Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/restbed-4.0~dfsg1/example/authentication/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/basic_authentication/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/bind_service_address/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/custom_methods/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/custom_status_codes/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/digest_authentication/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/error_handling/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/http_client/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/http_service/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/https_client/source/verify_none.cpp
Examining data/restbed-4.0~dfsg1/example/https_client/source/verify_peer.cpp
Examining data/restbed-4.0~dfsg1/example/https_service/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/logging/source/custom_logger.hpp
Examining data/restbed-4.0~dfsg1/example/logging/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/multithreaded_service/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/pam_authentication/source/base64.h
Examining data/restbed-4.0~dfsg1/example/pam_authentication/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/pam_authentication/source/pam.h
Examining data/restbed-4.0~dfsg1/example/path_parameters/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/persistent_connection/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/publishing_multipath_resources/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/publishing_resources/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/resource_filtering/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/rules_engine/source/accept_rule.hpp
Examining data/restbed-4.0~dfsg1/example/rules_engine/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/rules_engine/source/host_rule.hpp
Examining data/restbed-4.0~dfsg1/example/schedule_work_on_service_runloop/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/service_ready_handler/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/serving_html/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/session_data/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/session_manager/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/signal_handling/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/syslog_logging/source/example.cpp
Examining data/restbed-4.0~dfsg1/example/syslog_logging/source/syslog_logger.hpp
Examining data/restbed-4.0~dfsg1/example/transfer_encoding_response/source/example.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/byte.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/context_placeholder.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/context_placeholder_base.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/context_value.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/http_impl.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/http_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/request_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/resource_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/response_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/rule_engine_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/rule_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/service_impl.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/service_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/session_impl.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/session_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/settings_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/ssl_settings_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/uri_impl.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/http.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/http.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/logger.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/request.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/request.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/resource.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/resource.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/response.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/response.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/rule.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/rule.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/service.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/service.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/session.cpp
Parsing failed to find end of parameter list; semicolon terminated it in ( m_pimpl->m_request->m_pimpl->m_buffer, "\r\n\r\n", [ this, session ]( const error_code & error, const size_t length )
{
m_pimpl->m_keep_alive_callback( error, len
Parsing failed to find end of parameter list; semicolon terminated it in ( m_pimpl->m_request->m_pimpl->m_buffer, size, [ this, session, length, callback ]( const error_code & error, size_t )
{
if ( error )
{
Parsing failed to find end of parameter list; semicolon terminated it in ( m_pimpl->m_request->m_pimpl->m_buffer, delimiter, [ this, session, callback ]( const error_code & error, size_t length )
{
if ( error )
{
const auto m
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/session.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/session_manager.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/session_manager.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/settings.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/settings.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/ssl_settings.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/ssl_settings.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/status_code.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/string.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/string.hpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/uri.cpp
Examining data/restbed-4.0~dfsg1/source/corvusoft/restbed/uri.hpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/connection_timeout/client.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/connection_timeout/server.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_authentication/resource.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_authentication/service.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_error_handling/resource.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_error_handling/service.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_failed_resource_filter_validation_handler/resource.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_failed_resource_filter_validation_handler/service.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_http_methods/http_connect.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_http_methods/http_delete.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_http_methods/http_get.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_http_methods/http_head.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_http_methods/http_invoke.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_http_methods/http_options.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_http_methods/http_patch.