Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libfilezilla-0.25.0/lib/libfilezilla/glue/wx.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/glue/wxinvoker.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/glue/unix.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/private/defs.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/private/visibility.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/private/windows.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/apply.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/buffer.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/encode.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/encryption.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/event.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/event_handler.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/event_loop.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/file.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/format.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/hash.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/invoker.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/iputils.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/libfilezilla.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/local_filesys.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/logger.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/mutex.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/optional.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/process.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/rate_limiter.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/rate_limited_layer.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/recursive_remove.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/rwmutex.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/shared.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/signature.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/socket.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/string.hpp
Parsing failed to find end of parameter list; semicolon terminated it in (a.cbegin(), a.cend(), b.cbegin(), b.cend(),
[](auto const& a, auto const& b) {
return tolower_ascii(a) == tolower_ascii(b);
}
);
}
inline bool equal_insensitive_ascii(std::wstring_vi
Parsing failed to find end of parameter list; semicolon terminated it in (a.cbegin(), a.cend(), b.cbegin(), b.cend(),
[](auto const& a, auto const& b) {
return tolower_ascii(a) == tolower_ascii(b);
}
);
}
/** \brief Converts from std::string in system enc
Parsing failed to find end of parameter list; semicolon terminated it in (beginning.begin(), beginning.end(), s.begin(), [](typename String::value_type const& a, typename String::value_type const& b) {
return tolower_ascii(a) == tolower_ascii(b);
});
}
else {
retu
Parsing failed to find end of parameter list; semicolon terminated it in (ending.rbegin(), ending.rend(), s.rbegin(), [](typename String::value_type const& a, typename String::value_type const& b) {
return tolower_ascii(a) == tolower_ascii(b);
});
}
else {
return
Examining data/libfilezilla-0.25.0/lib/libfilezilla/thread.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/thread_pool.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/time.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/tls_info.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/tls_layer.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/tls_system_trust_store.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/translate.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/uri.hpp
Examining data/libfilezilla-0.25.0/lib/libfilezilla/util.hpp
Examining data/libfilezilla-0.25.0/lib/glue/unix.cpp
Examining data/libfilezilla-0.25.0/lib/tls_layer_impl.hpp
Examining data/libfilezilla-0.25.0/lib/tls_system_trust_store_impl.hpp
Examining data/libfilezilla-0.25.0/lib/buffer.cpp
Examining data/libfilezilla-0.25.0/lib/encode.cpp
Examining data/libfilezilla-0.25.0/lib/encryption.cpp
Examining data/libfilezilla-0.25.0/lib/event.cpp
Examining data/libfilezilla-0.25.0/lib/event_handler.cpp
Examining data/libfilezilla-0.25.0/lib/event_loop.cpp
Examining data/libfilezilla-0.25.0/lib/file.cpp
Examining data/libfilezilla-0.25.0/lib/hash.cpp
Examining data/libfilezilla-0.25.0/lib/invoker.cpp
Examining data/libfilezilla-0.25.0/lib/iputils.cpp
Examining data/libfilezilla-0.25.0/lib/local_filesys.cpp
Examining data/libfilezilla-0.25.0/lib/mutex.cpp
Examining data/libfilezilla-0.25.0/lib/process.cpp
Examining data/libfilezilla-0.25.0/lib/rate_limiter.cpp
Examining data/libfilezilla-0.25.0/lib/rate_limited_layer.cpp
Examining data/libfilezilla-0.25.0/lib/recursive_remove.cpp
Examining data/libfilezilla-0.25.0/lib/signature.cpp
Examining data/libfilezilla-0.25.0/lib/socket.cpp
