Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libguytools2-2.1.0/toollog.cpp
Examining data/libguytools2-2.1.0/toolerror.cpp
Examining data/libguytools2-2.1.0/toolcfg.cpp
Examining data/libguytools2-2.1.0/toolsignal.cpp
Examining data/libguytools2-2.1.0/toolsysinfo.cpp
Examining data/libguytools2-2.1.0/include/toolerror.h
Examining data/libguytools2-2.1.0/include/toolconstants.h
Examining data/libguytools2-2.1.0/include/toolcfg.h
Examining data/libguytools2-2.1.0/include/toolglobalid.h
Examining data/libguytools2-2.1.0/include/toollog.h
Examining data/libguytools2-2.1.0/include/toolsignal.h
Examining data/libguytools2-2.1.0/include/toolsysinfo.h
Examining data/libguytools2-2.1.0/include/tooltypes.h
FINAL RESULTS:
data/libguytools2-2.1.0/include/toolerror.h:128:145: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
APIRET ToolErrorLog (char const *pFileName, char const *pFunctionName, int LineNr, const char * pFormat, ...) __attribute__ ((format (printf, 4, 5)));
data/libguytools2-2.1.0/include/toollog.h:54:155: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static void Entry (t_Level Level, const char *pFileName, const char *pFunctionName, int LineNr, const char *pFormat, ...) __attribute__ ((format (printf, 5, 6)));
data/libguytools2-2.1.0/toolcfg.cpp:279:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf (pBuff, "[%*s^%*s]", Cursor, "", LineLen-Cursor-1, "");
data/libguytools2-2.1.0/toolcfg.cpp:340:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy (pDst, pSrc);
data/libguytools2-2.1.0/toolcfg.cpp:501:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy (pDstStr + *pCumulLen, pSrcStr);
data/libguytools2-2.1.0/toolcfg.cpp:738:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy (pTmp, ToolCfgLocal.argv[i]);
data/libguytools2-2.1.0/toolcfg.cpp:785:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy (&ToolCfgLocal.TempFileName[0], &pCfgContext->FileName[0]);
data/libguytools2-2.1.0/toolcfg.cpp:1665:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (&(ToolCfgLocal.GlobalSectionNameArr[i][0]), pSectionName);
data/libguytools2-2.1.0/toolcfg.cpp:2196:32: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case CFGTYPE_PRESENCE:sprintf (pBuff, "%s" , *(int *)pCfgDataDesc->DestAddr ? "present" : "not present"); break;
data/libguytools2-2.1.0/toolcfg.cpp:2199:32: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case CFGTYPE_STRING: sprintf (pBuff, "%s" , (char *)pCfgDataDesc->DestAddr); break;
data/libguytools2-2.1.0/toolcfg.cpp:2205:37: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf (pBuff, "%s", pSetString);
data/libguytools2-2.1.0/toolcfg.cpp:2271:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
wr = sprintf (pBuff, "%s = ", pCfgDataDesc->pName);
data/libguytools2-2.1.0/toolerror.cpp:77:7: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (pFormat, VaList);
data/libguytools2-2.1.0/toollog.cpp:75:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pLogFilename, pFileName);
data/libguytools2-2.1.0/toollog.cpp:141:13: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (pFile, pFormat, pArguments);
data/libguytools2-2.1.0/toollog.cpp:150:10: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (pFormat, pArguments);
data/libguytools2-2.1.0/toolsignal.cpp:85:7: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (pFormat, VaList);
data/libguytools2-2.1.0/toolsysinfo.cpp:89:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (Ifr.ifr_name, pIfr->ifr_name);
data/libguytools2-2.1.0/include/toolsysinfo.h:43:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char AddrVal [TOOLSYSINFO_MACADDRLEN_VAL ];
data/libguytools2-2.1.0/include/toolsysinfo.h:44:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AddrStr [TOOLSYSINFO_MACADDRLEN_STR+1];
