Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libportal-0.3+git20200925/libportal/account.c
Examining data/libportal-0.3+git20200925/libportal/account.h
Examining data/libportal-0.3+git20200925/libportal/background.c
Examining data/libportal-0.3+git20200925/libportal/background.h
Examining data/libportal-0.3+git20200925/libportal/camera.c
Examining data/libportal-0.3+git20200925/libportal/camera.h
Examining data/libportal-0.3+git20200925/libportal/docs.c
Examining data/libportal-0.3+git20200925/libportal/email.c
Examining data/libportal-0.3+git20200925/libportal/email.h
Examining data/libportal-0.3+git20200925/libportal/filechooser.c
Examining data/libportal-0.3+git20200925/libportal/filechooser.h
Examining data/libportal-0.3+git20200925/libportal/inhibit.c
Examining data/libportal-0.3+git20200925/libportal/inhibit.h
Examining data/libportal-0.3+git20200925/libportal/location.c
Examining data/libportal-0.3+git20200925/libportal/location.h
Examining data/libportal-0.3+git20200925/libportal/notification.c
Examining data/libportal-0.3+git20200925/libportal/notification.h
Examining data/libportal-0.3+git20200925/libportal/openuri.c
Examining data/libportal-0.3+git20200925/libportal/openuri.h
Examining data/libportal-0.3+git20200925/libportal/portal-gtk3.h
Examining data/libportal-0.3+git20200925/libportal/portal-gtk4.h
Examining data/libportal-0.3+git20200925/libportal/portal-helpers.h
Examining data/libportal-0.3+git20200925/libportal/portal-private.h
Examining data/libportal-0.3+git20200925/libportal/portal.c
Examining data/libportal-0.3+git20200925/libportal/portal.h
Examining data/libportal-0.3+git20200925/libportal/print.c
Examining data/libportal-0.3+git20200925/libportal/print.h
Examining data/libportal-0.3+git20200925/libportal/remote.c
Examining data/libportal-0.3+git20200925/libportal/remote.h
Examining data/libportal-0.3+git20200925/libportal/screenshot.c
Examining data/libportal-0.3+git20200925/libportal/screenshot.h
Examining data/libportal-0.3+git20200925/libportal/session-private.h
Examining data/libportal-0.3+git20200925/libportal/session.c
Examining data/libportal-0.3+git20200925/libportal/spawn.c
Examining data/libportal-0.3+git20200925/libportal/spawn.h
Examining data/libportal-0.3+git20200925/libportal/trash.c
Examining data/libportal-0.3+git20200925/libportal/trash.h
Examining data/libportal-0.3+git20200925/libportal/updates.c
Examining data/libportal-0.3+git20200925/libportal/updates.h
Examining data/libportal-0.3+git20200925/libportal/utils-private.h
Examining data/libportal-0.3+git20200925/libportal/utils.c
Examining data/libportal-0.3+git20200925/libportal/wallpaper.c
Examining data/libportal-0.3+git20200925/libportal/wallpaper.h
Examining data/libportal-0.3+git20200925/portal-test/main.c
Examining data/libportal-0.3+git20200925/portal-test/portal-linking-test.c
Examining data/libportal-0.3+git20200925/portal-test/portal-test-app.c
Examining data/libportal-0.3+git20200925/portal-test/portal-test-app.h
Examining data/libportal-0.3+git20200925/portal-test/portal-test-win.c
Examining data/libportal-0.3+git20200925/portal-test/portal-test-win.h
FINAL RESULTS:
data/libportal-0.3+git20200925/libportal/account.c:169:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/background.c:175:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/camera.c:180:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/email.c:215:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/filechooser.c:192:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/inhibit.c:175:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/inhibit.c:519:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/inhibit.c:536:48: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
session_token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/location.c:211:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/location.c:283:48: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
session_token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/openuri.c:184:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/print.c:197:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/remote.c:134:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/remote.c:209:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/remote.c:299:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/remote.c:312:48: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
session_token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/remote.c:589:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/screenshot.c:184:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/updates.c:191:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/libportal/wallpaper.c:199:40: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
token = g_strdup_printf ("portal%d", g_random_int_range (0, G_MAXINT));
data/libportal-0.3+git20200925/portal-test/portal-test-app.c:188:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *strv[3] = { "portal-test", "--replace", NULL };
data/libportal-0.3+git20200925/portal-test/portal-test-win.c:684:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *addresses[2];
data/libportal-0.3+git20200925/portal-test/portal-test-win.c:685:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cc[3];
data/libportal-0.3+git20200925/portal-test/portal-test-win.c:686:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *attachments[2];
data/libportal-0.3+git20200925/portal-test/portal-test-win.c:346:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (g_output_stream_write (stream, "test", strlen ("test"), NULL, error) < 0)
data/libportal-0.3+git20200925/portal-test/portal-test-win.c:367:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd, "test", strlen ("test")) < 0)
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 10397 in approximately 0.43 seconds (24424 lines/second)
Physical Source Lines of Code (SLOC) = 6803
Hits@level = [0] 0 [1] 2 [2] 4 [3] 20 [4] 0 [5] 0
Hits@level+ = [0+] 26 [1+] 26 [2+] 24 [3+] 20 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.82184 [1+] 3.82184 [2+] 3.52786 [3+] 2.93988 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.