Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libee-0.4.1/src/xml_enc.c
Examining data/libee-0.4.1/src/convert.c
Examining data/libee-0.4.1/src/syslog_enc.c
Examining data/libee-0.4.1/src/tagbucket.c
Examining data/libee-0.4.1/src/int_dec.c
Examining data/libee-0.4.1/src/cjson/cjson.c
Examining data/libee-0.4.1/src/cjson/cjson.h
Examining data/libee-0.4.1/src/event.c
Examining data/libee-0.4.1/src/ctx.c
Examining data/libee-0.4.1/src/value.c
Examining data/libee-0.4.1/src/json_dec.c
Examining data/libee-0.4.1/src/csv_enc.c
Examining data/libee-0.4.1/src/json_event.c
Examining data/libee-0.4.1/src/tag.c
Examining data/libee-0.4.1/src/apache_dec.c
Examining data/libee-0.4.1/src/primitivetype.c
Examining data/libee-0.4.1/src/field.c
Examining data/libee-0.4.1/src/json_enc.c
Examining data/libee-0.4.1/src/fieldbucket.c
Examining data/libee-0.4.1/tests/genfile.c
Examining data/libee-0.4.1/tests/ezapi1.c
Examining data/libee-0.4.1/include/libee/event.h
Examining data/libee-0.4.1/include/libee/namelist.h
Examining data/libee-0.4.1/include/libee/primitivetype.h
Examining data/libee-0.4.1/include/libee/ctx.h
Examining data/libee-0.4.1/include/libee/value.h
Examining data/libee-0.4.1/include/libee/int.h
Examining data/libee-0.4.1/include/libee/valuetype.h
Examining data/libee-0.4.1/include/libee/valnode.h
Examining data/libee-0.4.1/include/libee/obj.h
Examining data/libee-0.4.1/include/libee/field.h
Examining data/libee-0.4.1/include/libee/parser.h
Examining data/libee-0.4.1/include/libee/libee.h
Examining data/libee-0.4.1/include/libee/tagbucket.h
Examining data/libee-0.4.1/include/libee/apache.h
Examining data/libee-0.4.1/include/libee/fieldset.h
Examining data/libee-0.4.1/include/libee/tagset.h
Examining data/libee-0.4.1/include/libee/timestamp.h
Examining data/libee-0.4.1/include/libee/fieldtype.h
Examining data/libee-0.4.1/include/libee/tag.h
Examining data/libee-0.4.1/include/libee/fieldbucket.h
Examining data/libee-0.4.1/include/libee/internal.h
FINAL RESULTS:
data/libee-0.4.1/include/libee/ctx.h:214:69: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void ee_dbgprintf(ee_ctx ctx, char *fmt, ...) __attribute__((format(printf, 2, 3)));
data/libee-0.4.1/src/cjson/cjson.c:369:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr,entries[i]);ptr+=strlen(entries[i]);
data/libee-0.4.1/src/cjson/cjson.c:458:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr,names[i]);ptr+=strlen(names[i]);
data/libee-0.4.1/src/cjson/cjson.c:460:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr,entries[i]);ptr+=strlen(entries[i]);
data/libee-0.4.1/src/convert.c:174:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errbuf, "loaded library version %s does not match "
data/libee-0.4.1/src/ctx.c:116:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
lenBuf = vsnprintf(buf, sizeof(buf), fmt, ap);
data/libee-0.4.1/src/json_event.c:87:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newprefix,"%s.%s",prefix,name);
data/libee-0.4.1/tests/ezapi1.c:80:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "loaded library version %s does not match "
data/libee-0.4.1/src/convert.c:184:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "c:i:ve:E:d:D:")) != -1) {
data/libee-0.4.1/tests/ezapi1.c:62:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((opt = getopt(argc, argv, "i:")) != -1) {
data/libee-0.4.1/src/apache_dec.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsgBuf[1024];
data/libee-0.4.1/src/cjson/cjson.c:56:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy,str,len);
data/libee-0.4.1/src/cjson/cjson.c:126:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (str) sprintf(str,"%d",item->valueint);
data/libee-0.4.1/src/cjson/cjson.c:133:41: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (fabs(floor(d)-d)<=DBL_EPSILON) sprintf(str,"%.0f",d);
data/libee-0.4.1/src/cjson/cjson.c:134:46: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else if (fabs(d)<1.0e-6 || fabs(d)>1.0e9) sprintf(str,"%e",d);
data/libee-0.4.1/src/cjson/cjson.c:135:18: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(str,"%f",d);
data/libee-0.4.1/src/cjson/cjson.c:142:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char firstByteMark[7] = { 0x00, 0x00, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC };
data/libee-0.4.1/src/cjson/cjson.c:230:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
default: sprintf(ptr2,"u%04x",token);ptr2+=5; break; /* escape and print */
data/libee-0.4.1/src/cjson/cjson.c:480:93: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static cJSON *create_reference(cJSON *item) {cJSON *ref=cJSON_New_Item();if (!ref) return 0;memcpy(ref,item,sizeof(cJSON));ref->string=0;ref->type|=cJSON_IsReference;ref->next=ref->prev=0;return ref;}
