Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libzeep-3.0.5/msvc/stdafx.h
Examining data/libzeep-3.0.5/msvc/targetver.h
Examining data/libzeep-3.0.5/src/connection.cpp
Examining data/libzeep-3.0.5/src/doctype.cpp
Examining data/libzeep-3.0.5/src/document-expat.cpp
Examining data/libzeep-3.0.5/src/document-expat.hpp
Examining data/libzeep-3.0.5/src/document-imp.hpp
Examining data/libzeep-3.0.5/src/document-libxml2.cpp
Examining data/libzeep-3.0.5/src/document.cpp
Examining data/libzeep-3.0.5/src/exception.cpp
Examining data/libzeep-3.0.5/src/http-server.cpp
Examining data/libzeep-3.0.5/src/md5.cpp
Examining data/libzeep-3.0.5/src/message_parser.cpp
Examining data/libzeep-3.0.5/src/node.cpp
Examining data/libzeep-3.0.5/src/parser.cpp
Examining data/libzeep-3.0.5/src/reply.cpp
Examining data/libzeep-3.0.5/src/request.cpp
Examining data/libzeep-3.0.5/src/soap-envelope.cpp
Examining data/libzeep-3.0.5/src/soap-server.cpp
Examining data/libzeep-3.0.5/src/unicode_support.cpp
Examining data/libzeep-3.0.5/src/webapp-el.cpp
Examining data/libzeep-3.0.5/src/webapp.cpp
Examining data/libzeep-3.0.5/src/writer.cpp
Examining data/libzeep-3.0.5/src/preforked-http-server.cpp
Examining data/libzeep-3.0.5/src/xpath.cpp
Examining data/libzeep-3.0.5/tests/src/parser-test.cpp
Examining data/libzeep-3.0.5/tests/src/random-tests.cpp
Examining data/libzeep-3.0.5/tests/src/unit-test-main.cpp
Examining data/libzeep-3.0.5/tests/src/unit-test-serializer.cpp
Examining data/libzeep-3.0.5/tests/src/xpath-test.cpp
Examining data/libzeep-3.0.5/webapp-test.cpp
Examining data/libzeep-3.0.5/zeep-test.cpp
Examining data/libzeep-3.0.5/zeep/config.hpp
Examining data/libzeep-3.0.5/zeep/dispatcher.hpp
Examining data/libzeep-3.0.5/zeep/envelope.hpp
Examining data/libzeep-3.0.5/zeep/exception.hpp
Examining data/libzeep-3.0.5/zeep/http/connection.hpp
Examining data/libzeep-3.0.5/zeep/http/header.hpp
Examining data/libzeep-3.0.5/zeep/http/md5.hpp
Examining data/libzeep-3.0.5/zeep/http/message_parser.hpp
Examining data/libzeep-3.0.5/zeep/http/preforked-server.hpp
Examining data/libzeep-3.0.5/zeep/http/reply.hpp
Examining data/libzeep-3.0.5/zeep/http/request.hpp
Examining data/libzeep-3.0.5/zeep/http/request_handler.hpp
Examining data/libzeep-3.0.5/zeep/http/server.hpp
Examining data/libzeep-3.0.5/zeep/http/webapp.hpp
Examining data/libzeep-3.0.5/zeep/http/webapp/el.hpp
Examining data/libzeep-3.0.5/zeep/server.hpp
Examining data/libzeep-3.0.5/zeep/xml/doctype.hpp
Examining data/libzeep-3.0.5/zeep/xml/document.hpp
Examining data/libzeep-3.0.5/zeep/xml/node.hpp
Examining data/libzeep-3.0.5/zeep/xml/parser.hpp
Examining data/libzeep-3.0.5/zeep/xml/serialize.hpp
Examining data/libzeep-3.0.5/zeep/xml/unicode_support.hpp
Examining data/libzeep-3.0.5/zeep/xml/writer.hpp
Examining data/libzeep-3.0.5/zeep/xml/xpath.hpp
FINAL RESULTS:
data/libzeep-3.0.5/src/connection.cpp:48:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::system::error_code& ec, size_t bytes_transferred)
data/libzeep-3.0.5/src/connection.cpp:94:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void connection::handle_write(const boost::system::error_code& ec)
data/libzeep-3.0.5/src/exception.cpp:74:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg_buffer, sizeof(msg_buffer), message, vl);
data/libzeep-3.0.5/src/http-server.cpp:164:41: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void server::handle_accept(const boost::system::error_code& ec)
data/libzeep-3.0.5/src/preforked-http-server.cpp:325:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void preforked_server::handle_accept(const boost::system::error_code& ec)
data/libzeep-3.0.5/zeep/http/connection.hpp:33:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void handle_read(const boost::system::error_code& ec,
data/libzeep-3.0.5/zeep/http/connection.hpp:36:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void handle_write(const boost::system::error_code& ec);
data/libzeep-3.0.5/zeep/http/preforked-server.hpp:73:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void handle_accept(const boost::system::error_code& ec);
data/libzeep-3.0.5/zeep/http/server.hpp:80:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void handle_accept(const boost::system::error_code& ec);
data/libzeep-3.0.5/src/webapp.cpp:92:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::random_device rng;
data/libzeep-3.0.5/src/document-expat.cpp:225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libzeep-3.0.5/src/document-expat.cpp:459:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libzeep-3.0.5/src/exception.cpp:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_buffer[1024];
data/libzeep-3.0.5/src/http-server.cpp:75:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char kURLAcceptable[96] =
data/libzeep-3.0.5/src/http-server.cpp:129:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_acceptor->open(endpoint.protocol());
data/libzeep-3.0.5/src/md5.cpp:24:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data + m_data_length, p, n);
data/libzeep-3.0.5/src/md5.cpp:45:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data, p, length);
data/libzeep-3.0.5/src/parser.cpp:300:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ch[3];
data/libzeep-3.0.5/src/parser.cpp:411:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ch[3];
data/libzeep-3.0.5/src/parser.cpp:924:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[2] = {
data/libzeep-3.0.5/src/parser.cpp:932:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[3] = {
data/libzeep-3.0.5/src/parser.cpp:941:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[4] = {
data/libzeep-3.0.5/src/preforked-http-server.cpp:121:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_acceptor.open(endpoint.protocol());
data/libzeep-3.0.5/src/preforked-http-server.cpp:225:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[16];
