Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nautic-1.5/spa.h
Examining data/nautic-1.5/fund_args.h
Examining data/nautic-1.5/Info_Dlg.h
Examining data/nautic-1.5/sofam.h
Examining data/nautic-1.5/nutation.h
Examining data/nautic-1.5/gui.h
Examining data/nautic-1.5/julian_date.h
Examining data/nautic-1.5/src/Info_Dlg.cpp
Examining data/nautic-1.5/src/orbital_elements.cpp
Examining data/nautic-1.5/src/Sun.cpp
Examining data/nautic-1.5/src/nutation.cpp
Examining data/nautic-1.5/src/coordinate.cpp
Examining data/nautic-1.5/src/ge2000a_data.cpp
Examining data/nautic-1.5/src/julian_date.cpp
Examining data/nautic-1.5/src/spa.cpp
Examining data/nautic-1.5/src/gui.cpp
Examining data/nautic-1.5/src/un_known_star.cpp
Examining data/nautic-1.5/src/aberration.cpp
Examining data/nautic-1.5/src/delta_t.cpp
Examining data/nautic-1.5/src/precession.cpp
Examining data/nautic-1.5/src/sofa.cpp
Examining data/nautic-1.5/src/main.cpp
Examining data/nautic-1.5/src/Pos_dialog.cpp
Examining data/nautic-1.5/src/stars.cpp
Examining data/nautic-1.5/src/fund_arg.cpp
Examining data/nautic-1.5/src/h_correction.cpp
Examining data/nautic-1.5/src/about.cpp
Examining data/nautic-1.5/src/plot_dialog.cpp
Examining data/nautic-1.5/src/starpos.cpp
Examining data/nautic-1.5/starpos.h
Examining data/nautic-1.5/aberration.h
Examining data/nautic-1.5/delta_t.h
Examining data/nautic-1.5/orbital_elements.h
Examining data/nautic-1.5/h_correction.h
Examining data/nautic-1.5/Pos_dialog.h
Examining data/nautic-1.5/coordinate.h
Examining data/nautic-1.5/plot_dialog.h
Examining data/nautic-1.5/about.h
Examining data/nautic-1.5/un_known_star.h
Examining data/nautic-1.5/stars.h
Examining data/nautic-1.5/sun.h
Examining data/nautic-1.5/precession.h
Examining data/nautic-1.5/addings.h
Examining data/nautic-1.5/sofa.h
Examining data/nautic-1.5/kepler.h
Examining data/nautic-1.5/main.h
Examining data/nautic-1.5/moon.h
Examining data/nautic-1.5/plant.h
FINAL RESULTS:
data/nautic-1.5/src/starpos.cpp:4424:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,pathname);
data/nautic-1.5/src/starpos.cpp:4473:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( format, (char *) num );
data/nautic-1.5/src/starpos.cpp:4475:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( format, *(double *)num );
data/nautic-1.5/src/starpos.cpp:4477:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( format, *(int *)num );
data/nautic-1.5/src/starpos.cpp:4479:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf( format, *(long *)num );
data/nautic-1.5/src/starpos.cpp:4485:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf( s, format, num );
data/nautic-1.5/src/starpos.cpp:4532:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(el->obname,str);
data/nautic-1.5/src/un_known_star.cpp:100:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(starnam,pthname);
data/nautic-1.5/src/un_known_star.cpp:146:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(obname,str);
data/nautic-1.5/plant.h:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_harmonic[NARGS];
data/nautic-1.5/sofa.h:218:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int iauD2dtf(char *scale, int ndp, double d1, double d2,
data/nautic-1.5/sofa.h:251:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void iauA2af(int ndp, double angle, char *sign, int idmsf[4]);
data/nautic-1.5/sofa.h:252:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void iauA2tf(int ndp, double angle, char *sign, int ihmsf[4]);
data/nautic-1.5/sofa.h:256:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void iauD2tf(int ndp, double days, char *sign, int ihmsf[4]);
data/nautic-1.5/src/Sun.cpp:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *constell[89] = {
data/nautic-1.5/src/main.cpp:381:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = atoi(s);
data/nautic-1.5/src/main.cpp:453:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a = atoi(s);
data/nautic-1.5/src/starpos.cpp:91:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char starnam[80] = {'s','t','a','r','.','c','a','t','\0'};
data/nautic-1.5/src/starpos.cpp:92:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char orbnam[80] = {'o','r','b','i','t','.','c','a','t','\0'};
data/nautic-1.5/src/starpos.cpp:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obname[16]; /* name of the object */
data/nautic-1.5/src/starpos.cpp:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obname[32]; /* Object name (31 chars) */
data/nautic-1.5/src/starpos.cpp:355:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *months[12] = {
data/nautic-1.5/src/starpos.cpp:370:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *days[7] = {
data/nautic-1.5/src/starpos.cpp:621:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *greek[NGREEK] = {
data/nautic-1.5/src/starpos.cpp:647:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *constel[NCON] = {
data/nautic-1.5/src/starpos.cpp:4278:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[84];
data/nautic-1.5/src/starpos.cpp:4283:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen( "aa.ini", "r" );
data/nautic-1.5/src/starpos.cpp:4373:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[128], s2[128], *u, *v;
data/nautic-1.5/src/starpos.cpp:4429:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(name, "r" );
data/nautic-1.5/src/starpos.cpp:4469:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[40];
data/nautic-1.5/src/starpos.cpp:4493:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/nautic-1.5/src/starpos.cpp:4499:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10];
data/nautic-1.5/src/starpos.cpp:4610:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ans[80];
data/nautic-1.5/src/starpos.cpp:4631:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
g =(char *) greek[i];
data/nautic-1.5/src/starpos.cpp:4655:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
g =(char *)constel[i];
data/nautic-1.5/src/un_known_star.cpp:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char starnam[80] = {'s','t','n','a','m','\0'};
data/nautic-1.5/src/un_known_star.cpp:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obname[32]; /* Object name (31 chars) */
data/nautic-1.5/src/un_known_star.cpp:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obname[32];
data/nautic-1.5/src/un_known_star.cpp:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/nautic-1.5/src/un_known_star.cpp:101:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(starnam, "r" );
data/nautic-1.5/kepler.h:163:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, len);
data/nautic-1.5/src/Pos_dialog.cpp:113:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!file.Open(pth,wxFile::read))
data/nautic-1.5/src/starpos.cpp:4391:1: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf( s2, "%lf %lf %lf %lf %lf %15s", &el->ecc, &el->M,
ANALYSIS SUMMARY:
Hits = 43
Lines analyzed = 32410 in approximately 1.04 seconds (31110 lines/second)
Physical Source Lines of Code (SLOC) = 21914
Hits@level = [0] 72 [1] 3 [2] 31 [3] 0 [4] 9 [5] 0
Hits@level+ = [0+] 115 [1+] 43 [2+] 40 [3+] 9 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 5.24779 [1+] 1.96222 [2+] 1.82532 [3+] 0.410696 [4+] 0.410696 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.