data/libee-0.4.1/src/convert.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64*1024];
data/libee-0.4.1/src/convert.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/libee-0.4.1/src/convert.c:187:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fpIn = fopen(optarg, "r")) == NULL) {
data/libee-0.4.1/src/csv_enc.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hexdigit[16] =
data/libee-0.4.1/src/csv_enc.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[4];
data/libee-0.4.1/src/ctx.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8*1024];
data/libee-0.4.1/src/int_dec.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsgBuf[1024];
data/libee-0.4.1/src/json_dec.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errMsgBuf[1024];
data/libee-0.4.1/src/json_enc.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hexdigit[16] =
data/libee-0.4.1/src/json_enc.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[4];
data/libee-0.4.1/src/xml_enc.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hexdigit[16] =
data/libee-0.4.1/src/xml_enc.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[4];
data/libee-0.4.1/tests/ezapi1.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[1024];
data/libee-0.4.1/tests/ezapi1.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valbuf[1024];
data/libee-0.4.1/tests/ezapi1.c:65:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fpIn = fopen(optarg, "r")) == NULL) {
data/libee-0.4.1/tests/ezapi1.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libee-0.4.1/tests/genfile.c:7:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
while(i < atoi(argv[1])) {
data/libee-0.4.1/src/cjson/cjson.c:54:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str) + 1;
data/libee-0.4.1/src/cjson/cjson.c:347:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret) len+=strlen(ret)+2+(fmt?1:0); else fail=1;
data/libee-0.4.1/src/cjson/cjson.c:369:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(ptr,entries[i]);ptr+=strlen(entries[i]);
data/libee-0.4.1/src/cjson/cjson.c:437:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (str && ret) len+=strlen(ret)+strlen(str)+2+(fmt?2+depth:0); else fail=1;
data/libee-0.4.1/src/cjson/cjson.c:437:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (str && ret) len+=strlen(ret)+strlen(str)+2+(fmt?2+depth:0); else fail=1;
data/libee-0.4.1/src/cjson/cjson.c:458:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(ptr,names[i]);ptr+=strlen(names[i]);
data/libee-0.4.1/src/cjson/cjson.c:460:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(ptr,entries[i]);ptr+=strlen(entries[i]);
data/libee-0.4.1/src/convert.c:145:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libee-0.4.1/src/convert.c:218:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
decFmt = es_newStrFromCStr(optarg, strlen(optarg));
data/libee-0.4.1/src/convert.c:221:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encFmt = es_newStrFromCStr(optarg, strlen(optarg));
data/libee-0.4.1/src/field.c:85:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((field->name = es_newStrFromCStr(name, strlen(name))) == NULL) {
data/libee-0.4.1/src/json_event.c:58:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
estr = es_newStrFromCStr(valstr, strlen(valstr));
data/libee-0.4.1/src/json_event.c:80:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lenprefix = strlen(prefix);
data/libee-0.4.1/src/json_event.c:86:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newprefix=malloc(strlen(prefix)+strlen(name)+2);
data/libee-0.4.1/src/json_event.c:86:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newprefix=malloc(strlen(prefix)+strlen(name)+2);
data/libee-0.4.1/tests/ezapi1.c:97:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namebuf[strlen(namebuf)-1] = '\0'; /* strip '\n' */
data/libee-0.4.1/tests/ezapi1.c:100:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
valbuf[strlen(valbuf)-1] = '\0'; /* strip '\n' */
data/libee-0.4.1/tests/ezapi1.c:101:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = es_newStrFromCStr(valbuf, strlen(valbuf));
ANALYSIS SUMMARY:
Hits = 54
Lines analyzed = 6765 in approximately 0.21 seconds (31896 lines/second)
Physical Source Lines of Code (SLOC) = 3362
Hits@level = [0] 26 [1] 18 [2] 26 [3] 2 [4] 8 [5] 0
Hits@level+ = [0+] 80 [1+] 54 [2+] 36 [3+] 10 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 23.7954 [1+] 16.0619 [2+] 10.7079 [3+] 2.97442 [4+] 2.37954 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.