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_http_methods/http_post.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_http_methods/http_put.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_http_methods/http_trace.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_method_not_allowed_handler/feature.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_method_not_implemented_handler/feature.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_resource_not_found_handler/feature.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/custom_status_message/feature.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_client/async.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_client/close.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_client/connect.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_client/fetch.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_client/keep_alive.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_method_handlers/http_connect.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_method_handlers/http_delete.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_method_handlers/http_get.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_method_handlers/http_head.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_method_handlers/http_options.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_method_handlers/http_patch.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_method_handlers/http_post.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_method_handlers/http_put.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/http_method_handlers/http_trace.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/path_parameters/feature.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publish_duplicate_resources/feature.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_multi_path_resources/http_connect.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_multi_path_resources/http_delete.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_multi_path_resources/http_get.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_multi_path_resources/http_head.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_multi_path_resources/http_options.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_multi_path_resources/http_patch.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_multi_path_resources/http_post.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_multi_path_resources/http_put.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_multi_path_resources/http_trace.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_single_path_resources/http_connect.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_single_path_resources/http_delete.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_single_path_resources/http_get.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_single_path_resources/http_head.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_single_path_resources/http_options.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_single_path_resources/http_patch.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_single_path_resources/http_post.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_single_path_resources/http_put.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/publishing_single_path_resources/http_trace.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/query_parameters/feature.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/resource_method_filters/feature.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/rules_engine/content_length_rule.hpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/rules_engine/content_type_rule.hpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/rules_engine/mixed.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/rules_engine/resource.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/rules_engine/service.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/runtime_service_modifications/feature.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/service_case_sensitivity/case_insensitive.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/service_case_sensitivity/case_sensitive.cpp
Examining data/restbed-4.0~dfsg1/test/acceptance/source/signal_handling/feature.cpp
Examining data/restbed-4.0~dfsg1/test/integration/source/http_suite.cpp
Examining data/restbed-4.0~dfsg1/test/integration/source/request_suite.cpp
Examining data/restbed-4.0~dfsg1/test/integration/source/resource_suite.cpp
Examining data/restbed-4.0~dfsg1/test/integration/source/response_suite.cpp
Examining data/restbed-4.0~dfsg1/test/integration/source/service_suite.cpp
Examining data/restbed-4.0~dfsg1/test/integration/source/session_suite.cpp
Examining data/restbed-4.0~dfsg1/test/integration/source/settings_suite.cpp
Examining data/restbed-4.0~dfsg1/test/integration/source/ssl_settings_suite.cpp
Examining data/restbed-4.0~dfsg1/test/integration/source/string_suite.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/client_fails_to_calculate_correct_response_body_length.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/content_length_present_on_empty_response_body.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/content_type_present_on_empty_response_body.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/error_handler_not_overwritten.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/exception_thrown_with_space_in_resource_path.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/fails_to_parse_header_values_containing_colons.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/fails_to_parse_identical_query_parameters.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/large_request_bodies_being_trimmed.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/missing_regex_support_on_gcc_4.8.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/multiple_log_entries.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/path_parameters_are_not_visible_within_rules.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/request_get_parameters_fails_to_return_data.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/request_uris_are_not_being_decoded.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/resource_instance_destroyed_with_bound_method_functors.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/resource_responding_on_invalid_path.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/resources_are_not_overwritten.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/segmentation_fault_on_mismatched_path.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/string_replace_fails_to_replace_embedded_targets.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/uncaught_exception_when_peer_closes_connection.cpp
Examining data/restbed-4.0~dfsg1/test/regression/source/uri_fails_to_handle_file_scheme_relative_paths.cpp
Examining data/restbed-4.0~dfsg1/test/unit/source/request_suite.cpp
Examining data/restbed-4.0~dfsg1/test/unit/source/resource_suite.cpp
Examining data/restbed-4.0~dfsg1/test/unit/source/response_suite.cpp
Examining data/restbed-4.0~dfsg1/test/unit/source/service_suite.cpp
Examining data/restbed-4.0~dfsg1/test/unit/source/session_suite.cpp
Examining data/restbed-4.0~dfsg1/test/unit/source/settings_suite.cpp
