->member->fullname);
data/itk3-3.4.2/generic/itk_util.c:92:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((VOID*)newOrder, (VOID*)olist->list, (size_t)size);
data/itk3-3.4.2/win/nmakehlp.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STATICBUFFERSIZE];
data/itk3-3.4.2/win/nmakehlp.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/itk3-3.4.2/win/nmakehlp.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/itk3-3.4.2/win/nmakehlp.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[100];
data/itk3-3.4.2/win/nmakehlp.c:143:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X ");
data/itk3-3.4.2/win/nmakehlp.c:147:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmdline, " .\\nul");
data/itk3-3.4.2/win/nmakehlp.c:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/itk3-3.4.2/win/nmakehlp.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[100];
data/itk3-3.4.2/win/nmakehlp.c:234:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdline, "link.exe -nologo ");
data/itk3-3.4.2/win/nmakehlp.c:326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[51], s2[51], s3[51];
data/itk3-3.4.2/win/nmakehlp.c:330:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "rt");
data/itk3-3.4.2/generic/itk_archetype.c:610:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(token);
data/itk3-3.4.2/generic/itk_archetype.c:807:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = (char*)ckalloc((unsigned)(strlen(resultStr)+1));
data/itk3-3.4.2/generic/itk_archetype.c:1935:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(token);
data/itk3-3.4.2/generic/itk_archetype.c:2927:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lastval = (char*)ckalloc((unsigned)(strlen(v)+1));
data/itk3-3.4.2/generic/itk_archetype.c:3172:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archOpt->init = (char*)ckalloc((unsigned)(strlen(init)+1));
data/itk3-3.4.2/generic/itk_archetype.c:3201:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archComp->pathName = (char *) ckalloc((unsigned)(strlen(wname)+1));
data/itk3-3.4.2/generic/itk_archetype.c:3270:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = ckalloc((unsigned)(strlen(switchName)+2));
data/itk3-3.4.2/generic/itk_archetype.c:3287:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archOpt->resName = (char*)ckalloc((unsigned)(strlen(resName)+1));
data/itk3-3.4.2/generic/itk_archetype.c:3300:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archOpt->resClass = (char*)ckalloc((unsigned)(strlen(resClass)+1));
data/itk3-3.4.2/generic/itk_archetype.c:3327:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archOpt->switchName = (char*)ckalloc((unsigned)(strlen(name)+1));
data/itk3-3.4.2/generic/itk_archetype.c:3331:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archOpt->resName = (char*)ckalloc((unsigned)(strlen(resName)+1));
data/itk3-3.4.2/generic/itk_archetype.c:3339:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archOpt->resClass = (char*)ckalloc((unsigned)(strlen(resClass)+1));
data/itk3-3.4.2/generic/itk_archetype.c:3453:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archOpt->init = (char*)ckalloc((unsigned)(strlen(ival)+1));
data/itk3-3.4.2/generic/itk_archetype.c:3659:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = ckalloc((unsigned)(strlen(switchName)+2));
data/itk3-3.4.2/generic/itk_archetype.c:3731:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = ckalloc((unsigned)(strlen(switchName)+2));
data/itk3-3.4.2/generic/itk_archetype.c:4099:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = ckalloc((unsigned)(strlen(switchName)+2));
data/itk3-3.4.2/generic/itk_option.c:433:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt->resName = (char*)ckalloc((unsigned)(strlen(resName)+1));
data/itk3-3.4.2/generic/itk_option.c:436:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt->resClass = (char*)ckalloc((unsigned)(strlen(resClass)+1));
data/itk3-3.4.2/generic/itk_option.c:439:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt->init = (char*)ckalloc((unsigned)(strlen(defVal)+1));
data/itk3-3.4.2/win/nmakehlp.c:168:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL);
data/itk3-3.4.2/win/nmakehlp.c:257:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL);
data/itk3-3.4.2/win/nmakehlp.c:336:6: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
r = fscanf(f, "%50s", s1);
data/itk3-3.4.2/win/nmakehlp.c:339:10: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
r = fscanf(f, "%50s %50s", s2, s3);
ANALYSIS SUMMARY:
Hits = 66
Lines analyzed = 6350 in approximately 0.19 seconds (33549 lines/second)
Physical Source Lines of Code (SLOC) = 3629
Hits@level = [0] 0 [1] 23 [2] 20 [3] 4 [4] 19 [5] 0
Hits@level+ = [0+] 66 [1+] 66 [2+] 43 [3+] 23 [4+] 19 [5+] 0
Hits/KSLOC@level+ = [0+] 18.1868 [1+] 18.1868 [2+] 11.849 [3+] 6.33783 [4+] 5.2356 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.