data/libzeep-3.0.5/src/preforked-http-server.cpp:227:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(int))];
data/libzeep-3.0.5/src/preforked-http-server.cpp:284:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[16];
data/libzeep-3.0.5/src/preforked-http-server.cpp:286:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char control[CMSG_SPACE(sizeof(native_handle_type))];
data/libzeep-3.0.5/src/webapp-el.cpp:1203:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ch[5];
data/libzeep-3.0.5/src/webapp.cpp:454:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024] = "";
data/libzeep-3.0.5/src/xpath.cpp:1814:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ch[5];
data/libzeep-3.0.5/zeep/http/webapp.hpp:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_realm[256]; ///< Realm for which the authorization failed
data/libzeep-3.0.5/zeep/xml/unicode_support.hpp:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[2] = {
data/libzeep-3.0.5/zeep/xml/unicode_support.hpp:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[3] = {
data/libzeep-3.0.5/zeep/xml/unicode_support.hpp:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch[4] = {
data/libzeep-3.0.5/src/document-expat.cpp:232:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data.read(buffer, k);
data/libzeep-3.0.5/src/document-expat.cpp:466:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data.read(buffer, k);
data/libzeep-3.0.5/src/document-libxml2.cpp:251:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data.read(&buffer[0], length);
data/libzeep-3.0.5/src/document-libxml2.cpp:298:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(is);
data/libzeep-3.0.5/src/document-libxml2.cpp:304:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(is);
data/libzeep-3.0.5/src/document.cpp:317:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(is);
data/libzeep-3.0.5/src/document.cpp:323:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(is);
data/libzeep-3.0.5/src/document.cpp:329:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(is, base_dir);
data/libzeep-3.0.5/src/document.cpp:342:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void document::read(const string& s)
data/libzeep-3.0.5/src/document.cpp:345:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(is);
data/libzeep-3.0.5/src/document.cpp:348:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void document::read(istream& is)
data/libzeep-3.0.5/src/document.cpp:353:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void document::read(istream& is, const boost::filesystem::path& base_dir)
data/libzeep-3.0.5/src/document.cpp:499:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rhs.read(lhs);
data/libzeep-3.0.5/src/request.cpp:185:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string::size_type nlen = strlen(name);
data/libzeep-3.0.5/src/request.cpp:226:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string boundary = contentType.substr(b + strlen("boundary="));
data/libzeep-3.0.5/src/soap-server.cpp:56:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
doc.read(req.payload);
data/libzeep-3.0.5/src/webapp-el.cpp:200:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
virtual bool equal(const object_iterator_impl* other)
data/libzeep-3.0.5/src/webapp.cpp:470:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(msg, lpMsgBuf, sizeof(msg));
data/libzeep-3.0.5/src/webapp.cpp:482:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
doc.read(data);
data/libzeep-3.0.5/src/webapp.cpp:897:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
doc.read(xml);
data/libzeep-3.0.5/tests/src/parser-test.cpp:78:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
a.read(s1);
data/libzeep-3.0.5/tests/src/parser-test.cpp:82:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b.read(s2);
data/libzeep-3.0.5/tests/src/parser-test.cpp:157:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
doc.read(is);
data/libzeep-3.0.5/tests/src/parser-test.cpp:200:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
doc.read(is);
data/libzeep-3.0.5/tests/src/parser-test.cpp:326:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
doc.read(file);
data/libzeep-3.0.5/zeep/http/webapp/el.hpp:379:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
virtual bool equal(const object_iterator_impl* other) = 0;
data/libzeep-3.0.5/zeep/http/webapp/el.hpp:508:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
result = m_impl->equal(o.m_impl);
data/libzeep-3.0.5/zeep/http/webapp/el.hpp:521:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
result = not m_impl->equal(o.m_impl);
data/libzeep-3.0.5/zeep/xml/document.hpp:73:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const std::string& s); ///< Replace the content of the document with the parsed XML in \a s
data/libzeep-3.0.5/zeep/xml/document.hpp:74:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(std::istream& is); ///< Replace the content of the document with the parsed XML in \a is
data/libzeep-3.0.5/zeep/xml/document.hpp:75:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(std::istream& is, const boost::filesystem::path& base_dir);
data/libzeep-3.0.5/zeep/xml/serialize.hpp:892:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name == nullptr or strlen(name) == 0 or strcmp(name, ".") == 0)
data/libzeep-3.0.5/zeep/xml/serialize.hpp:905:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (e == nullptr or (name != nullptr and strlen(name) > 0 and strcmp(name, ".") != 0))
ANALYSIS SUMMARY:
Hits = 67
Lines analyzed = 23279 in approximately 0.45 seconds (51552 lines/second)
Physical Source Lines of Code (SLOC) = 17337
Hits@level = [0] 1 [1] 33 [2] 24 [3] 1 [4] 9 [5] 0
Hits@level+ = [0+] 68 [1+] 67 [2+] 34 [3+] 10 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 3.92225 [1+] 3.86457 [2+] 1.96112 [3+] 0.576801 [4+] 0.519121 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.