Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ots-0.5.0/src/libots.h Examining data/ots-0.5.0/src/article.c Examining data/ots-0.5.0/src/dictionary.c Examining data/ots-0.5.0/src/grader.c Examining data/ots-0.5.0/src/grader-tf.c Examining data/ots-0.5.0/src/grader-tc.c Examining data/ots-0.5.0/src/grader-tc.h Examining data/ots-0.5.0/src/html.c Examining data/ots-0.5.0/src/parser.c Examining data/ots-0.5.0/src/text.c Examining data/ots-0.5.0/src/stemmer.c Examining data/ots-0.5.0/src/highlighter.c Examining data/ots-0.5.0/src/wordlist.c Examining data/ots-0.5.0/src/relations.c Examining data/ots-0.5.0/src/ots.c FINAL RESULTS: data/ots-0.5.0/src/html.c:36:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(score_str,"<!--(%ld)-->",aLine->score); data/ots-0.5.0/src/ots.c:106:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). input_stream = fopen (input_file, "r"); data/ots-0.5.0/src/ots.c:117:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). output_stream = fopen (output_file, "w"); data/ots-0.5.0/src/parser.c:50:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fread_buffer[BUFFER_SIZE]; data/ots-0.5.0/src/article.c:107:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((aWord == NULL) || (0==strlen(aWord)) ||(NULL==aLine)) return; data/ots-0.5.0/src/grader-tc.c:65:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (li->data && strlen (li->data)) ots_add_wordstat (Doc, (char *)li->data); data/ots-0.5.0/src/parser.c:35:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wlen = strlen (aWord); data/ots-0.5.0/src/parser.c:36:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen (post); data/ots-0.5.0/src/parser.c:68:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (buffer + total_read, fread_buffer, nread); data/ots-0.5.0/src/relations.c:83:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (text!=NULL) ots_parse_stream (text,strlen(text), Art); /* read text , put it in struct Article */ data/ots-0.5.0/src/relations.c:90:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tmp!=NULL)&&(strlen(tmp)>0)) {g_string_append(word,tmp); data/ots-0.5.0/src/relations.c:117:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (text!=NULL) ots_parse_stream (text,strlen(text), Art); data/ots-0.5.0/src/relations.c:124:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tmp)&&(strlen(tmp)>0)) data/ots-0.5.0/src/relations.c:152:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((tmplist1->data)&&(tmplist2->data)&&(strlen(tmplist2->data)>1)) data/ots-0.5.0/src/stemmer.c:81:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen (comp); data/ots-0.5.0/src/stemmer.c:114:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen (pre); data/ots-0.5.0/src/stemmer.c:115:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wlen = strlen (aWord); data/ots-0.5.0/src/stemmer.c:116:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen (new); data/ots-0.5.0/src/stemmer.c:143:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wlen = strlen (aWord); data/ots-0.5.0/src/stemmer.c:144:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen (post); data/ots-0.5.0/src/stemmer.c:145:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen (new); data/ots-0.5.0/src/stemmer.c:324:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(normWord)<3) /*stem is two letter long. thats not right. N(eed)==N(ation) ?*/ data/ots-0.5.0/src/text.c:42:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (li->data && strlen (li->data)) /*if word exists*/ data/ots-0.5.0/src/wordlist.c:174:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (0==strlen(wordString)) return; ANALYSIS SUMMARY: Hits = 24 Lines analyzed = 2481 in approximately 0.09 seconds (27246 lines/second) Physical Source Lines of Code (SLOC) = 1558 Hits@level = [0] 8 [1] 20 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 32 [1+] 24 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 20.5392 [1+] 15.4044 [2+] 2.56739 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.