Examining data/libfilezilla-0.25.0/lib/socket_errors.cpp
Examining data/libfilezilla-0.25.0/lib/string.cpp
Examining data/libfilezilla-0.25.0/lib/thread.cpp
Examining data/libfilezilla-0.25.0/lib/thread_pool.cpp
Examining data/libfilezilla-0.25.0/lib/tls_info.cpp
Examining data/libfilezilla-0.25.0/lib/tls_layer.cpp
Examining data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp
Examining data/libfilezilla-0.25.0/lib/tls_system_trust_store.cpp
Examining data/libfilezilla-0.25.0/lib/time.cpp
Examining data/libfilezilla-0.25.0/lib/translate.cpp
Examining data/libfilezilla-0.25.0/lib/uri.cpp
Examining data/libfilezilla-0.25.0/lib/util.cpp
Examining data/libfilezilla-0.25.0/lib/version.cpp
Examining data/libfilezilla-0.25.0/demos/events.cpp
Examining data/libfilezilla-0.25.0/demos/list.cpp
Examining data/libfilezilla-0.25.0/demos/process.cpp
Examining data/libfilezilla-0.25.0/demos/timer_fizzbuzz.cpp
Examining data/libfilezilla-0.25.0/tests/test_utils.hpp
Examining data/libfilezilla-0.25.0/tests/ratelimit.cpp
Examining data/libfilezilla-0.25.0/tests/test.cpp
Examining data/libfilezilla-0.25.0/tests/buffer.cpp
Examining data/libfilezilla-0.25.0/tests/crypto.cpp
Examining data/libfilezilla-0.25.0/tests/dispatch.cpp
Examining data/libfilezilla-0.25.0/tests/eventloop.cpp
Examining data/libfilezilla-0.25.0/tests/format.cpp
Examining data/libfilezilla-0.25.0/tests/iputils.cpp
Examining data/libfilezilla-0.25.0/tests/smart_pointer.cpp
Examining data/libfilezilla-0.25.0/tests/socket.cpp
Examining data/libfilezilla-0.25.0/tests/string.cpp
Examining data/libfilezilla-0.25.0/tests/time.cpp
Examining data/libfilezilla-0.25.0/tests/util.cpp
FINAL RESULTS:
data/libfilezilla-0.25.0/lib/local_filesys.cpp:727:16: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t res = readlink(path.c_str(), out, size);
data/libfilezilla-0.25.0/lib/libfilezilla/format.hpp:407:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::string sprintf(std::string_view const& fmt, Args&&... args)
data/libfilezilla-0.25.0/lib/libfilezilla/format.hpp:413:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::wstring sprintf(std::wstring_view const& fmt, Args&&... args)
data/libfilezilla-0.25.0/lib/libfilezilla/glue/wx.hpp:32:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::wstring sprintf(T const& fmt, Args&&... args)
data/libfilezilla-0.25.0/lib/libfilezilla/glue/wx.hpp:34:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return sprintf(fmt.ToStdWstring(), std::forward<Args>(args)...);
data/libfilezilla-0.25.0/lib/libfilezilla/logger.hpp:67:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::wstring formatted = fz::to_wstring(fz::sprintf(std::forward<String>(fmt), std::forward<Args>(args)...));
data/libfilezilla-0.25.0/lib/process.cpp:404:4: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(cmd.c_str(), argV.get()); // noreturn on success
data/libfilezilla-0.25.0/lib/process.cpp:724:4: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argV.get()[0], argV.get());
data/libfilezilla-0.25.0/lib/recursive_remove.cpp:47:3: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(p, dir.c_str());
data/libfilezilla-0.25.0/lib/socket_errors.cpp:143:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return sprintf(fzT("%d"), error);
data/libfilezilla-0.25.0/lib/time.cpp:792:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return sprintf("%s, %02d %s %d %02d:%02d:%02d GMT", wdays[t.tm_wday], t.tm_mday, months[t.tm_mon], t.tm_year + 1900,
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:1729:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
auto list = sprintf("Ciphers for %s:\n", priority.empty() ? ciphers : priority);
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:1735:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
list += sprintf("gnutls_priority_init failed with code %d: %s", ret, err ? err : "Unknown error");
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:1754:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
list += sprintf(
data/libfilezilla-0.25.0/tests/format.cpp:26:47: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
CPPUNIT_ASSERT_EQUAL(std::string("foo"), fz::sprintf("foo"));
data/libfilezilla-0.25.0/tests/format.cpp:27:53: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
CPPUNIT_ASSERT_EQUAL(std::string("foo % bar"), fz::sprintf("foo %% bar"));
data/libfilezilla-0.25.0/tests/format.cpp:31:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("foo bar"), fz::sprintf("foo %s", std::string("bar")));
data/libfilezilla-0.25.0/tests/format.cpp:32:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("foo bar"), fz::sprintf("foo %s", std::wstring(L"bar")));
data/libfilezilla-0.25.0/tests/format.cpp:36:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("0"), fz::sprintf("%d", 0));
data/libfilezilla-0.25.0/tests/format.cpp:37:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 0"), fz::sprintf("%4d", 0));
