Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libcmis-0.5.2/inc/libcmis/libcmis-api.h
Examining data/libcmis-0.5.2/inc/libcmis-c/object.h
Examining data/libcmis-0.5.2/inc/libcmis-c/oauth2-data.h
Examining data/libcmis-0.5.2/inc/libcmis-c/error.h
Examining data/libcmis-0.5.2/inc/libcmis-c/property.h
Examining data/libcmis-0.5.2/inc/libcmis-c/allowable-actions.h
Examining data/libcmis-0.5.2/inc/libcmis-c/vectors.h
Examining data/libcmis-0.5.2/inc/libcmis-c/object-type.h
Examining data/libcmis-0.5.2/inc/libcmis-c/session.h
Examining data/libcmis-0.5.2/inc/libcmis-c/session-factory.h
Examining data/libcmis-0.5.2/inc/libcmis-c/types.h
Examining data/libcmis-0.5.2/inc/libcmis-c/rendition.h
Examining data/libcmis-0.5.2/inc/libcmis-c/libcmis-c.h
Examining data/libcmis-0.5.2/inc/libcmis-c/document.h
Examining data/libcmis-0.5.2/inc/libcmis-c/property-type.h
Examining data/libcmis-0.5.2/inc/libcmis-c/libcmis-c-api.h
Examining data/libcmis-0.5.2/inc/libcmis-c/folder.h
Examining data/libcmis-0.5.2/inc/libcmis-c/repository.h
Examining data/libcmis-0.5.2/src/libcmis/oauth2-providers.cxx
Examining data/libcmis-0.5.2/src/libcmis/gdrive-session.cxx
Examining data/libcmis-0.5.2/src/libcmis/dummy.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-session.cxx
Examining data/libcmis-0.5.2/src/libcmis/gdrive-object.cxx
Examining data/libcmis-0.5.2/src/libcmis/atom-object-type.cxx
Examining data/libcmis-0.5.2/src/libcmis/property-type.cxx
Examining data/libcmis-0.5.2/src/libcmis/folder.cxx
Examining data/libcmis-0.5.2/src/libcmis/allowable-actions.cxx
Examining data/libcmis-0.5.2/src/libcmis/atom-object.cxx
Examining data/libcmis-0.5.2/src/libcmis/property.cxx
Examining data/libcmis-0.5.2/src/libcmis/sharepoint-session.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-document.cxx
Examining data/libcmis-0.5.2/src/libcmis/onedrive-object-type.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-objectservice.cxx
Examining data/libcmis-0.5.2/src/libcmis/oauth2-handler.cxx
Examining data/libcmis-0.5.2/src/libcmis/sharepoint-object.cxx
Examining data/libcmis-0.5.2/src/libcmis/oauth2-data.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-navigationservice.cxx
Examining data/libcmis-0.5.2/src/libcmis/onedrive-property.cxx
Examining data/libcmis-0.5.2/src/libcmis/gdrive-repository.cxx
Examining data/libcmis-0.5.2/src/libcmis/gdrive-property.cxx
Examining data/libcmis-0.5.2/src/libcmis/json-utils.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-versioningservice.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-requests.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-soap.cxx
Examining data/libcmis-0.5.2/src/libcmis/sharepoint-document.cxx
Examining data/libcmis-0.5.2/src/libcmis/atom-folder.cxx
Examining data/libcmis-0.5.2/src/libcmis/onedrive-utils.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-object.cxx
Examining data/libcmis-0.5.2/src/libcmis/atom-session.cxx
Examining data/libcmis-0.5.2/src/libcmis/session-factory.cxx
Examining data/libcmis-0.5.2/src/libcmis/base-session.cxx
Examining data/libcmis-0.5.2/src/libcmis/http-session.cxx
Examining data/libcmis-0.5.2/src/libcmis/gdrive-object-type.cxx
Examining data/libcmis-0.5.2/src/libcmis/onedrive-repository.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-relatedmultipart.cxx
Examining data/libcmis-0.5.2/src/libcmis/sharepoint-repository.cxx
Examining data/libcmis-0.5.2/src/libcmis/onedrive-object.cxx
Examining data/libcmis-0.5.2/src/libcmis/sharepoint-utils.cxx
Examining data/libcmis-0.5.2/src/libcmis/onedrive-document.cxx
Examining data/libcmis-0.5.2/src/libcmis/sharepoint-folder.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-object-type.cxx
Examining data/libcmis-0.5.2/src/libcmis/sharepoint-object-type.cxx
Examining data/libcmis-0.5.2/src/libcmis/gdrive-utils.cxx
Examining data/libcmis-0.5.2/src/libcmis/gdrive-folder.cxx
Examining data/libcmis-0.5.2/src/libcmis/onedrive-folder.cxx
Examining data/libcmis-0.5.2/src/libcmis/xml-utils.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-folder.cxx
Examining data/libcmis-0.5.2/src/libcmis/repository.cxx
Examining data/libcmis-0.5.2/src/libcmis/onedrive-session.cxx
Examining data/libcmis-0.5.2/src/libcmis/object.cxx
Examining data/libcmis-0.5.2/src/libcmis/atom-document.cxx
Examining data/libcmis-0.5.2/src/libcmis/rendition.cxx
Examining data/libcmis-0.5.2/src/libcmis/object-type.cxx
Examining data/libcmis-0.5.2/src/libcmis/document.cxx
Examining data/libcmis-0.5.2/src/libcmis/sharepoint-property.cxx
