Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libzeep-3.0.5/msvc/stdafx.h Examining data/libzeep-3.0.5/msvc/targetver.h Examining data/libzeep-3.0.5/src/connection.cpp Examining data/libzeep-3.0.5/src/doctype.cpp Examining data/libzeep-3.0.5/src/document-expat.cpp Examining data/libzeep-3.0.5/src/document-expat.hpp Examining data/libzeep-3.0.5/src/document-imp.hpp Examining data/libzeep-3.0.5/src/document-libxml2.cpp Examining data/libzeep-3.0.5/src/document.cpp Examining data/libzeep-3.0.5/src/exception.cpp Examining data/libzeep-3.0.5/src/http-server.cpp Examining data/libzeep-3.0.5/src/md5.cpp Examining data/libzeep-3.0.5/src/message_parser.cpp Examining data/libzeep-3.0.5/src/node.cpp Examining data/libzeep-3.0.5/src/parser.cpp Examining data/libzeep-3.0.5/src/reply.cpp Examining data/libzeep-3.0.5/src/request.cpp Examining data/libzeep-3.0.5/src/soap-envelope.cpp Examining data/libzeep-3.0.5/src/soap-server.cpp Examining data/libzeep-3.0.5/src/unicode_support.cpp Examining data/libzeep-3.0.5/src/webapp-el.cpp Examining data/libzeep-3.0.5/src/webapp.cpp Examining data/libzeep-3.0.5/src/writer.cpp Examining data/libzeep-3.0.5/src/preforked-http-server.cpp Examining data/libzeep-3.0.5/src/xpath.cpp Examining data/libzeep-3.0.5/tests/src/parser-test.cpp Examining data/libzeep-3.0.5/tests/src/random-tests.cpp Examining data/libzeep-3.0.5/tests/src/unit-test-main.cpp Examining data/libzeep-3.0.5/tests/src/unit-test-serializer.cpp Examining data/libzeep-3.0.5/tests/src/xpath-test.cpp Examining data/libzeep-3.0.5/webapp-test.cpp Examining data/libzeep-3.0.5/zeep-test.cpp Examining data/libzeep-3.0.5/zeep/config.hpp Examining data/libzeep-3.0.5/zeep/dispatcher.hpp Examining data/libzeep-3.0.5/zeep/envelope.hpp Examining data/libzeep-3.0.5/zeep/exception.hpp Examining data/libzeep-3.0.5/zeep/http/connection.hpp Examining data/libzeep-3.0.5/zeep/http/header.hpp Examining data/libzeep-3.0.5/zeep/http/md5.hpp Examining data/libzeep-3.0.5/zeep/http/message_parser.hpp Examining data/libzeep-3.0.5/zeep/http/preforked-server.hpp Examining data/libzeep-3.0.5/zeep/http/reply.hpp Examining data/libzeep-3.0.5/zeep/http/request.hpp Examining data/libzeep-3.0.5/zeep/http/request_handler.hpp Examining data/libzeep-3.0.5/zeep/http/server.hpp Examining data/libzeep-3.0.5/zeep/http/webapp.hpp Examining data/libzeep-3.0.5/zeep/http/webapp/el.hpp Examining data/libzeep-3.0.5/zeep/server.hpp Examining data/libzeep-3.0.5/zeep/xml/doctype.hpp Examining data/libzeep-3.0.5/zeep/xml/document.hpp Examining data/libzeep-3.0.5/zeep/xml/node.hpp Examining data/libzeep-3.0.5/zeep/xml/parser.hpp Examining data/libzeep-3.0.5/zeep/xml/serialize.hpp Examining data/libzeep-3.0.5/zeep/xml/unicode_support.hpp Examining data/libzeep-3.0.5/zeep/xml/writer.hpp Examining data/libzeep-3.0.5/zeep/xml/xpath.hpp FINAL RESULTS: data/libzeep-3.0.5/src/connection.cpp:48:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::system::error_code& ec, size_t bytes_transferred) data/libzeep-3.0.5/src/connection.cpp:94:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void connection::handle_write(const boost::system::error_code& ec) data/libzeep-3.0.5/src/exception.cpp:74:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(msg_buffer, sizeof(msg_buffer), message, vl); data/libzeep-3.0.5/src/http-server.cpp:164:41: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void server::handle_accept(const boost::system::error_code& ec) data/libzeep-3.0.5/src/preforked-http-server.cpp:325:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void preforked_server::handle_accept(const boost::system::error_code& ec) data/libzeep-3.0.5/zeep/http/connection.hpp:33:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void handle_read(const boost::system::error_code& ec, data/libzeep-3.0.5/zeep/http/connection.hpp:36:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void handle_write(const boost::system::error_code& ec); data/libzeep-3.0.5/zeep/http/preforked-server.hpp:73:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void handle_accept(const boost::system::error_code& ec); data/libzeep-3.0.5/zeep/http/server.hpp:80:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void handle_accept(const boost::system::error_code& ec); data/libzeep-3.0.5/src/webapp.cpp:92:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. boost::random::random_device rng; data/libzeep-3.0.5/src/document-expat.cpp:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/libzeep-3.0.5/src/document-expat.cpp:459:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/libzeep-3.0.5/src/exception.cpp:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buffer[1024]; data/libzeep-3.0.5/src/http-server.cpp:75:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char kURLAcceptable[96] = data/libzeep-3.0.5/src/http-server.cpp:129:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_acceptor->open(endpoint.protocol()); data/libzeep-3.0.5/src/md5.cpp:24:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_data + m_data_length, p, n); data/libzeep-3.0.5/src/md5.cpp:45:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_data, p, length); data/libzeep-3.0.5/src/parser.cpp:300:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ch[3]; data/libzeep-3.0.5/src/parser.cpp:411:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ch[3]; data/libzeep-3.0.5/src/parser.cpp:924:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch[2] = { data/libzeep-3.0.5/src/parser.cpp:932:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch[3] = { data/libzeep-3.0.5/src/parser.cpp:941:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch[4] = { data/libzeep-3.0.5/src/preforked-http-server.cpp:121:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_acceptor.open(endpoint.protocol()); data/libzeep-3.0.5/src/preforked-http-server.cpp:225:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[16]; data/libzeep-3.0.5/src/preforked-http-server.cpp:227:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(int))]; data/libzeep-3.0.5/src/preforked-http-server.cpp:284:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[16]; data/libzeep-3.0.5/src/preforked-http-server.cpp:286:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(native_handle_type))]; data/libzeep-3.0.5/src/webapp-el.cpp:1203:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ch[5]; data/libzeep-3.0.5/src/webapp.cpp:454:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[1024] = ""; data/libzeep-3.0.5/src/xpath.cpp:1814:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ch[5]; data/libzeep-3.0.5/zeep/http/webapp.hpp:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_realm[256]; ///< Realm