data/libfilezilla-0.25.0/tests/format.cpp:38:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("0000"), fz::sprintf("%04d", 0));
data/libfilezilla-0.25.0/tests/format.cpp:39:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 0"), fz::sprintf("% 4d", 0));
data/libfilezilla-0.25.0/tests/format.cpp:40:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 000"), fz::sprintf("% 04d", 0));
data/libfilezilla-0.25.0/tests/format.cpp:41:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 000"), fz::sprintf("%0 4d", 0));
data/libfilezilla-0.25.0/tests/format.cpp:43:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("0"), fz::sprintf("%0d", 0));
data/libfilezilla-0.25.0/tests/format.cpp:44:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 0"), fz::sprintf("% 0d", 0));
data/libfilezilla-0.25.0/tests/format.cpp:45:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 0"), fz::sprintf("% d", 0));
data/libfilezilla-0.25.0/tests/format.cpp:47:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("1"), fz::sprintf("%d", 1));
data/libfilezilla-0.25.0/tests/format.cpp:48:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 1"), fz::sprintf("%4d", 1));
data/libfilezilla-0.25.0/tests/format.cpp:49:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("0001"), fz::sprintf("%04d", 1));
data/libfilezilla-0.25.0/tests/format.cpp:50:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 1"), fz::sprintf("% 4d", 1));
data/libfilezilla-0.25.0/tests/format.cpp:51:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 001"), fz::sprintf("% 04d", 1));
data/libfilezilla-0.25.0/tests/format.cpp:52:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 001"), fz::sprintf("%0 4d", 1));
data/libfilezilla-0.25.0/tests/format.cpp:54:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("123"), fz::sprintf("%d", 123));
data/libfilezilla-0.25.0/tests/format.cpp:55:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 123"), fz::sprintf("%4d", 123));
data/libfilezilla-0.25.0/tests/format.cpp:56:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("0123"), fz::sprintf("%04d", 123));
data/libfilezilla-0.25.0/tests/format.cpp:57:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 123"), fz::sprintf("% 4d", 123));
data/libfilezilla-0.25.0/tests/format.cpp:58:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 123"), fz::sprintf("% 04d", 123));
data/libfilezilla-0.25.0/tests/format.cpp:59:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 123"), fz::sprintf("%0 4d", 123));
data/libfilezilla-0.25.0/tests/format.cpp:61:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("1234"), fz::sprintf("%d", 1234));
data/libfilezilla-0.25.0/tests/format.cpp:62:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("1234"), fz::sprintf("%4d", 1234));
data/libfilezilla-0.25.0/tests/format.cpp:63:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("1234"), fz::sprintf("%04d", 1234));
data/libfilezilla-0.25.0/tests/format.cpp:64:49: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 1234"), fz::sprintf("% 4d", 1234));
data/libfilezilla-0.25.0/tests/format.cpp:65:49: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 1234"), fz::sprintf("% 04d", 1234));
data/libfilezilla-0.25.0/tests/format.cpp:66:49: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 1234"), fz::sprintf("%0 4d", 1234));
data/libfilezilla-0.25.0/tests/format.cpp:68:49: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("12345"), fz::sprintf("%d", 12345));
data/libfilezilla-0.25.0/tests/format.cpp:69:49: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("12345"), fz::sprintf("%4d", 12345));
data/libfilezilla-0.25.0/tests/format.cpp:70:49: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("12345"), fz::sprintf("%04d", 12345));
data/libfilezilla-0.25.0/tests/format.cpp:71:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 12345"), fz::sprintf("% 4d", 12345));
data/libfilezilla-0.25.0/tests/format.cpp:72:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 12345"), fz::sprintf("% 04d", 12345));
data/libfilezilla-0.25.0/tests/format.cpp:73:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 12345"), fz::sprintf("%0 4d", 12345));
data/libfilezilla-0.25.0/tests/format.cpp:75:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("-42"), fz::sprintf("%d", -42));
data/libfilezilla-0.25.0/tests/format.cpp:76:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("-42"), fz::sprintf("%d", -42));
data/libfilezilla-0.25.0/tests/format.cpp:77:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("-42"), fz::sprintf("%0d", -42));
data/libfilezilla-0.25.0/tests/format.cpp:78:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("-42"), fz::sprintf("% d", -42));
data/libfilezilla-0.25.0/tests/format.cpp:79:47: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("-42"), fz::sprintf("% 0d", -42));