data/libguytools2-2.1.0/toolcfg.cpp:125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char t_ToolCfgSectionName[MAX_SECTIONNAME_LEN+1];
data/libguytools2-2.1.0/toolcfg.cpp:516:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (pTmp, "[%02d:%02d:%02d..%02d:%02d:%02d]", MinVal/3600, (MinVal/60)%60, MinVal%60,
data/libguytools2-2.1.0/toolcfg.cpp:539:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (pTmp, "[%d..%d] | [0x%X..0x%X]",
data/libguytools2-2.1.0/toolcfg.cpp:553:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (pTmp, "[%G..%G]", pCfgDataDesc->MinValue, pCfgDataDesc->MaxValue);
data/libguytools2-2.1.0/toolcfg.cpp:565:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (pTmp, "'<MaxStringLength=%d>'", (t_int)pCfgDataDesc->DestLen);
data/libguytools2-2.1.0/toolcfg.cpp:790:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pCfgFile = fopen (&pCfgContext->FileName[0], "rb");
data/libguytools2-2.1.0/toolcfg.cpp:2189:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pBuff, "not initialized");
data/libguytools2-2.1.0/toolcfg.cpp:2197:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case CFGTYPE_INTEGER: sprintf (pBuff, "%d (0x%X)", *(int *)pCfgDataDesc->DestAddr, *(int *)pCfgDataDesc->DestAddr); break;
data/libguytools2-2.1.0/toolcfg.cpp:2198:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case CFGTYPE_DOUBLE: sprintf (pBuff, "%G" , *(double*)pCfgDataDesc->DestAddr); break;
data/libguytools2-2.1.0/toolcfg.cpp:2204:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pBuff, "Set str unknown for value %d", SetValue);
data/libguytools2-2.1.0/toolcfg.cpp:2208:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (pBuff, "%02d:%02d:%02d", Hms/3600, (Hms/60)%60, Hms%60);
data/libguytools2-2.1.0/toolcfg.cpp:2449:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pFile = fopen(pFileName, "wb");
data/libguytools2-2.1.0/toolcfg.cpp:2457:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
rc = sprintf (pTmp, "Configuration file template, created on ");
data/libguytools2-2.1.0/toolerror.cpp:151:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char TmpStr [20]; // Attention: This is not multi-threading compatible! Should be no problem, as TmpStr
data/libguytools2-2.1.0/toollog.cpp:54:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * LogLevelLookup [t_Log::Entries] = {"Debug", "Info", "Error"};
data/libguytools2-2.1.0/toollog.cpp:66:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char LogLineHeader[512];
data/libguytools2-2.1.0/toolsysinfo.cpp:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libguytools2-2.1.0/toolsysinfo.cpp:107:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy (Ifr.ifr_hwaddr.sa_data, &pMacAddr->AddrVal[0], TOOLSYSINFO_MACADDRLEN_VAL);
data/libguytools2-2.1.0/toolsysinfo.cpp:110:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wr += sprintf(&pMacAddr->AddrStr[wr], "%02X", pMacAddr->AddrVal[i]);
data/libguytools2-2.1.0/toolcfg.cpp:273:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LineLen = (t_int) strlen (pCfgContext->pActLine);
data/libguytools2-2.1.0/toolcfg.cpp:320:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
return strncpy (pDest, pSrc, DestLen-1);
data/libguytools2-2.1.0/toolcfg.cpp:331:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SrcLen = (t_int)strlen(pSrc);
data/libguytools2-2.1.0/toolcfg.cpp:371:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TableKeyLen = (t_int) strlen (pTableKeyWord);
data/libguytools2-2.1.0/toolcfg.cpp:502:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*pCumulLen) += (t_int)strlen (pSrcStr);
