Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sakura-3.7.1/src/sakura.c
FINAL RESULTS:
data/sakura-3.7.1/src/sakura.c:3314:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
len = readlink(file, buf, sb.st_size + 1);
data/sakura-3.7.1/src/sakura.c:53:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (format) fprintf(stderr, format, ##__VA_ARGS__);\
data/sakura-3.7.1/src/sakura.c:3240:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buff, sizeof(char)*ERROR_BUFFER_LENGTH, format, args);
data/sakura-3.7.1/src/sakura.c:3356:20: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home_directory = g_get_home_dir();
data/sakura-3.7.1/src/sakura.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/sakura-3.7.1/src/sakura.c:1323:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/sakura-3.7.1/src/sakura.c:1330:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "colorset%d_fore", i+1);
data/sakura-3.7.1/src/sakura.c:1335:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "colorset%d_back", i+1);
data/sakura-3.7.1/src/sakura.c:1340:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "colorset%d_curs", i+1);
data/sakura-3.7.1/src/sakura.c:1905:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_name[20];
data/sakura-3.7.1/src/sakura.c:1907:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp_name, "colorset%d_fore", i+1);
data/sakura-3.7.1/src/sakura.c:1915:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp_name, "colorset%d_back", i+1);
data/sakura-3.7.1/src/sakura.c:1923:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp_name, "colorset%d_curs", i+1);
data/sakura-3.7.1/src/sakura.c:1931:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp_name, "colorset%d_key", i+1);
data/sakura-3.7.1/src/sakura.c:2970:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *command_env[2]={"TERM=xterm-256color",0};
data/sakura-3.7.1/src/sakura.c:2266:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sakura.http_vteregexp=vte_regex_new_for_match(HTTP_REGEXP, strlen(HTTP_REGEXP), 0, &error);
data/sakura-3.7.1/src/sakura.c:2272:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sakura.mail_vteregexp=vte_regex_new_for_match(MAIL_REGEXP, strlen(MAIL_REGEXP), 0, &error);
data/sakura-3.7.1/src/sakura.c:2584:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
regex=vte_regex_new_for_search(pattern, (gssize) strlen(pattern), PCRE2_MULTILINE|PCRE2_CASELESS, &error);
data/sakura-3.7.1/src/sakura.c:2849:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(chopped_title)< TAB_MIN_SIZE) {
ANALYSIS SUMMARY:
Hits = 19
Lines analyzed = 3454 in approximately 0.11 seconds (30712 lines/second)
Physical Source Lines of Code (SLOC) = 2581
Hits@level = [0] 10 [1] 4 [2] 11 [3] 1 [4] 2 [5] 1
Hits@level+ = [0+] 29 [1+] 19 [2+] 15 [3+] 4 [4+] 3 [5+] 1
Hits/KSLOC@level+ = [0+] 11.236 [1+] 7.36149 [2+] 5.8117 [3+] 1.54979 [4+] 1.16234 [5+] 0.387447
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.