Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libee-0.4.1/src/xml_enc.c Examining data/libee-0.4.1/src/convert.c Examining data/libee-0.4.1/src/syslog_enc.c Examining data/libee-0.4.1/src/tagbucket.c Examining data/libee-0.4.1/src/int_dec.c Examining data/libee-0.4.1/src/cjson/cjson.c Examining data/libee-0.4.1/src/cjson/cjson.h Examining data/libee-0.4.1/src/event.c Examining data/libee-0.4.1/src/ctx.c Examining data/libee-0.4.1/src/value.c Examining data/libee-0.4.1/src/json_dec.c Examining data/libee-0.4.1/src/csv_enc.c Examining data/libee-0.4.1/src/json_event.c Examining data/libee-0.4.1/src/tag.c Examining data/libee-0.4.1/src/apache_dec.c Examining data/libee-0.4.1/src/primitivetype.c Examining data/libee-0.4.1/src/field.c Examining data/libee-0.4.1/src/json_enc.c Examining data/libee-0.4.1/src/fieldbucket.c Examining data/libee-0.4.1/tests/genfile.c Examining data/libee-0.4.1/tests/ezapi1.c Examining data/libee-0.4.1/include/libee/event.h Examining data/libee-0.4.1/include/libee/namelist.h Examining data/libee-0.4.1/include/libee/primitivetype.h Examining data/libee-0.4.1/include/libee/ctx.h Examining data/libee-0.4.1/include/libee/value.h Examining data/libee-0.4.1/include/libee/int.h Examining data/libee-0.4.1/include/libee/valuetype.h Examining data/libee-0.4.1/include/libee/valnode.h Examining data/libee-0.4.1/include/libee/obj.h Examining data/libee-0.4.1/include/libee/field.h Examining data/libee-0.4.1/include/libee/parser.h Examining data/libee-0.4.1/include/libee/libee.h Examining data/libee-0.4.1/include/libee/tagbucket.h Examining data/libee-0.4.1/include/libee/apache.h Examining data/libee-0.4.1/include/libee/fieldset.h Examining data/libee-0.4.1/include/libee/tagset.h Examining data/libee-0.4.1/include/libee/timestamp.h Examining data/libee-0.4.1/include/libee/fieldtype.h Examining data/libee-0.4.1/include/libee/tag.h Examining data/libee-0.4.1/include/libee/fieldbucket.h Examining data/libee-0.4.1/include/libee/internal.h FINAL RESULTS: data/libee-0.4.1/include/libee/ctx.h:214:69: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void ee_dbgprintf(ee_ctx ctx, char *fmt, ...) __attribute__((format(printf, 2, 3))); data/libee-0.4.1/src/cjson/cjson.c:369:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr,entries[i]);ptr+=strlen(entries[i]); data/libee-0.4.1/src/cjson/cjson.c:458:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr,names[i]);ptr+=strlen(names[i]); data/libee-0.4.1/src/cjson/cjson.c:460:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr,entries[i]);ptr+=strlen(entries[i]); data/libee-0.4.1/src/convert.c:174:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errbuf, "loaded library version %s does not match " data/libee-0.4.1/src/ctx.c:116:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. lenBuf = vsnprintf(buf, sizeof(buf), fmt, ap); data/libee-0.4.1/src/json_event.c:87:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newprefix,"%s.%s",prefix,name); data/libee-0.4.1/tests/ezapi1.c:80:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "loaded library version %s does not match " data/libee-0.4.1/src/convert.c:184:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((opt = getopt(argc, argv, "c:i:ve:E:d:D:")) != -1) { data/libee-0.4.1/tests/ezapi1.c:62:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((opt = getopt(argc, argv, "i:")) != -1) { data/libee-0.4.1/src/apache_dec.c:231:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errMsgBuf[1024]; data/libee-0.4.1/src/cjson/cjson.c:56:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy,str,len); data/libee-0.4.1/src/cjson/cjson.c:126:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (str) sprintf(str,"%d",item->valueint); data/libee-0.4.1/src/cjson/cjson.c:133:41: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (fabs(floor(d)-d)<=DBL_EPSILON) sprintf(str,"%.0f",d); data/libee-0.4.1/src/cjson/cjson.c:134:46: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (fabs(d)<1.0e-6 || fabs(d)>1.0e9) sprintf(str,"%e",d); data/libee-0.4.1/src/cjson/cjson.c:135:18: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(str,"%f",d); data/libee-0.4.1/src/cjson/cjson.c:142:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char firstByteMark[7] = { 0x00, 0x00, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC }; data/libee-0.4.1/src/cjson/cjson.c:230:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. default: sprintf(ptr2,"u%04x",token);ptr2+=5; break; /* escape and print */ data/libee-0.4.1/src/cjson/cjson.c:480:93: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static cJSON *create_reference(cJSON *item) {cJSON *ref=cJSON_New_Item();if (!ref) return 0;memcpy(ref,item,sizeof(cJSON));ref->string=0;ref->type|=cJSON_IsReference;ref->next=ref->prev=0;return ref;} data/libee-0.4.1/src/convert.c:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64*1024]; data/libee-0.4.1/src/convert.c:169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[1024]; data/libee-0.4.1/src/convert.c:187:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fpIn = fopen(optarg, "r")) == NULL) { data/libee-0.4.1/src/csv_enc.