Examining data/libcmis-0.5.2/src/libcmis/gdrive-document.cxx
Examining data/libcmis-0.5.2/src/libcmis/ws-repositoryservice.cxx
Examining data/libcmis-0.5.2/src/libcmis/atom-workspace.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/property-type.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/folder.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/allowable-actions.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/property.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/oauth2-data.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/session.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/session-factory.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/vectors.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/repository.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/object.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/error.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/rendition.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/object-type.cxx
Examining data/libcmis-0.5.2/src/libcmis-c/document.cxx
Examining data/libcmis-0.5.2/src/cmis-client.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-xmlutils.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-ws.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-soap.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-mockup-helpers.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-onedrive.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-main.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-decoder.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-commons.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-sharepoint.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-gdrive.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-jsonutils.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-atom.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-factory.cxx
Examining data/libcmis-0.5.2/qa/libcmis/test-helpers.cxx
Examining data/libcmis-0.5.2/qa/mockup/mockup-config.cxx
Examining data/libcmis-0.5.2/qa/mockup/curl-mockup.cxx
Examining data/libcmis-0.5.2/qa/mockup/curl/curl.h
Examining data/libcmis-0.5.2/qa/mockup/mockup-config.h
Examining data/libcmis-0.5.2/qa/libcmis-c/test-build.c
Examining data/libcmis-0.5.2/qa/libcmis-c/test-object.cxx
Examining data/libcmis-0.5.2/qa/libcmis-c/test-property.cxx
Examining data/libcmis-0.5.2/qa/libcmis-c/test-object-type.cxx
Examining data/libcmis-0.5.2/qa/libcmis-c/test-dummies.cxx
Examining data/libcmis-0.5.2/qa/libcmis-c/test-session.cxx
Examining data/libcmis-0.5.2/qa/libcmis-c/test-allowable-actions.cxx
Examining data/libcmis-0.5.2/qa/libcmis-c/test-folder.cxx
Examining data/libcmis-0.5.2/qa/libcmis-c/test-document.cxx
Examining data/libcmis-0.5.2/qa/libcmis-c/test-repository.cxx
Examining data/libcmis-0.5.2/qa/libcmis-c/test-api.cxx
Examining data/libcmis-0.5.2/qa/libcmis-c/test-property-type.cxx
FINAL RESULTS:
data/libcmis-0.5.2/qa/libcmis-c/test-document.cxx:255:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* tmp = tmpfile( );
data/libcmis-0.5.2/qa/libcmis-c/test-document.cxx:278:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* tmp = tmpfile( );
data/libcmis-0.5.2/qa/libcmis-c/test-document.cxx:299:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* tmp = tmpfile( );
data/libcmis-0.5.2/qa/libcmis-c/test-document.cxx:323:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* tmp = tmpfile( );
data/libcmis-0.5.2/qa/libcmis-c/test-document.cxx:353:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* tmp = tmpfile( );
data/libcmis-0.5.2/qa/libcmis-c/test-document.cxx:475:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* tmp = tmpfile( );
data/libcmis-0.5.2/qa/libcmis-c/test-document.cxx:533:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* tmp = tmpfile( );
data/libcmis-0.5.2/qa/libcmis-c/test-folder.cxx:306:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* tmp = tmpfile( );
data/libcmis-0.5.2/qa/libcmis-c/test-folder.cxx:358:17: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
FILE* tmp = tmpfile( );
data/libcmis-0.5.2/qa/libcmis/test-decoder.cxx:110:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
stream = tmpfile();
data/libcmis-0.5.2/qa/libcmis/test-decoder.cxx:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/libcmis-0.5.2/qa/libcmis/test-xmlutils.cxx:189:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toParse[50];
data/libcmis-0.5.2/qa/libcmis/test-xmlutils.cxx:208:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toParse[50];