data/libguytools2-2.1.0/toolcfg.cpp:643:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NameLen = (t_int)strlen (pCfgDataDesc->pName);
data/libguytools2-2.1.0/toolcfg.cpp:724:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pCfgContext->BufferLen += (t_int) strlen (ToolCfgLocal.argv[i]) + 1; /* +1 for CR */
data/libguytools2-2.1.0/toolcfg.cpp:739:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTmp += strlen (ToolCfgLocal.argv[i]);
data/libguytools2-2.1.0/toolcfg.cpp:980:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pContext->FileName) == 0)
data/libguytools2-2.1.0/toolcfg.cpp:1047:90: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ChkInclude = ToolCfgStrNCmpNoCase (pKeyWord, KEYWORD_INCLUDE , (t_int) strlen (KEYWORD_INCLUDE )) == 0;
data/libguytools2-2.1.0/toolcfg.cpp:1048:90: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ChkIncludeOpt = ToolCfgStrNCmpNoCase (pKeyWord, KEYWORD_INCLUDE_OPT, (t_int) strlen (KEYWORD_INCLUDE_OPT)) == 0;
data/libguytools2-2.1.0/toolcfg.cpp:1061:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pFirstWord = pKeyWord + strlen (KEYWORD_INCLUDE_OPT);
data/libguytools2-2.1.0/toolcfg.cpp:1066:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pFirstWord = pKeyWord + strlen (KEYWORD_INCLUDE);
data/libguytools2-2.1.0/toolcfg.cpp:1071:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RemLineLen = strlen (pFirstWord);
data/libguytools2-2.1.0/toolcfg.cpp:1126:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ToolCfgStrNCmpNoCase (pKeyWord, KEYWORD_SECTIONSTART, (t_int) strlen (KEYWORD_SECTIONSTART)) == 0)
data/libguytools2-2.1.0/toolcfg.cpp:1128:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pFirstWord = pKeyWord + strlen (KEYWORD_SECTIONSTART);
data/libguytools2-2.1.0/toolcfg.cpp:1129:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RemLineLen = strlen (pFirstWord);
data/libguytools2-2.1.0/toolcfg.cpp:1177:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
KeyLen = (t_int) strlen (KEYWORD_SECTIONEND);
data/libguytools2-2.1.0/toolcfg.cpp:1203:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
KeyLenSectionStart = (t_int) strlen (KEYWORD_SECTIONSTART);
data/libguytools2-2.1.0/toolcfg.cpp:1204:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
KeyLenSectionEnd = (t_int) strlen (KEYWORD_SECTIONEND );
data/libguytools2-2.1.0/toolcfg.cpp:1599:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ParamLen == (t_int)strlen (pSetArray[i].pSetString))
data/libguytools2-2.1.0/toolcfg.cpp:1658:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pSectionName) > MAX_SECTIONNAME_LEN)
data/libguytools2-2.1.0/toolcfg.cpp:1679:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pSectionName) > MAX_SECTIONNAME_LEN)
data/libguytools2-2.1.0/toolcfg.cpp:1742:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
rcs = sscanf (pActLine, "%*s %64s %64s", pTableType, pTableName);
data/libguytools2-2.1.0/toolcfg.cpp:2312:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LineLen = (t_int) strlen (ToolCfgLocal.argv[i]);
data/libguytools2-2.1.0/toolcfg.cpp:2361:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LineLen = (t_int) strlen (pRemark);
data/libguytools2-2.1.0/toollog.cpp:74:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pLogFilename = (char *) malloc (strlen (pFileName)+1);
ANALYSIS SUMMARY:
Hits = 66
Lines analyzed = 4294 in approximately 0.25 seconds (16906 lines/second)
Physical Source Lines of Code (SLOC) = 2976
Hits@level = [0] 26 [1] 27 [2] 21 [3] 0 [4] 18 [5] 0
Hits@level+ = [0+] 92 [1+] 66 [2+] 39 [3+] 18 [4+] 18 [5+] 0
Hits/KSLOC@level+ = [0+] 30.914 [1+] 22.1774 [2+] 13.1048 [3+] 6.04839 [4+] 6.04839 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.