data/libfilezilla-0.25.0/tests/format.cpp:81:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" -42"), fz::sprintf("%4d", -42));
data/libfilezilla-0.25.0/tests/format.cpp:82:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" -42"), fz::sprintf("%4d", -42));
data/libfilezilla-0.25.0/tests/format.cpp:83:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("-042"), fz::sprintf("%04d", -42));
data/libfilezilla-0.25.0/tests/format.cpp:84:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" -42"), fz::sprintf("% 4d", -42));
data/libfilezilla-0.25.0/tests/format.cpp:85:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("-042"), fz::sprintf("% 04d", -42));
data/libfilezilla-0.25.0/tests/format.cpp:87:53: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("foo 7 foo"), fz::sprintf("%2$s %1$d %2$s", 7, "foo"));
data/libfilezilla-0.25.0/tests/format.cpp:89:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("0"), fz::sprintf("%x", 0));
data/libfilezilla-0.25.0/tests/format.cpp:90:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("23bf0a"), fz::sprintf("%x", 2342666));
data/libfilezilla-0.25.0/tests/format.cpp:91:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("23BF0A"), fz::sprintf("%X", 2342666));
data/libfilezilla-0.25.0/tests/format.cpp:92:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("23bf0a"), fz::sprintf("%0x", 2342666));
data/libfilezilla-0.25.0/tests/format.cpp:93:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("23bf0a"), fz::sprintf("% x", 2342666));
data/libfilezilla-0.25.0/tests/format.cpp:94:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("23bf0a"), fz::sprintf("% 0x", 2342666));
data/libfilezilla-0.25.0/tests/format.cpp:95:46: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("0a"), fz::sprintf("%02x", 10));
data/libfilezilla-0.25.0/tests/format.cpp:97:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 0"), fz::sprintf("%4x", 0));
data/libfilezilla-0.25.0/tests/format.cpp:98:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("23bf0a"), fz::sprintf("%4x", 2342666));
data/libfilezilla-0.25.0/tests/format.cpp:99:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("23BF0A"), fz::sprintf("%4X", 2342666));
data/libfilezilla-0.25.0/tests/format.cpp:100:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("23bf0a"), fz::sprintf("%04x", 2342666));
data/libfilezilla-0.25.0/tests/format.cpp:101:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("23bf0a"), fz::sprintf("% 4x", 2342666));
data/libfilezilla-0.25.0/tests/format.cpp:102:50: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("23bf0a"), fz::sprintf("% 04x", 2342666));
data/libfilezilla-0.25.0/tests/format.cpp:104:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("77 "), fz::sprintf("%-7d", 77));
data/libfilezilla-0.25.0/tests/format.cpp:105:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("-77 "), fz::sprintf("%-7d", -77));
data/libfilezilla-0.25.0/tests/format.cpp:106:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 77 "), fz::sprintf("% -7d", 77));
data/libfilezilla-0.25.0/tests/format.cpp:107:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("-77 "), fz::sprintf("% -7d", -77));
data/libfilezilla-0.25.0/tests/format.cpp:108:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" 77 "), fz::sprintf("%- 7d", 77));
data/libfilezilla-0.25.0/tests/format.cpp:109:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("-77 "), fz::sprintf("%- 7d", -77));
data/libfilezilla-0.25.0/tests/format.cpp:113:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" +77"), fz::sprintf("%+7d", 77));
data/libfilezilla-0.25.0/tests/format.cpp:114:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string(" -77"), fz::sprintf("%+7d", -77));
data/libfilezilla-0.25.0/tests/format.cpp:115:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("+77 "), fz::sprintf("%+-7d", 77));
data/libfilezilla-0.25.0/tests/format.cpp:116:51: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("-77 "), fz::sprintf("%+-7d", -77));
data/libfilezilla-0.25.0/tests/format.cpp:118:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("x"), fz::sprintf("%c", char('x')));
data/libfilezilla-0.25.0/tests/format.cpp:119:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("x"), fz::sprintf("%c", int('x')));
data/libfilezilla-0.25.0/tests/format.cpp:121:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("x"), fz::sprintf("%s", std::string_view("x", 1)));
data/libfilezilla-0.25.0/tests/format.cpp:122:45: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
CPPUNIT_ASSERT_EQUAL(std::string("x"), fz::sprintf("%s", std::wstring_view(L"x", 1)));
data/libfilezilla-0.25.0/lib/file.cpp:67:11: [3] (misc) AddAccessAllowedAce:
This doesn't set the inheritance bits in the access control entry (ACE)
header (CWE-732). Make sure that you set inheritance by hand if you wish it
to inherit.
