Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/sakura-3.7.1/src/sakura.c FINAL RESULTS: data/sakura-3.7.1/src/sakura.c:3314:9: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. len = readlink(file, buf, sb.st_size + 1); data/sakura-3.7.1/src/sakura.c:53:18: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (format) fprintf(stderr, format, ##__VA_ARGS__);\ data/sakura-3.7.1/src/sakura.c:3240:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buff, sizeof(char)*ERROR_BUFFER_LENGTH, format, args); data/sakura-3.7.1/src/sakura.c:3356:20: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home_directory = g_get_home_dir(); data/sakura-3.7.1/src/sakura.c:259:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[3]; data/sakura-3.7.1/src/sakura.c:1323:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/sakura-3.7.1/src/sakura.c:1330:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "colorset%d_fore", i+1); data/sakura-3.7.1/src/sakura.c:1335:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "colorset%d_back", i+1); data/sakura-3.7.1/src/sakura.c:1340:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "colorset%d_curs", i+1); data/sakura-3.7.1/src/sakura.c:1905:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_name[20]; data/sakura-3.7.1/src/sakura.c:1907:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp_name, "colorset%d_fore", i+1); data/sakura-3.7.1/src/sakura.c:1915:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp_name, "colorset%d_back", i+1); data/sakura-3.7.1/src/sakura.c:1923:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp_name, "colorset%d_curs", i+1); data/sakura-3.7.1/src/sakura.c:1931:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp_name, "colorset%d_key", i+1); data/sakura-3.7.1/src/sakura.c:2970:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *command_env[2]={"TERM=xterm-256color",0}; data/sakura-3.7.1/src/sakura.c:2266:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sakura.http_vteregexp=vte_regex_new_for_match(HTTP_REGEXP, strlen(HTTP_REGEXP), 0, &error); data/sakura-3.7.1/src/sakura.c:2272:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sakura.mail_vteregexp=vte_regex_new_for_match(MAIL_REGEXP, strlen(MAIL_REGEXP), 0, &error); data/sakura-3.7.1/src/sakura.c:2584:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). regex=vte_regex_new_for_search(pattern, (gssize) strlen(pattern), PCRE2_MULTILINE|PCRE2_CASELESS, &error); data/sakura-3.7.1/src/sakura.c:2849:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (strlen(chopped_title)< TAB_MIN_SIZE) { ANALYSIS SUMMARY: Hits = 19 Lines analyzed = 3454 in approximately 0.11 seconds (30712 lines/second) Physical Source Lines of Code (SLOC) = 2581 Hits@level = [0] 10 [1] 4 [2] 11 [3] 1 [4] 2 [5] 1 Hits@level+ = [0+] 29 [1+] 19 [2+] 15 [3+] 4 [4+] 3 [5+] 1 Hits/KSLOC@level+ = [0+] 11.236 [1+] 7.36149 [2+] 5.8117 [3+] 1.54979 [4+] 1.16234 [5+] 0.387447 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.