Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/scottfree-1.14/Scott.h Examining data/scottfree-1.14/ScottCurses.c FINAL RESULTS: data/scottfree-1.14/ScottCurses.c:165:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lastword,tp); data/scottfree-1.14/ScottCurses.c:427:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(block,a); data/scottfree-1.14/ScottCurses.c:652:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(NounText,noun); /* Needed by GET/DROP hack */ data/scottfree-1.14/ScottCurses.c:1394:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)^getpid()^getuid()); data/scottfree-1.14/ScottCurses.c:86:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char NounText[16]; data/scottfree-1.14/ScottCurses.c:158:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lastword[16]; /* Last non synonym */ data/scottfree-1.14/ScottCurses.c:193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/scottfree-1.14/ScottCurses.c:227:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t,tmp,ct+1); data/scottfree-1.14/ScottCurses.c:367:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char word[80]; data/scottfree-1.14/ScottCurses.c:426:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char block[512]; data/scottfree-1.14/ScottCurses.c:433:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/scottfree-1.14/ScottCurses.c:434:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%d ",a); data/scottfree-1.14/ScottCurses.c:440:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *ExitNames[6]= data/scottfree-1.14/ScottCurses.c:602:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/scottfree-1.14/ScottCurses.c:603:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char verb[10],noun[10]; data/scottfree-1.14/ScottCurses.c:623:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'n':strcpy(verb,"NORTH");break; data/scottfree-1.14/ScottCurses.c:624:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'e':strcpy(verb,"EAST");break; data/scottfree-1.14/ScottCurses.c:625:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 's':strcpy(verb,"SOUTH");break; data/scottfree-1.14/ScottCurses.c:626:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'w':strcpy(verb,"WEST");break; data/scottfree-1.14/ScottCurses.c:627:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'u':strcpy(verb,"UP");break; data/scottfree-1.14/ScottCurses.c:628:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'd':strcpy(verb,"DOWN");break; data/scottfree-1.14/ScottCurses.c:630:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'i':strcpy(verb,"INVENTORY");break; data/scottfree-1.14/ScottCurses.c:657:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/scottfree-1.14/ScottCurses.c:663:4: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f=fopen(buf,"w"); data/scottfree-1.14/ScottCurses.c:683:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f=fopen(name,"r"); data/scottfree-1.14/ScottCurses.c:1351:4: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f=fopen(argv[1],"r"); data/scottfree-1.14/ScottCurses.c:199:5: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=fgetc(f); data/scottfree-1.14/ScottCurses.c:208:5: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c=fgetc(f); data/scottfree-1.14/ScottCurses.c:213:7: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nc=fgetc(f); data/scottfree-1.14/ScottCurses.c:394:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(OutputPos+strlen(word)>(Width-2)) data/scottfree-1.14/ScottCurses.c:402:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). OutputPos+=strlen(word); data/scottfree-1.14/ScottCurses.c:511:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(pos+strlen(Items[ct].Text)>(Width-10)) data/scottfree-1.14/ScottCurses.c:517:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos += strlen(Items[ct].Text); data/scottfree-1.14/ScottCurses.c:614:8: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. num=sscanf(buf,"%9s %9s",verb,noun); data/scottfree-1.14/ScottCurses.c:619:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(*noun==0 && strlen(verb)==1) ANALYSIS SUMMARY: Hits = 35 Lines analyzed = 1535 in approximately 0.06 seconds (25537 lines/second) Physical Source Lines of Code (SLOC) = 1407 Hits@level = [0] 25 [1] 9 [2] 22 [3] 1 [4] 3 [5] 0 Hits@level+ = [0+] 60 [1+] 35 [2+] 26 [3+] 4 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 42.6439 [1+] 24.8756 [2+] 18.479 [3+] 2.84293 [4+] 2.1322 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.