Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/retry-1.0.4/retry.c
FINAL RESULTS:
data/retry-1.0.4/retry.c:176:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PACKAGE_STRING "\n");
data/retry-1.0.4/retry.c:490:13: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[optind], argv + optind);
data/retry-1.0.4/retry.c:395:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "d:m:t:u:w:hv", long_options, NULL)) != -1) {
data/retry-1.0.4/retry.c:195:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(criteria);
data/retry-1.0.4/retry.c:307:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
num = read(pumps[i].rfd, base + pumps[i].len, BUFFER_SIZE);
ANALYSIS SUMMARY:
Hits = 5
Lines analyzed = 621 in approximately 0.03 seconds (21722 lines/second)
Physical Source Lines of Code (SLOC) = 456
Hits@level = [0] 11 [1] 2 [2] 0 [3] 1 [4] 2 [5] 0
Hits@level+ = [0+] 16 [1+] 5 [2+] 3 [3+] 3 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 35.0877 [1+] 10.9649 [2+] 6.57895 [3+] 6.57895 [4+] 4.38596 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.