Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/python-xeddsa-0.4.6/ref10/crypto_core/crypto_core.h Examining data/python-xeddsa-0.4.6/ref10/crypto_core/api.h Examining data/python-xeddsa-0.4.6/ref10/crypto_core/module.h Examining data/python-xeddsa-0.4.6/ref10/crypto_core/crypto_core_salsa20.h Examining data/python-xeddsa-0.4.6/ref10/crypto_core/core.c Examining data/python-xeddsa-0.4.6/ref10/fastrandombytes/module.h Examining data/python-xeddsa-0.4.6/ref10/fastrandombytes/fastrandombytes.c Examining data/python-xeddsa-0.4.6/ref10/fastrandombytes/randombytes.h Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_add.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/montgomery.h Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_1.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_0.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe.h Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_frombytes.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/crypto_scalarmult_curve25519.h Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/base.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_sub.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/scalarmult.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/crypto_scalarmult.h Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/pow225521.h Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_cswap.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/api.h Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_sq.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/module.h Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_mul121666.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_mul.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_tobytes.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_copy.c Examining data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/fe_invert.c Examining data/python-xeddsa-0.4.6/ref10/include/crypto_uint64.h Examining data/python-xeddsa-0.4.6/ref10/include/crypto_uint8.h Examining data/python-xeddsa-0.4.6/ref10/include/crypto_uint32.h Examining data/python-xeddsa-0.4.6/ref10/include/crypto_int64.h Examining data/python-xeddsa-0.4.6/ref10/include/crypto_int32.h Examining data/python-xeddsa-0.4.6/ref10/include/crypto_int16.h Examining data/python-xeddsa-0.4.6/ref10/include/crypto_int8.h Examining data/python-xeddsa-0.4.6/ref10/include/cross_platform.h Examining data/python-xeddsa-0.4.6/ref10/include/crypto_uint16.h Examining data/python-xeddsa-0.4.6/ref10/crypto_verify/verify.c Examining data/python-xeddsa-0.4.6/ref10/crypto_verify/crypto_verify_32.h Examining data/python-xeddsa-0.4.6/ref10/crypto_verify/crypto_verify.h Examining data/python-xeddsa-0.4.6/ref10/crypto_verify/api.h Examining data/python-xeddsa-0.4.6/ref10/crypto_verify/module.h Examining data/python-xeddsa-0.4.6/ref10/crypto_rng/crypto_rng_salsa20.h Examining data/python-xeddsa-0.4.6/ref10/crypto_rng/api.h Examining data/python-xeddsa-0.4.6/ref10/crypto_rng/crypto_rng.h Examining data/python-xeddsa-0.4.6/ref10/crypto_rng/module.h Examining data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/crypto_stream_salsa20.h Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/crypto_stream.h Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/stream.c Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/api.h Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/module.h Examining data/python-xeddsa-0.4.6/ref10/crypto_stream/xor.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_frombytes.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_add.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_add.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_sub.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_double_scalarmult.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_sq2.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/pow22523.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/crypto_sign_ed25519.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/sc_muladd.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_add.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p2_dbl.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_neg.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_1.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_sub.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_msub.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_0.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_frombytes.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p1p1_to_p3.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p3_tobytes.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_isnonzero.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p3_dbl.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_sub.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/sign.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_isnegative.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/sc_reduce.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/pow225521.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_madd.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p3_0.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_cmov.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/crypto_sign.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_tobytes.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/api.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/base2.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p1p1_to_p2.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_sq.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/module.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/sqrtm1.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/d.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p2_dbl.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_precomp_0.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_pow22523.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_msub.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/base.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p3_to_cached.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_mul.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/keypair.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p3_to_p2.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_tobytes.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_copy.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_invert.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_madd.c Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/sc.