Examining data/restbed-4.0~dfsg1/test/unit/source/ssl_settings_suite.cpp
Examining data/restbed-4.0~dfsg1/test/unit/source/string_suite.cpp
Examining data/restbed-4.0~dfsg1/test/unit/source/uri_suite.cpp
FINAL RESULTS:
data/restbed-4.0~dfsg1/example/logging/source/custom_logger.hpp:27:13: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf( stderr, format, arguments );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/string.cpp:163:31: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int required_length = vsnprintf( formatted, length + 1, format, arguments );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/uri.cpp:35:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
using std::snprintf;
data/restbed-4.0~dfsg1/test/regression/source/multiple_log_entries.cpp:26:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
using std::vsnprintf;
data/restbed-4.0~dfsg1/test/regression/source/multiple_log_entries.cpp:62:33: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
const auto length = vsnprintf( nullptr, 0, format, temporary ) + 1;
data/restbed-4.0~dfsg1/test/regression/source/multiple_log_entries.cpp:68:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if ( vsnprintf( &buffer[ 0 ], length, format, arguments ) < 0 )
data/restbed-4.0~dfsg1/example/pam_authentication/source/base64.h:42:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char char_array_3[3];
data/restbed-4.0~dfsg1/example/pam_authentication/source/base64.h:43:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char char_array_4[4];
data/restbed-4.0~dfsg1/example/pam_authentication/source/base64.h:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char char_array_4[4], char_array_3[3];
data/restbed-4.0~dfsg1/source/corvusoft/restbed/uri.cpp:108:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexidecimal[ 3 ] = { 0 };
data/restbed-4.0~dfsg1/source/corvusoft/restbed/uri.cpp:135:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexidecimal[ 4 ] = { 0 };
data/restbed-4.0~dfsg1/example/pam_authentication/source/pam.h:35:30: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
response[ 0 ].resp = strncpy( pass, password.data( ), password.length( ) );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/http_impl.cpp:202:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->m_pimpl->m_socket->read( request->m_pimpl->m_buffer, "\r\n", bind( read_status_handler, _1, _2, request, callback ) );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/http_impl.cpp:246:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->m_pimpl->m_socket->read( request->m_pimpl->m_buffer, "\r\n\r\n", bind( read_headers_handler, _1, _2, request, callback ) );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/service_impl.cpp:297:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
session->m_pimpl->m_request->m_pimpl->m_socket->read( session->m_pimpl->m_request->m_pimpl->m_buffer, "\r\n\r\n", bind( &ServiceImpl::parse_request, this, _1, _2, session ) );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/service_impl.cpp:531:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
session->m_pimpl->m_request->m_pimpl->m_socket->read( session->m_pimpl->m_request->m_pimpl->m_buffer, "\r\n\r\n", bind( &ServiceImpl::parse_request, this, _1, _2, session ) );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.cpp:211:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t SocketImpl::read( const shared_ptr< asio::streambuf >& data, const size_t length, error_code& error )
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.cpp:223:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = asio::read( *m_socket, *data, asio::transfer_at_least( length ), error );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.cpp:228:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = asio::read( *m_ssl_socket, *data, asio::transfer_at_least( length ), error );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.cpp:242:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void SocketImpl::read( const shared_ptr< asio::streambuf >& data, const size_t length, const function< void ( const error_code&, size_t ) >& callback )
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.cpp:290:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t SocketImpl::read( const shared_ptr< asio::streambuf >& data, const string& delimiter, error_code& error )
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.cpp:322:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void SocketImpl::read( const shared_ptr< asio::streambuf >& data, const string& delimiter, const function< void ( const error_code&, size_t ) >& callback )
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.hpp:70:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read( const std::shared_ptr< asio::streambuf >& data, const std::size_t length, std::error_code& error );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.hpp:72:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read( const std::shared_ptr< asio::streambuf >& data, const std::size_t length, const std::function< void ( const std::error_code&, std::size_t ) >& callback );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.hpp:74:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read( const std::shared_ptr< asio::streambuf >& data, const std::string& delimiter, std::error_code& error );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/detail/socket_impl.hpp:76:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read( const std::shared_ptr< asio::streambuf >& data, const std::string& delimiter, const std::function< void ( const std::error_code&, std::size_t ) >& callback );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/http.cpp:222:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->m_pimpl->m_socket->read( request->m_pimpl->m_buffer, size, error );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/http.cpp:269:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const size_t size = request->m_pimpl->m_socket->read( request->m_pimpl->m_buffer, delimiter, error );
data/restbed-4.0~dfsg1/source/corvusoft/restbed/session.cpp:234:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_pimpl->m_request->m_pimpl->m_socket->read( m_pimpl->m_request->m_pimpl->m_buffer, "\r\n\r\n", [ this, session ]( const error_code & error, const size_t length )
data/restbed-4.0~dfsg1/source/corvusoft/restbed/session.cpp:292:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_pimpl->m_request->m_pimpl->m_socket->read( m_pimpl->m_request->m_pimpl->m_buffer, size, [ this, session, length, callback ]( const error_code & error, size_t )
data/restbed-4.0~dfsg1/source/corvusoft/restbed/session.cpp:320:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_pimpl->m_request->m_pimpl->m_socket->read( m_pimpl->m_request->m_pimpl->m_buffer, delimiter, [ this, session, callback ]( const error_code & error, size_t length )
ANALYSIS SUMMARY:
Hits = 31
Lines analyzed = 22113 in approximately 0.46 seconds (47726 lines/second)
Physical Source Lines of Code (SLOC) = 15272
Hits@level = [0] 37 [1] 20 [2] 5 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 68 [1+] 31 [2+] 11 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 4.45259 [1+] 2.02986 [2+] 0.720272 [3+] 0.392876 [4+] 0.392876 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.