Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pysvn-1.9.12/Patches/test_proplist.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_copy.cpp
Examining data/pysvn-1.9.12/Source/pysvn.cpp
Examining data/pysvn-1.9.12/Source/pysvn_profile.cpp
Examining data/pysvn-1.9.12/Source/pysvn_svnenv.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_changelist.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_merge.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_patch.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_export.cpp
Examining data/pysvn-1.9.12/Source/pysvn_static_strings.cpp
Examining data/pysvn-1.9.12/Source/pysvn_transaction.cpp
Examining data/pysvn-1.9.12/Source/pysvn_arg_processing.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_prop.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_list.cpp
Examining data/pysvn-1.9.12/Source/pysvn_converters.cpp
Examining data/pysvn-1.9.12/Source/pysvn_static_strings.hpp
Examining data/pysvn-1.9.12/Source/pysvn_enum_string.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_switch.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_revprop.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_lock.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_diff.cpp
Examining data/pysvn-1.9.12/Source/pysvn.hpp
Examining data/pysvn-1.9.12/Source/pysvn_path.cpp
Examining data/pysvn-1.9.12/Source/generate_svn_error_codes/generate_svn_error_codes.cpp
Examining data/pysvn-1.9.12/Source/pysvn_svnenv.hpp
Examining data/pysvn-1.9.12/Source/pysvn_callbacks.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_add.cpp
Examining data/pysvn-1.9.12/Source/pysvn_revision.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_checkin.cpp
Examining data/pysvn-1.9.12/Source/pysvn_client_cmd_info.cpp
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python3/python.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python3/rangetest.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python3/simple2.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python3/pycxx_iter.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python3/simple.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python3/example.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python3/range.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python2/python.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python2/rangetest.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python2/pycxx_iter.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python2/simple.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python2/example.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python2/range.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/CXX/WrapPython.h
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/cxxextensions.c
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/Python3/cxxextensions.c
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/Python3/cxxsupport.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/Python3/cxx_exceptions.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/Python3/cxx_extensions.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/cxxsupport.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/Python2/cxxextensions.c
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/Python2/cxxsupport.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/Python2/cxx_exceptions.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/Python2/cxx_extensions.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/cxx_exceptions.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/cxx_extensions.cxx
Examining data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/IndirectPythonInterface.cxx
FINAL RESULTS:
data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/IndirectPythonInterface.cxx:233:5: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_snprintf( python_dll_name, sizeof(python_dll_name_format) / sizeof(char) - 1, python_dll_name_format, PY_MAJOR_VERSION, PY_MINOR_VERSION );
data/pysvn-1.9.12/Import/pycxx-7.1.4/Demo/Python3/simple.cxx:297:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64*1024+1];
data/pysvn-1.9.12/Import/pycxx-7.1.4/Src/IndirectPythonInterface.cxx:231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char python_dll_name[sizeof(python_dll_name_format)];
data/pysvn-1.9.12/Patches/test_proplist.cpp:43:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
svn_boolean_t recurse = atoi( argv[3] );
data/pysvn-1.9.12/Patches/test_proplist.cpp:47:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int max_calls = atoi( argv[2] );
data/pysvn-1.9.12/Source/pysvn_arg_processing.cpp:67:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char number_string[20];
data/pysvn-1.9.12/Source/pysvn_client_cmd_info.cpp:1155:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char action[2]; action[0] = log_item->action; action[1] = 0;
data/pysvn-1.9.12/Source/pysvn_client_cmd_info.cpp:1186:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char action[2]; action[0] = log_item->action; action[1] = 0;
data/pysvn-1.9.12/Source/pysvn_revision.cpp:66:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/pysvn-1.9.12/Source/pysvn_revision.cpp:74:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/pysvn-1.9.12/Source/pysvn_svnenv.cpp:44:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/pysvn-1.9.12/Source/pysvn_svnenv.cpp:731:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[9];
data/pysvn-1.9.12/Source/pysvn_transaction.cpp:152:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/pysvn-1.9.12/Source/pysvn_transaction.cpp:879:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char action[2] = {node->action, 0};
data/pysvn-1.9.12/Source/pysvn_transaction.cpp:895:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char action[2] = {node->action, 0};
data/pysvn-1.9.12/Source/pysvn_client_cmd_list.cpp:217:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( path ) != 0 )
ANALYSIS SUMMARY:
Hits = 16
Lines analyzed = 25890 in approximately 0.56 seconds (46375 lines/second)
Physical Source Lines of Code (SLOC) = 20345
Hits@level = [0] 4 [1] 1 [2] 14 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 20 [1+] 16 [2+] 15 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 0.983043 [1+] 0.786434 [2+] 0.737282 [3+] 0.0491521 [4+] 0.0491521 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.