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/d2.h Examining data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_p2_0.c Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/getrandom2.c Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/getrandom3.c Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/getentropy2.c Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/getentropy.c Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/kernelrandombytes.h Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/test.c Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/getrandom.c Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/module.h Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/rtlgenrandom.c Examining data/python-xeddsa-0.4.6/ref10/kernelrandombytes/urandom.c Examining data/python-xeddsa-0.4.6/ref10/crypto_hashblocks/blocks.c Examining data/python-xeddsa-0.4.6/ref10/crypto_hashblocks/api.h Examining data/python-xeddsa-0.4.6/ref10/crypto_hashblocks/module.h Examining data/python-xeddsa-0.4.6/ref10/crypto_hashblocks/crypto_hashblocks.h Examining data/python-xeddsa-0.4.6/ref10/crypto_hashblocks/crypto_hashblocks_sha512.h Examining data/python-xeddsa-0.4.6/ref10/crypto_hash/hash.c Examining data/python-xeddsa-0.4.6/ref10/crypto_hash/api.h Examining data/python-xeddsa-0.4.6/ref10/crypto_hash/crypto_hash_sha512.h Examining data/python-xeddsa-0.4.6/ref10/crypto_hash/module.h Examining data/python-xeddsa-0.4.6/ref10/crypto_hash/crypto_hash.h FINAL RESULTS: data/python-xeddsa-0.4.6/ref10/crypto_hash/hash.c:12:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char iv[64] = { data/python-xeddsa-0.4.6/ref10/crypto_hash/hash.c:27:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[64]; data/python-xeddsa-0.4.6/ref10/crypto_hash/hash.c:28:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char padded[256]; data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c:14:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char nonce[NONCEBYTES] = {0}; data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c:22:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char x[KEYBYTES + OUTPUTBYTES]; data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c:24:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n,x,KEYBYTES); data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c:25:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r,x + KEYBYTES,OUTPUTBYTES); data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/base.c:3:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char basepoint[32] = {9}; data/python-xeddsa-0.4.6/ref10/crypto_scalarmult/scalarmult.c:8:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char e[32]; data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_isnegative.c:13:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[32]; data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_isnonzero.c:12:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char zero[32]; data/python-xeddsa-0.4.6/ref10/crypto_sign/fe_isnonzero.c:16:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[32]; data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_double_scalarmult.c:48:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char aslide[256]; data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_double_scalarmult.c:49:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char bslide[256]; data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:66:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char e[64]; data/python-xeddsa-0.4.6/ref10/crypto_sign/keypair.c:9:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char az[64]; data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c:14:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pkcopy[32]; data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c:15:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rcopy[32]; data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c:16:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char scopy[32]; data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c:17:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char h[64]; data/python-xeddsa-0.4.6/ref10/crypto_sign/open.c:18:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rcheck[32]; data/python-xeddsa-0.4.6/ref10/crypto_sign/sign.c:13:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pk[32]; data/python-xeddsa-0.4.6/ref10/crypto_sign/sign.c:14:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char az[64]; data/python-xeddsa-0.4.6/ref10/crypto_sign/sign.c:15:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nonce[64]; data/python-xeddsa-0.4.6/ref10/crypto_sign/sign.c:16:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hram[64]; data/python-xeddsa-0.4.6/ref10/crypto_stream/stream.c:12:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char sigma[16] = "expand 32-byte k"; data/python-xeddsa-0.4.6/ref10/crypto_stream/stream.c:20:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[16]; data/python-xeddsa-0.4.6/ref10/crypto_stream/stream.c:21:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[64]; data/python-xeddsa-0.4.6/ref10/crypto_stream/stream.c:22:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char kcopy[32]; data/python-xeddsa-0.4.6/ref10/crypto_stream/xor.c:12:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char sigma[16] = "expand 32-byte k"; data/python-xeddsa-0.4.6/ref10/crypto_stream/xor.c:21:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[16]; data/python-xeddsa-0.4.6/ref10/crypto_stream/xor.c:22:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[64]; data/python-xeddsa-0.4.6/ref10/crypto_stream/xor.c:23:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char kcopy[32]; data/python-xeddsa-0.4.6/ref10/fastrandombytes/fastrandombytes.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char g[crypto_rng_KEYBYTES]; data/python-xeddsa-0.4.6/ref10/fastrandombytes/fastrandombytes.c:12:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char r[crypto_rng_OUTPUTBYTES]; data/python-xeddsa-0.4.6/ref10/fastrandombytes/fastrandombytes.c:55:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x,r + pos,ready); data/python-xeddsa-0.4.6/ref10/kernelrandombytes/test.c:3:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char x[65536]; data/python-xeddsa-0.4.6/ref10/kernelrandombytes/urandom.c:15:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/urandom",O_RDONLY); data/python-xeddsa-0.4.6/ref10/crypto_rng/rng.c:11:12: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. KEYBYTES mismatch! data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:4:22: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static unsigned char equal(signed char b,signed char c) data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:41:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][0],equal(babs,1)); data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:42:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][1],equal(babs,2)); data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:43:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][2],equal(babs,3)); data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:44:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][3],equal(babs,4)); data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:45:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][4],equal(babs,5)); data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:46:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][5],equal(babs,6)); data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:47:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][6],equal(babs,7)); data/python-xeddsa-0.4.6/ref10/crypto_sign/ge_scalarmult_base.c:48:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. cmov(t,&base[pos][7],equal(babs,8)); data/python-xeddsa-0.4.6/ref10/kernelrandombytes/urandom.c:24:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = read(fd,x,i); ANALYSIS SUMMARY: Hits = 49 Lines analyzed = 7515 in approximately 0.30 seconds (24747 lines/second) Physical Source Lines of Code (SLOC) = 5492 Hits@level = [0] 0 [1] 11 [2] 38 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 49 [1+] 49 [2+] 38 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 8.92207 [1+] 8.92207 [2+] 6.91916 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.