if (AddAccessAllowedAce(acl, ACL_REVISION, GENERIC_ALL | STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, tu->User.Sid)) {
data/libfilezilla-0.25.0/lib/libfilezilla/mutex.hpp:71:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(m_);
data/libfilezilla-0.25.0/lib/libfilezilla/mutex.hpp:119:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(m_);
data/libfilezilla-0.25.0/lib/mutex.cpp:73:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&m_);
data/libfilezilla-0.25.0/demos/process.cpp:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/libfilezilla-0.25.0/demos/process.cpp:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/libfilezilla-0.25.0/lib/buffer.cpp:19:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_, buf.pos_, buf.size_);
data/libfilezilla-0.25.0/lib/buffer.cpp:52:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, pos_, size_);
data/libfilezilla-0.25.0/lib/buffer.cpp:69:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, buf.pos_, buf.size_);
data/libfilezilla-0.25.0/lib/buffer.cpp:146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, pos_, size_);
data/libfilezilla-0.25.0/lib/buffer.cpp:155:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos_ + size_, data, len);
data/libfilezilla-0.25.0/lib/buffer.cpp:175:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, pos_, size_);
data/libfilezilla-0.25.0/lib/encode.cpp:73:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char const chars[256] =
data/libfilezilla-0.25.0/lib/encode.cpp:275:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char const chars_s[256] =
data/libfilezilla-0.25.0/lib/encode.cpp:295:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char const chars_h[256] =
data/libfilezilla-0.25.0/lib/encode.cpp:315:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char const chars_l[256] =
data/libfilezilla-0.25.0/lib/encryption.cpp:181:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.data(), ephemeral_pub.key_.data(), public_key::key_size);
data/libfilezilla-0.25.0/lib/encryption.cpp:182:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.data() + public_key::key_size, ephemeral_pub.salt_.data(), public_key::salt_size);
data/libfilezilla-0.25.0/lib/encryption.cpp:198:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.data(), ephemeral_pub.key_.data(), public_key::key_size);
data/libfilezilla-0.25.0/lib/encryption.cpp:199:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.data() + public_key::key_size, ephemeral_pub.salt_.data(), public_key::salt_size);
data/libfilezilla-0.25.0/lib/encryption.cpp:251:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ephemeral_pub.key_.data(), cipher, public_key::key_size);
data/libfilezilla-0.25.0/lib/encryption.cpp:252:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ephemeral_pub.salt_.data(), cipher + public_key::key_size, public_key::salt_size);
data/libfilezilla-0.25.0/lib/encryption.cpp:412:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp.data(), key_.data(), key_.size());
data/libfilezilla-0.25.0/lib/encryption.cpp:413:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp.data() + key_.size(), salt_.data(), salt_.size());
data/libfilezilla-0.25.0/lib/encryption.cpp:478:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.data(), nonce.data(), symmetric_key::salt_size);
data/libfilezilla-0.25.0/lib/file.cpp:16:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(f, m, d);
data/libfilezilla-0.25.0/lib/file.cpp:25:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool file::open(native_string const& f, mode m, creation_flags d)
data/libfilezilla-0.25.0/lib/file.cpp:189:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool file::open(native_string const& f, mode m, creation_flags d)
data/libfilezilla-0.25.0/lib/file.cpp:207:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ = ::open(f.c_str(), flags, mode);
data/libfilezilla-0.25.0/lib/libfilezilla/file.hpp:66:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(native_string const& f, mode m, creation_flags d = existing);
data/libfilezilla-0.25.0/lib/local_filesys.cpp:725:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[size];
data/libfilezilla-0.25.0/lib/process.cpp:328:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.get(), arg.c_str(), arg.size() + 1);
data/libfilezilla-0.25.0/lib/socket.cpp:701:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bindAddr.storage, bindAddressList->ai_addr, bindAddressList->ai_addrlen);
data/libfilezilla-0.25.0/lib/socket.cpp:878:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/libfilezilla-0.25.0/lib/socket.cpp:975:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8];
data/libfilezilla-0.25.0/lib/socket.cpp:979:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/libfilezilla-0.25.0/lib/socket.cpp:1266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[NI_MAXHOST];
