Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/otpclient-2.3.2/src/add-common.c Examining data/otpclient-2.3.2/src/add-common.h Examining data/otpclient-2.3.2/src/add-from-qr.c Examining data/otpclient-2.3.2/src/aegis.c Examining data/otpclient-2.3.2/src/andotp.c Examining data/otpclient-2.3.2/src/app.c Examining data/otpclient-2.3.2/src/authplus.c Examining data/otpclient-2.3.2/src/cli/get-data.c Examining data/otpclient-2.3.2/src/cli/get-data.h Examining data/otpclient-2.3.2/src/cli/help.c Examining data/otpclient-2.3.2/src/cli/help.h Examining data/otpclient-2.3.2/src/cli/main.c Examining data/otpclient-2.3.2/src/common/common.c Examining data/otpclient-2.3.2/src/common/common.h Examining data/otpclient-2.3.2/src/data.h Examining data/otpclient-2.3.2/src/db-misc.c Examining data/otpclient-2.3.2/src/db-misc.h Examining data/otpclient-2.3.2/src/edit-data.c Examining data/otpclient-2.3.2/src/exports.c Examining data/otpclient-2.3.2/src/exports.h Examining data/otpclient-2.3.2/src/file-size.c Examining data/otpclient-2.3.2/src/file-size.h Examining data/otpclient-2.3.2/src/freeotp.c Examining data/otpclient-2.3.2/src/get-builder.c Examining data/otpclient-2.3.2/src/get-builder.h Examining data/otpclient-2.3.2/src/gquarks.c Examining data/otpclient-2.3.2/src/gquarks.h Examining data/otpclient-2.3.2/src/gui-common.c Examining data/otpclient-2.3.2/src/gui-common.h Examining data/otpclient-2.3.2/src/imports.c Examining data/otpclient-2.3.2/src/imports.h Examining data/otpclient-2.3.2/src/liststore-misc.c Examining data/otpclient-2.3.2/src/liststore-misc.h Examining data/otpclient-2.3.2/src/lock-app.c Examining data/otpclient-2.3.2/src/lock-app.h Examining data/otpclient-2.3.2/src/main.c Examining data/otpclient-2.3.2/src/manual-add-cb.c Examining data/otpclient-2.3.2/src/manual-add-cb.h Examining data/otpclient-2.3.2/src/message-dialogs.c Examining data/otpclient-2.3.2/src/message-dialogs.h Examining data/otpclient-2.3.2/src/otpclient.h Examining data/otpclient-2.3.2/src/parse-data.c Examining data/otpclient-2.3.2/src/parse-uri.c Examining data/otpclient-2.3.2/src/parse-uri.h Examining data/otpclient-2.3.2/src/password-cb.c Examining data/otpclient-2.3.2/src/password-cb.h Examining data/otpclient-2.3.2/src/qrcode-parser.c Examining data/otpclient-2.3.2/src/qrcode-parser.h Examining data/otpclient-2.3.2/src/screenshot-add-cb.c Examining data/otpclient-2.3.2/src/settings.c Examining data/otpclient-2.3.2/src/shortcuts.c Examining data/otpclient-2.3.2/src/treeview.c Examining data/otpclient-2.3.2/src/treeview.h Examining data/otpclient-2.3.2/src/webcam-add-cb.c FINAL RESULTS: data/otpclient-2.3.2/src/add-from-qr.c:180:45: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. gchar *filename = g_build_filename (g_get_tmp_dir (), "qrcode_from_cb.png", NULL); data/otpclient-2.3.2/src/andotp.c:235:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned) time(&t)); data/otpclient-2.3.2/src/exports.c:21:16: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. base_dir = g_get_home_dir (); data/otpclient-2.3.2/src/screenshot-add-cb.c:46:41: [3] (buffer) g_get_tmp_dir: This function is synonymous with 'getenv("TMP")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. gchar *filename = g_build_filename (g_get_tmp_dir (), "qrcode.png", NULL); data/otpclient-2.3.2/src/add-from-qr.c:163:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (file_path, uris[0] + 7, len_fpath); data/otpclient-2.3.2/src/aegis.c:89:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen (export_path, "w"); data/otpclient-2.3.2/src/andotp.c:213:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen (export_path, "w"); data/otpclient-2.3.2/src/freeotp.c:36:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen (export_path, "w"); data/otpclient-2.3.2/src/gui-common.c:33:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (sec_buf, src, strlen (src) + 1); data/otpclient-2.3.2/src/add-common.c:43:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (otp->secret) == 0) { data/otpclient-2.3.2/src/common/common.c:89:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_snprintf (tmp_string + strlen (tmp_string), 256, "%ld", (gint64) v); data/otpclient-2.3.2/src/common/common.c:95:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). guint32 hash = jenkins_one_at_a_time_hash (tmp_string, strlen (tmp_string) + 1); data/otpclient-2.3.2/src/db-misc.c:208:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize input_data_len = strlen (in_memory_json) + 1; data/otpclient-2.3.2/src/db-misc.c:336:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize pwd_len = strlen (pwd) + 1; data/otpclient-2.3.2/src/freeotp.c:87:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite (uri->str, strlen (uri->str), 1, fp); data/otpclient-2.3.2/src/gui-common.c:32:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gchar *sec_buf = gcry_calloc_secure (strlen (src) + 1, 1); data/otpclient-2.3.2/src/gui-common.c:33:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (sec_buf, src, strlen (src) + 1); data/otpclient-2.3.2/src/parse-data.c:123:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (gint i = 0; i < strlen (string); i++) { data/otpclient-2.3.2/src/parse-data.c:135:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (gint i = 0; i < strlen (string); i++) { data/otpclient-2.3.2/src/password-cb.c:105:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize len = strlen (entry_widgets->pwd) + 1; data/otpclient-2.3.2/src/password-cb.c:107:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (pwd, entry_widgets->pwd, len); data/otpclient-2.3.2/src/password-cb.c:154:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gsize len = strlen (text) + 1; data/otpclient-2.3.2/src/password-cb.c:156:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (*pwd, text, len); ANALYSIS SUMMARY: Hits = 23 Lines analyzed = 5298 in approximately 0.15 seconds (34745 lines/second) Physical Source Lines of Code (SLOC) = 4381 Hits@level = [0] 1 [1] 14 [2] 5 [3] 4 [4] 0 [5] 0 Hits@level+ = [0+] 24 [1+] 23 [2+] 9 [3+] 4 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.4782 [1+] 5.24994 [2+] 2.05433 [3+] 0.913034 [4+] 0 [5+] 0 Dot directories skipped = 3 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.