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hexdigit[16] = data/libee-0.4.1/src/csv_enc.c:145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[4]; data/libee-0.4.1/src/ctx.c:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8*1024]; data/libee-0.4.1/src/int_dec.c:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errMsgBuf[1024]; data/libee-0.4.1/src/json_dec.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errMsgBuf[1024]; data/libee-0.4.1/src/json_enc.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hexdigit[16] = data/libee-0.4.1/src/json_enc.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[4]; data/libee-0.4.1/src/xml_enc.c:40:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hexdigit[16] = data/libee-0.4.1/src/xml_enc.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[4]; data/libee-0.4.1/tests/ezapi1.c:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[1024]; data/libee-0.4.1/tests/ezapi1.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valbuf[1024]; data/libee-0.4.1/tests/ezapi1.c:65:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fpIn = fopen(optarg, "r")) == NULL) { data/libee-0.4.1/tests/ezapi1.c:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libee-0.4.1/tests/genfile.c:7:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). while(i < atoi(argv[1])) { data/libee-0.4.1/src/cjson/cjson.c:54:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str) + 1; data/libee-0.4.1/src/cjson/cjson.c:347:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ret) len+=strlen(ret)+2+(fmt?1:0); else fail=1; data/libee-0.4.1/src/cjson/cjson.c:369:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(ptr,entries[i]);ptr+=strlen(entries[i]); data/libee-0.4.1/src/cjson/cjson.c:437:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (str && ret) len+=strlen(ret)+strlen(str)+2+(fmt?2+depth:0); else fail=1; data/libee-0.4.1/src/cjson/cjson.c:437:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (str && ret) len+=strlen(ret)+strlen(str)+2+(fmt?2+depth:0); else fail=1; data/libee-0.4.1/src/cjson/cjson.c:458:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(ptr,names[i]);ptr+=strlen(names[i]); data/libee-0.4.1/src/cjson/cjson.c:460:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(ptr,entries[i]);ptr+=strlen(entries[i]); data/libee-0.4.1/src/convert.c:145:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/libee-0.4.1/src/convert.c:218:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decFmt = es_newStrFromCStr(optarg, strlen(optarg)); data/libee-0.4.1/src/convert.c:221:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). encFmt = es_newStrFromCStr(optarg, strlen(optarg)); data/libee-0.4.1/src/field.c:85:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((field->name = es_newStrFromCStr(name, strlen(name))) == NULL) { data/libee-0.4.1/src/json_event.c:58:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). estr = es_newStrFromCStr(valstr, strlen(valstr)); data/libee-0.4.1/src/json_event.c:80:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenprefix = strlen(prefix); data/libee-0.4.1/src/json_event.c:86:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newprefix=malloc(strlen(prefix)+strlen(name)+2); data/libee-0.4.1/src/json_event.c:86:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newprefix=malloc(strlen(prefix)+strlen(name)+2); data/libee-0.4.1/tests/ezapi1.c:97:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namebuf[strlen(namebuf)-1] = '\0'; /* strip '\n' */ data/libee-0.4.1/tests/ezapi1.c:100:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valbuf[strlen(valbuf)-1] = '\0'; /* strip '\n' */ data/libee-0.4.1/tests/ezapi1.c:101:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = es_newStrFromCStr(valbuf, strlen(valbuf)); ANALYSIS SUMMARY: Hits = 54 Lines analyzed = 6765 in approximately 0.21 seconds (31896 lines/second) Physical Source Lines of Code (SLOC) = 3362 Hits@level = [0] 26 [1] 18 [2] 26 [3] 2 [4] 8 [5] 0 Hits@level+ = [0+] 80 [1+] 54 [2+] 36 [3+] 10 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 23.7954 [1+] 16.0619 [2+] 10.7079 [3+] 2.97442 [4+] 2.37954 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.