data/libfilezilla-0.25.0/lib/socket.cpp:1267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portbuf[NI_MAXSERV];
data/libfilezilla-0.25.0/lib/socket.cpp:1307:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.in6.sin6_addr, buf, buf_len);
data/libfilezilla-0.25.0/lib/socket.cpp:1311:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.in4.sin_addr, buf, buf_len);
data/libfilezilla-0.25.0/lib/string.cpp:153:23: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int const out_len = MultiByteToWideChar(CP_ACP, MB_ERR_INVALID_CHARS, in_p, static_cast<int>(len), nullptr, 0);
data/libfilezilla-0.25.0/lib/string.cpp:157:4: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP, MB_ERR_INVALID_CHARS, in_p, static_cast<int>(len), out_p, out_len);
data/libfilezilla-0.25.0/lib/string.cpp:298:23: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int const out_len = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, in_p, static_cast<int>(len), nullptr, 0);
data/libfilezilla-0.25.0/lib/string.cpp:302:4: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, in_p, static_cast<int>(len), out_p, out_len);
data/libfilezilla-0.25.0/lib/time.cpp:640:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libfilezilla-0.25.0/lib/time.cpp:652:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[4096];
data/libfilezilla-0.25.0/lib/time.cpp:674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[count];
data/libfilezilla-0.25.0/lib/time.cpp:690:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[count];
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:1092:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[40];
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:1151:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[100];
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:1191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char san[4096];
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:1234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:1336:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(concated_certs.data + concated_certs.size, pem_cert_list[i].data, pem_cert_list[i].size);
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:1750:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[2];
data/libfilezilla-0.25.0/lib/util.cpp:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret[i], &v, size - i);
data/libfilezilla-0.25.0/tests/buffer.cpp:36:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf2.get(42), "barbaz", 6);
data/libfilezilla-0.25.0/tests/format.cpp:29:51: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
CPPUNIT_ASSERT_EQUAL(std::string("foo bar"), fz::sprintf("foo %s", "bar"));
data/libfilezilla-0.25.0/tests/format.cpp:30:51: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
CPPUNIT_ASSERT_EQUAL(std::string("foo bar"), fz::sprintf("foo %s", L"bar"));
data/libfilezilla-0.25.0/tests/format.cpp:110:51: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
CPPUNIT_ASSERT_EQUAL(std::string("ok "), fz::sprintf("%- 7s", "ok"));
data/libfilezilla-0.25.0/tests/format.cpp:111:49: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
CPPUNIT_ASSERT_EQUAL(std::string("hello"), fz::sprintf("%-3s", "hello"));
data/libfilezilla-0.25.0/tests/socket.cpp:83:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/libfilezilla-0.25.0/tests/string.cpp:92:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t const w[7] = {'A', 0, 'B', 0, 0, 'C', 0};
data/libfilezilla-0.25.0/tests/string.cpp:93:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char const n[7] = {'A', 0, 'B', 0, 0, 'C', 0};
data/libfilezilla-0.25.0/demos/list.cpp:10:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (argc > 1 && argv[1] && *argv[1] && strlen(argv[1]) < 1000) {
data/libfilezilla-0.25.0/demos/process.cpp:61:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = p.read(buf, 100);
data/libfilezilla-0.25.0/demos/process.cpp:99:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = p.read(buf, 100);
data/libfilezilla-0.25.0/lib/file.cpp:143:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int64_t file::read(void *buf, int64_t count)
data/libfilezilla-0.25.0/lib/file.cpp:148:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (ReadFile(hFile_, buf, static_cast<DWORD>(count), &read, nullptr)) {
data/libfilezilla-0.25.0/lib/file.cpp:149:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = static_cast<int64_t>(read);
data/libfilezilla-0.25.0/lib/file.cpp:272:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int64_t file::read(void *buf, int64_t count)
data/libfilezilla-0.25.0/lib/file.cpp:276:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = ::read(fd_, buf, count);
data/libfilezilla-0.25.0/lib/libfilezilla/file.hpp:124:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int64_t read(void *buf, int64_t count);
