stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libgit2-glib-0.28.0.1/examples/clone.c
Examining data/libgit2-glib-0.28.0.1/examples/general.c
Examining data/libgit2-glib-0.28.0.1/examples/walk.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-annotated-commit.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-annotated-commit.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-blame-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-blame-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-blame.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-blame.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-blob-output-stream.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-blob-output-stream.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-blob.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-blob.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-branch-enumerator.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-branch-enumerator.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-branch.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-branch.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-checkout-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-checkout-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-cherry-pick-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-cherry-pick-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-clone-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-clone-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-commit-parents.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-commit-parents.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-commit.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-commit.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-config-entry.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-config-entry.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-config.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-config.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-convert.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-convert.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-cred-plaintext.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-cred-plaintext.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-cred-ssh-interactive.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-cred-ssh-interactive.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-cred-ssh-key-from-agent.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-cred-ssh-key-from-agent.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-cred.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-cred.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-binary-file.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-binary-file.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-binary.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-binary.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-delta.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-delta.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-file.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-file.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-find-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-find-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-format-email-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-format-email-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-hunk.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-hunk.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-line.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-line.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-similarity-metric.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-similarity-metric.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-error.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-error.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-fetch-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-fetch-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-index-entry-resolve-undo.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-index-entry-resolve-undo.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-index-entry.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-index-entry.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-index.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-index.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-main.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-main.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-merge-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-merge-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-message.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-message.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-native.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-native.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-note.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-note.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-object-factory-base.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-object-factory-base.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-object-factory.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-object-factory.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-object.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-object.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-oid.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-oid.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-patch.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-patch.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-proxy-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-proxy-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-push-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-push-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-rebase-operation.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-rebase-operation.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-rebase-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-rebase-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-rebase.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-rebase.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-ref-spec.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-ref-spec.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-ref.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-ref.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-reflog-entry.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-reflog-entry.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-reflog.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-reflog.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-remote-callbacks.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-remote-callbacks.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-remote.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-remote.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-repository.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-repository.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-revert-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-revert-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-revision-walker.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-revision-walker.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-signature.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-signature.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-status-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-status-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-submodule-update-options.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-submodule-update-options.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-submodule.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-submodule.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-tag.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-tag.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-transfer-progress.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-transfer-progress.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-tree-builder.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-tree-builder.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-tree-entry.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-tree-entry.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-tree.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-tree.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-types.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-types.h
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-utils.c
Examining data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-utils.h
Examining data/libgit2-glib-0.28.0.1/tests/repository.c

FINAL RESULTS:

data/libgit2-glib-0.28.0.1/tests/repository.c:147:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	ret = system (cmd);
data/libgit2-glib-0.28.0.1/tests/repository.c:130:39:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
	fixture->git_dir = g_build_filename (g_get_tmp_dir (),
data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff-binary-file.c:49:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (gfile->data, file->data, file->datalen);
data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-transfer-progress.c:42:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (&gprogress->progress, progress, sizeof (git_transfer_progress));
data/libgit2-glib-0.28.0.1/examples/clone.c:61:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = strlen (s);
data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-convert.c:42:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	gsize read, written;
data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-convert.c:49:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	                         &read,
data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-convert.c:53:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		res = g_convert (text, read, "UTF-8", "ASCII", NULL, NULL, NULL);
data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-convert.c:58:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		size = size - read;
data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-convert.c:74:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	gsize read;
data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-convert.c:81:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	                  &read,
data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-convert.c:117:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size = strlen (str);
data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-cred-ssh-interactive.c:212:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		responses[i].length = strlen (wprompts[i]->response);
data/libgit2-glib-0.28.0.1/libgit2-glib/ggit-diff.c:998:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buffer_len = strlen((const gchar *) buffer);
data/libgit2-glib-0.28.0.1/tests/repository.c:226:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	msglen = strlen (msg);
data/libgit2-glib-0.28.0.1/tests/repository.c:298:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	                         strlen (message),

ANALYSIS SUMMARY:

Hits = 16
Lines analyzed = 32147 in approximately 0.92 seconds (35008 lines/second)
Physical Source Lines of Code (SLOC) = 17015
Hits@level = [0]   0 [1]  12 [2]   2 [3]   1 [4]   1 [5]   0
Hits@level+ = [0+]  16 [1+]  16 [2+]   4 [3+]   2 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 0.940347 [1+] 0.940347 [2+] 0.235087 [3+] 0.117543 [4+] 0.0587717 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.