data/libcmis-0.5.2/qa/libcmis/test-xmlutils.cxx:221:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toParse[50];
data/libcmis-0.5.2/qa/libcmis/test-xmlutils.cxx:234:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toParse[50];
data/libcmis-0.5.2/qa/libcmis/test-xmlutils.cxx:247:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toParse[50];
data/libcmis-0.5.2/qa/mockup/mockup-config.cxx:178:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen( response.c_str( ), "r" );
data/libcmis-0.5.2/src/libcmis-c/session-factory.cxx:78:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[CRED_MAX_LEN];
data/libcmis-0.5.2/src/libcmis-c/session-factory.cxx:81:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pass[CRED_MAX_LEN];
data/libcmis-0.5.2/src/libcmis/http-session.cxx:592:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errBuff[CURL_ERROR_SIZE];
data/libcmis-0.5.2/src/libcmis/oauth2-providers.cxx:67:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
data/libcmis-0.5.2/src/libcmis/sharepoint-session.cxx:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errBuff[CURL_ERROR_SIZE];
data/libcmis-0.5.2/src/libcmis/xml-utils.cxx:184:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decoded[3];
data/libcmis-0.5.2/src/libcmis/xml-utils.cxx:198:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoded[4];
data/libcmis-0.5.2/src/libcmis/xml-utils.cxx:241:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decoded[3];
data/libcmis-0.5.2/src/libcmis/xml-utils.cxx:276:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoded[4];
data/libcmis-0.5.2/qa/libcmis-c/test-dummies.cxx:561:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read( buf, bufSize );
data/libcmis-0.5.2/qa/libcmis-c/test-dummies.cxx:563:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
out.write( buf, read );
data/libcmis-0.5.2/qa/libcmis/test-helpers.cxx:181:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read( buffer, length );
data/libcmis-0.5.2/qa/libcmis/test-jsonutils.cxx:84:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read( &contents[0], contents.size( ) );
data/libcmis-0.5.2/qa/libcmis/test-ws.cxx:67:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read( buf, size );
data/libcmis-0.5.2/qa/mockup/curl-mockup.cxx:338:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
body.write( buf, read );
data/libcmis-0.5.2/qa/mockup/mockup-config.cxx:194:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
written = handle->m_writeFn( buf, 1, read, handle->m_writeData );
data/libcmis-0.5.2/qa/mockup/mockup-config.cxx:195:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} while ( read == bufSize && written == read );
data/libcmis-0.5.2/src/libcmis-c/document.cxx:155:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read( buf, bufSize );
data/libcmis-0.5.2/src/libcmis-c/document.cxx:157:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
writeFn( ( const void * )buf, size_t( 1 ), read, userData );
data/libcmis-0.5.2/src/libcmis-c/document.cxx:211:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->write( buf, read );
data/libcmis-0.5.2/src/libcmis-c/document.cxx:366:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->write( buf, read );
data/libcmis-0.5.2/src/libcmis-c/folder.cxx:284:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->write( buf, read );
data/libcmis-0.5.2/src/libcmis-c/session-factory.cxx:79:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(user, username.c_str( ), sizeof( user ) );
data/libcmis-0.5.2/src/libcmis-c/session-factory.cxx:82:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pass, password.c_str( ), sizeof( pass ) );
data/libcmis-0.5.2/src/libcmis/atom-document.cxx:196:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read( buf, bufLength );
data/libcmis-0.5.2/src/libcmis/atom-object.cxx:434:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read( buf, bufLength );
data/libcmis-0.5.2/src/libcmis/http-session.cxx:81:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read( out, size * nmemb );
data/libcmis-0.5.2/src/libcmis/ws-requests.cxx:107:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read( buf, size );
ANALYSIS SUMMARY:
Hits = 45
Lines analyzed = 32756 in approximately 1.16 seconds (28243 lines/second)
Physical Source Lines of Code (SLOC) = 23609
Hits@level = [0] 10 [1] 19 [2] 26 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 55 [1+] 45 [2+] 26 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.32962 [1+] 1.90605 [2+] 1.10127 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.