for which the authorization failed data/libzeep-3.0.5/zeep/xml/unicode_support.hpp:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch[2] = { data/libzeep-3.0.5/zeep/xml/unicode_support.hpp:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch[3] = { data/libzeep-3.0.5/zeep/xml/unicode_support.hpp:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch[4] = { data/libzeep-3.0.5/src/document-expat.cpp:232:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data.read(buffer, k); data/libzeep-3.0.5/src/document-expat.cpp:466:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data.read(buffer, k); data/libzeep-3.0.5/src/document-libxml2.cpp:251:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data.read(&buffer[0], length); data/libzeep-3.0.5/src/document-libxml2.cpp:298:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(is); data/libzeep-3.0.5/src/document-libxml2.cpp:304:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(is); data/libzeep-3.0.5/src/document.cpp:317:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(is); data/libzeep-3.0.5/src/document.cpp:323:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(is); data/libzeep-3.0.5/src/document.cpp:329:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(is, base_dir); data/libzeep-3.0.5/src/document.cpp:342:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void document::read(const string& s) data/libzeep-3.0.5/src/document.cpp:345:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(is); data/libzeep-3.0.5/src/document.cpp:348:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void document::read(istream& is) data/libzeep-3.0.5/src/document.cpp:353:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void document::read(istream& is, const boost::filesystem::path& base_dir) data/libzeep-3.0.5/src/document.cpp:499:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rhs.read(lhs); data/libzeep-3.0.5/src/request.cpp:185:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string::size_type nlen = strlen(name); data/libzeep-3.0.5/src/request.cpp:226:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string boundary = contentType.substr(b + strlen("boundary=")); data/libzeep-3.0.5/src/soap-server.cpp:56:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). doc.read(req.payload); data/libzeep-3.0.5/src/webapp-el.cpp:200:15: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. virtual bool equal(const object_iterator_impl* other) data/libzeep-3.0.5/src/webapp.cpp:470:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(msg, lpMsgBuf, sizeof(msg)); data/libzeep-3.0.5/src/webapp.cpp:482:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). doc.read(data); data/libzeep-3.0.5/src/webapp.cpp:897:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). doc.read(xml); data/libzeep-3.0.5/tests/src/parser-test.cpp:78:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). a.read(s1); data/libzeep-3.0.5/tests/src/parser-test.cpp:82:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b.read(s2); data/libzeep-3.0.5/tests/src/parser-test.cpp:157:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). doc.read(is); data/libzeep-3.0.5/tests/src/parser-test.cpp:200:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). doc.read(is); data/libzeep-3.0.5/tests/src/parser-test.cpp:326:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). doc.read(file); data/libzeep-3.0.5/zeep/http/webapp/el.hpp:379:15: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. virtual bool equal(const object_iterator_impl* other) = 0; data/libzeep-3.0.5/zeep/http/webapp/el.hpp:508:20: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. result = m_impl->equal(o.m_impl); data/libzeep-3.0.5/zeep/http/webapp/el.hpp:521:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. result = not m_impl->equal(o.m_impl); data/libzeep-3.0.5/zeep/xml/document.hpp:73:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(const std::string& s); ///< Replace the content of the document with the parsed XML in \a s data/libzeep-3.0.5/zeep/xml/document.hpp:74:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(std::istream& is); ///< Replace the content of the document with the parsed XML in \a is data/libzeep-3.0.5/zeep/xml/document.hpp:75:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(std::istream& is, const boost::filesystem::path& base_dir); data/libzeep-3.0.5/zeep/xml/serialize.hpp:892:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name == nullptr or strlen(name) == 0 or strcmp(name, ".") == 0) data/libzeep-3.0.5/zeep/xml/serialize.hpp:905:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (e == nullptr or (name != nullptr and strlen(name) > 0 and strcmp(name, ".") != 0)) ANALYSIS SUMMARY: Hits = 67 Lines analyzed = 23279 in approximately 0.45 seconds (51552 lines/second) Physical Source Lines of Code (SLOC) = 17337 Hits@level = [0] 1 [1] 33 [2] 24 [3] 1 [4] 9 [5] 0 Hits@level+ = [0+] 68 [1+] 67 [2+] 34 [3+] 10 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 3.92225 [1+] 3.86457 [2+] 1.96112 [3+] 0.576801 [4+] 0.519121 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.