data/libfilezilla-0.25.0/lib/libfilezilla/process.hpp:61:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(char* buffer, unsigned int len);
data/libfilezilla-0.25.0/lib/libfilezilla/rate_limited_layer.hpp:24:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(void* buffer, unsigned int size, int& error) override;
data/libfilezilla-0.25.0/lib/libfilezilla/socket.hpp:46:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read,
data/libfilezilla-0.25.0/lib/libfilezilla/socket.hpp:344:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(void* buffer, unsigned int size, int& error) = 0;
data/libfilezilla-0.25.0/lib/libfilezilla/socket.hpp:435:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(void *buffer, unsigned int size, int& error) override;
data/libfilezilla-0.25.0/lib/libfilezilla/string.hpp:213:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen(Char const* str) {
data/libfilezilla-0.25.0/lib/libfilezilla/string.hpp:493:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::equal(beginning.begin(), beginning.end(), s.begin(), [](typename String::value_type const& a, typename String::value_type const& b) {
data/libfilezilla-0.25.0/lib/libfilezilla/string.hpp:498:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::equal(beginning.begin(), beginning.end(), s.begin());
data/libfilezilla-0.25.0/lib/libfilezilla/string.hpp:514:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::equal(ending.rbegin(), ending.rend(), s.rbegin(), [](typename String::value_type const& a, typename String::value_type const& b) {
data/libfilezilla-0.25.0/lib/libfilezilla/string.hpp:519:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::equal(ending.rbegin(), ending.rend(), s.rbegin());
data/libfilezilla-0.25.0/lib/libfilezilla/tls_layer.hpp:163:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(void *buffer, unsigned int size, int& error) override;
data/libfilezilla-0.25.0/lib/process.cpp:210:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(char* buffer, unsigned int len)
data/libfilezilla-0.25.0/lib/process.cpp:213:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
BOOL res = ReadFile(out_.read_, buffer, len, &read, nullptr);
data/libfilezilla-0.25.0/lib/process.cpp:223:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/libfilezilla-0.25.0/lib/process.cpp:441:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(char* buffer, unsigned int len)
data/libfilezilla-0.25.0/lib/process.cpp:445:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = ::read(out_.read_, buffer, len);
data/libfilezilla-0.25.0/lib/process.cpp:510:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int process::read(char* buffer, unsigned int len)
data/libfilezilla-0.25.0/lib/process.cpp:512:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return impl_ ? impl_->read(buffer, len) : -1;
data/libfilezilla-0.25.0/lib/process.cpp:757:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = ::read(errpipe.read_, &tmp, 1);
data/libfilezilla-0.25.0/lib/rate_limited_layer.cpp:27:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
event_handler_->send_event<socket_event>(this, socket_event_flag::read, 0);
data/libfilezilla-0.25.0/lib/rate_limited_layer.cpp:34:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int rate_limited_layer::read(void* buffer, unsigned int size, int& error)
data/libfilezilla-0.25.0/lib/rate_limited_layer.cpp:47:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read = next_layer_.read(buffer, size, error);
data/libfilezilla-0.25.0/lib/rate_limited_layer.cpp:48:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > 0 && max != rate::unlimited) {
data/libfilezilla-0.25.0/lib/rate_limited_layer.cpp:49:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
consume(direction::inbound, read);
data/libfilezilla-0.25.0/lib/rate_limited_layer.cpp:52:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/libfilezilla-0.25.0/lib/socket.cpp:880:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int damn_spurious_warning = read(event_fd_, buffer, 8);
data/libfilezilla-0.25.0/lib/socket.cpp:882:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int damn_spurious_warning = read(pipe_[0], buffer, 100);
data/libfilezilla-0.25.0/lib/socket.cpp:976:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int damn_spurious_warning = read(event_fd_, buffer, 8);
data/libfilezilla-0.25.0/lib/socket.cpp:980:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int damn_spurious_warning = read(pipe_[0], buffer, 100);
data/libfilezilla-0.25.0/lib/socket.cpp:1049:92: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
socket_->evt_handler_->send_event<socket_event>(socket_->ev_source_, socket_event_flag::read, triggered_errors_[1]);
data/libfilezilla-0.25.0/lib/socket.cpp:1697:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int socket::read(void* buffer, unsigned int size, int& error)
