Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nginx-confgen-2.0/nginx-confgen.c
FINAL RESULTS:
data/nginx-confgen-2.0/nginx-confgen.c:80:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((noreturn, format(printf, 2, 3)))
data/nginx-confgen-2.0/nginx-confgen.c:85:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, arg);
data/nginx-confgen-2.0/nginx-confgen.c:496:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, name);
data/nginx-confgen-2.0/nginx-confgen.c:497:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf+strlen(name)+1, val);
data/nginx-confgen-2.0/nginx-confgen.c:1057:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt_long(argc, argv, "hVi:o:I:", long_options, NULL)) >= 0) {
data/nginx-confgen-2.0/nginx-confgen.c:124:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*t, a, sizeof(struct cfg_arg));
data/nginx-confgen-2.0/nginx-confgen.c:139:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*t, d, sizeof(struct cfg_directive));
data/nginx-confgen-2.0/nginx-confgen.c:265:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, ctx->buf+start, ctx->pos-start);
data/nginx-confgen-2.0/nginx-confgen.c:316:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*arg)->data, ctx->buf+arg_start, ctx->pos-arg_start);
data/nginx-confgen-2.0/nginx-confgen.c:330:46: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = strcmp(ctx->fn, "-") == 0 ? 0 : open(ctx->fn, 0);
data/nginx-confgen-2.0/nginx-confgen.c:474:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r.vars, d.vars, sizeof(*r.vars)*r.varlen);
data/nginx-confgen-2.0/nginx-confgen.c:476:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r.macros, d.macros, sizeof(*r.macros)*r.macrolen);
data/nginx-confgen-2.0/nginx-confgen.c:657:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf, *argv[4];
data/nginx-confgen-2.0/nginx-confgen.c:747:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp, buf[1024];
data/nginx-confgen-2.0/nginx-confgen.c:777:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, a+match[i].rm_so, len);
data/nginx-confgen-2.0/nginx-confgen.c:835:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *arg[3];
data/nginx-confgen-2.0/nginx-confgen.c:1105:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if((out_fh = fopen(output, "w")) == NULL) {
data/nginx-confgen-2.0/nginx-confgen.c:103:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((r = read(fd, *buf+buflen, bufsize-buflen-1)) > 0) {
data/nginx-confgen-2.0/nginx-confgen.c:431:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ret = malloc(strlen(str)+1); /* Unquoted string will never be larger than the quoted version */
data/nginx-confgen-2.0/nginx-confgen.c:446:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ret = malloc(strlen(str)*2+1); /* Overly conservative, but w/e */
data/nginx-confgen-2.0/nginx-confgen.c:487:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ctx->data->vars[i]) == varlen && memcmp(ctx->data->vars[i], varname, varlen) == 0)
data/nginx-confgen-2.0/nginx-confgen.c:495:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = malloc(strlen(name)+strlen(val)+2);
data/nginx-confgen-2.0/nginx-confgen.c:495:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = malloc(strlen(name)+strlen(val)+2);
data/nginx-confgen-2.0/nginx-confgen.c:497:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(buf+strlen(name)+1, val);
data/nginx-confgen-2.0/nginx-confgen.c:536:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = 0, size = strlen(str)+1, varlen;
data/nginx-confgen-2.0/nginx-confgen.c:621:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(*inc) + strlen(arg) + 2;
data/nginx-confgen-2.0/nginx-confgen.c:621:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(*inc) + strlen(arg) + 2;
data/nginx-confgen-2.0/nginx-confgen.c:650:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(*c->args->data != '$' || str_varname(c->args->data+1) != strlen(c->args->data+1))
data/nginx-confgen-2.0/nginx-confgen.c:669:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(*c->args->data != '$' || str_varname(c->args->data+1) != strlen(c->args->data+1))
data/nginx-confgen-2.0/nginx-confgen.c:689:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) != len)
data/nginx-confgen-2.0/nginx-confgen.c:726:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(arg->data[strlen(arg->data)-1] != ')')
data/nginx-confgen-2.0/nginx-confgen.c:728:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg->data[strlen(arg->data)-1] = 0;
data/nginx-confgen-2.0/nginx-confgen.c:757:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = regcomp(®, b, REG_EXTENDED | (op[strlen(op)-1] == '*' ? REG_ICASE : 0));
data/nginx-confgen-2.0/nginx-confgen.c:872:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(c->args->data) != str_varname(c->args->data))
data/nginx-confgen-2.0/nginx-confgen.c:881:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!a->data[1] || strlen(a->data+1) != str_varname(a->data+1))
ANALYSIS SUMMARY:
Hits = 35
Lines analyzed = 1112 in approximately 0.04 seconds (25022 lines/second)
Physical Source Lines of Code (SLOC) = 870
Hits@level = [0] 8 [1] 18 [2] 12 [3] 1 [4] 4 [5] 0
Hits@level+ = [0+] 43 [1+] 35 [2+] 17 [3+] 5 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 49.4253 [1+] 40.2299 [2+] 19.5402 [3+] 5.74713 [4+] 4.5977 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.