Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/otpclient-2.3.2/src/add-common.c
Examining data/otpclient-2.3.2/src/add-common.h
Examining data/otpclient-2.3.2/src/add-from-qr.c
Examining data/otpclient-2.3.2/src/aegis.c
Examining data/otpclient-2.3.2/src/andotp.c
Examining data/otpclient-2.3.2/src/app.c
Examining data/otpclient-2.3.2/src/authplus.c
Examining data/otpclient-2.3.2/src/cli/get-data.c
Examining data/otpclient-2.3.2/src/cli/get-data.h
Examining data/otpclient-2.3.2/src/cli/help.c
Examining data/otpclient-2.3.2/src/cli/help.h
Examining data/otpclient-2.3.2/src/cli/main.c
Examining data/otpclient-2.3.2/src/common/common.c
Examining data/otpclient-2.3.2/src/common/common.h
Examining data/otpclient-2.3.2/src/data.h
Examining data/otpclient-2.3.2/src/db-misc.c
Examining data/otpclient-2.3.2/src/db-misc.h
Examining data/otpclient-2.3.2/src/edit-data.c
Examining data/otpclient-2.3.2/src/exports.c
Examining data/otpclient-2.3.2/src/exports.h
Examining data/otpclient-2.3.2/src/file-size.c
Examining data/otpclient-2.3.2/src/file-size.h
Examining data/otpclient-2.3.2/src/freeotp.c
Examining data/otpclient-2.3.2/src/get-builder.c
Examining data/otpclient-2.3.2/src/get-builder.h
Examining data/otpclient-2.3.2/src/gquarks.c
Examining data/otpclient-2.3.2/src/gquarks.h
Examining data/otpclient-2.3.2/src/gui-common.c
Examining data/otpclient-2.3.2/src/gui-common.h
Examining data/otpclient-2.3.2/src/imports.c
Examining data/otpclient-2.3.2/src/imports.h
Examining data/otpclient-2.3.2/src/liststore-misc.c
Examining data/otpclient-2.3.2/src/liststore-misc.h
Examining data/otpclient-2.3.2/src/lock-app.c
Examining data/otpclient-2.3.2/src/lock-app.h
Examining data/otpclient-2.3.2/src/main.c
Examining data/otpclient-2.3.2/src/manual-add-cb.c
Examining data/otpclient-2.3.2/src/manual-add-cb.h
Examining data/otpclient-2.3.2/src/message-dialogs.c
Examining data/otpclient-2.3.2/src/message-dialogs.h
Examining data/otpclient-2.3.2/src/otpclient.h
Examining data/otpclient-2.3.2/src/parse-data.c
Examining data/otpclient-2.3.2/src/parse-uri.c
Examining data/otpclient-2.3.2/src/parse-uri.h
Examining data/otpclient-2.3.2/src/password-cb.c
Examining data/otpclient-2.3.2/src/password-cb.h
Examining data/otpclient-2.3.2/src/qrcode-parser.c
Examining data/otpclient-2.3.2/src/qrcode-parser.h
Examining data/otpclient-2.3.2/src/screenshot-add-cb.c
Examining data/otpclient-2.3.2/src/settings.c
Examining data/otpclient-2.3.2/src/shortcuts.c
Examining data/otpclient-2.3.2/src/treeview.c
Examining data/otpclient-2.3.2/src/treeview.h
Examining data/otpclient-2.3.2/src/webcam-add-cb.c
FINAL RESULTS:
data/otpclient-2.3.2/src/add-from-qr.c:180:45: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gchar *filename = g_build_filename (g_get_tmp_dir (), "qrcode_from_cb.png", NULL);
data/otpclient-2.3.2/src/andotp.c:235:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned) time(&t));
data/otpclient-2.3.2/src/exports.c:21:16: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
base_dir = g_get_home_dir ();
data/otpclient-2.3.2/src/screenshot-add-cb.c:46:41: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gchar *filename = g_build_filename (g_get_tmp_dir (), "qrcode.png", NULL);
data/otpclient-2.3.2/src/add-from-qr.c:163:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (file_path, uris[0] + 7, len_fpath);
data/otpclient-2.3.2/src/aegis.c:89:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen (export_path, "w");
data/otpclient-2.3.2/src/andotp.c:213:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen (export_path, "w");
data/otpclient-2.3.2/src/freeotp.c:36:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen (export_path, "w");
data/otpclient-2.3.2/src/gui-common.c:33:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sec_buf, src, strlen (src) + 1);
data/otpclient-2.3.2/src/add-common.c:43:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (otp->secret) == 0) {
data/otpclient-2.3.2/src/common/common.c:89:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_snprintf (tmp_string + strlen (tmp_string), 256, "%ld", (gint64) v);
data/otpclient-2.3.2/src/common/common.c:95:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint32 hash = jenkins_one_at_a_time_hash (tmp_string, strlen (tmp_string) + 1);
data/otpclient-2.3.2/src/db-misc.c:208:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize input_data_len = strlen (in_memory_json) + 1;
data/otpclient-2.3.2/src/db-misc.c:336:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize pwd_len = strlen (pwd) + 1;
data/otpclient-2.3.2/src/freeotp.c:87:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (uri->str, strlen (uri->str), 1, fp);
data/otpclient-2.3.2/src/gui-common.c:32:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *sec_buf = gcry_calloc_secure (strlen (src) + 1, 1);
data/otpclient-2.3.2/src/gui-common.c:33:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (sec_buf, src, strlen (src) + 1);
data/otpclient-2.3.2/src/parse-data.c:123:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (gint i = 0; i < strlen (string); i++) {
data/otpclient-2.3.2/src/parse-data.c:135:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (gint i = 0; i < strlen (string); i++) {
data/otpclient-2.3.2/src/password-cb.c:105:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen (entry_widgets->pwd) + 1;
data/otpclient-2.3.2/src/password-cb.c:107:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (pwd, entry_widgets->pwd, len);
data/otpclient-2.3.2/src/password-cb.c:154:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen (text) + 1;
data/otpclient-2.3.2/src/password-cb.c:156:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (*pwd, text, len);
ANALYSIS SUMMARY:
Hits = 23
Lines analyzed = 5298 in approximately 0.15 seconds (34745 lines/second)
Physical Source Lines of Code (SLOC) = 4381
Hits@level = [0] 1 [1] 14 [2] 5 [3] 4 [4] 0 [5] 0
Hits@level+ = [0+] 24 [1+] 23 [2+] 9 [3+] 4 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 5.4782 [1+] 5.24994 [2+] 2.05433 [3+] 0.913034 [4+] 0 [5+] 0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.