data/libfilezilla-0.25.0/lib/socket.cpp:1848:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (event != socket_event_flag::read && event != socket_event_flag::write) {
data/libfilezilla-0.25.0/lib/socket.cpp:1863:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int const wait_flag = (event == socket_event_flag::read) ? WAIT_READ : WAIT_WRITE;
data/libfilezilla-0.25.0/lib/socket.cpp:1899:190: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((state_ == socket_state::connected || state_ == socket_state::shut_down) && !(socket_thread_->waiting_ & WAIT_READ) && !has_pending_event(evt_handler_, ev_source_, socket_event_flag::read)) {
data/libfilezilla-0.25.0/lib/socket.cpp:1900:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pEvtHandler->send_event<socket_event>(ev_source_, socket_event_flag::read, 0);
data/libfilezilla-0.25.0/lib/tls_layer.cpp:39:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int tls_layer::read(void *buffer, unsigned int size, int& error)
data/libfilezilla-0.25.0/lib/tls_layer.cpp:41:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return impl_->read(buffer, size, error);
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:251:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto read = kf.read(k.data(), ks);
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:252:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != ks) {
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:270:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = cf.read(c.data(), cs);
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:271:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != cs) {
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:513:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read = tls_layer_.next_layer_.read(data, static_cast<unsigned int>(len), error);
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:514:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < 0) {
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:528:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read) {
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:533:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
logger_.log(logmsg::debug_debug, L" returning %d", read);
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:536:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:571:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
case socket_event_flag::read:
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:601:88: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tls_layer_.event_handler_->send_event<socket_event>(&tls_layer_, socket_event_flag::read, 0);
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:828:90: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tls_layer_.event_handler_->send_event<socket_event>(&tls_layer_, socket_event_flag::read, 0);
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:853:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int tls_layer_impl::read(void *buffer, unsigned int len, int& error)
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:966:88: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tls_layer_.event_handler_->send_event<socket_event>(&tls_layer_, socket_event_flag::read, error);
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:1051:89: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tls_layer_.event_handler_->send_event<socket_event>(&tls_layer_, socket_event_flag::read, 0);
data/libfilezilla-0.25.0/lib/tls_layer_impl.cpp:1996:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int res = tls_layer_.next_layer_.read(&c, 1, error);
data/libfilezilla-0.25.0/lib/tls_layer_impl.hpp:35:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(void *buffer, unsigned int size, int& error);
data/libfilezilla-0.25.0/tests/format.cpp:34:48: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
CPPUNIT_ASSERT_EQUAL(std::string(" "), fz::sprintf("%4s", " "));
data/libfilezilla-0.25.0/tests/socket.cpp:81:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (type == fz::socket_event_flag::read) {
data/libfilezilla-0.25.0/tests/socket.cpp:86:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = si_->read(buf, 1024, error);
data/libfilezilla-0.25.0/tests/socket.cpp:110:64: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
send_event(new fz::socket_event(si_, fz::socket_event_flag::read, 0));
ANALYSIS SUMMARY:
Hits = 219
Lines analyzed = 21075 in approximately 0.55 seconds (38385 lines/second)
Physical Source Lines of Code (SLOC) = 15056
Hits@level = [0] 1 [1] 67 [2] 59 [3] 4 [4] 88 [5] 1
Hits@level+ = [0+] 220 [1+] 219 [2+] 152 [3+] 93 [4+] 89 [5+] 1
Hits/KSLOC@level+ = [0+] 14.6121 [1+] 14.5457 [2+] 10.0956 [3+] 6.17694 [4+] 5.91126 [5+] 0.0664187
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.