Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/searchmonkey-0.8.3/src/main.c Examining data/searchmonkey-0.8.3/src/support.c Examining data/searchmonkey-0.8.3/src/support.h Examining data/searchmonkey-0.8.3/src/interface.c Examining data/searchmonkey-0.8.3/src/interface.h Examining data/searchmonkey-0.8.3/src/callbacks.c Examining data/searchmonkey-0.8.3/src/callbacks.h Examining data/searchmonkey-0.8.3/src/search.c Examining data/searchmonkey-0.8.3/src/search.h Examining data/searchmonkey-0.8.3/src/savestate.c Examining data/searchmonkey-0.8.3/src/savestate.h Examining data/searchmonkey-0.8.3/src/regexwizard.c Examining data/searchmonkey-0.8.3/src/regexwizard.h Examining data/searchmonkey-0.8.3/src/systemio.c Examining data/searchmonkey-0.8.3/src/systemio.h Examining data/searchmonkey-0.8.3/src/misc.h Examining data/searchmonkey-0.8.3/src/lgpl.h Examining data/searchmonkey-0.8.3/src/misc.c FINAL RESULTS: data/searchmonkey-0.8.3/src/search.c:213:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf,zip_strerror(archive)); data/searchmonkey-0.8.3/src/search.c:387:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf,zip_strerror(archive)); data/searchmonkey-0.8.3/src/main.c:61:34: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. gConfigFile = g_build_filename(g_get_home_dir(), "." PACKAGE, SEARCHMONKEY_CONFIG, NULL); /* Create hidden directory to store searchmonkey data */ data/searchmonkey-0.8.3/src/main.c:82:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "?d:f:t:")) != -1) data/searchmonkey-0.8.3/src/savestate.c:227:45: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. addUniqueRow(GTK_WIDGET(tmpCombo), g_get_home_dir()); /* Set default look in folder */ data/searchmonkey-0.8.3/src/savestate.c:238:45: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. addUniqueRow(GTK_WIDGET(tmpCombo), g_get_home_dir()); /* Set default look in folder */ data/searchmonkey-0.8.3/src/search.c:1286:63: [3] (tmpfile) GetTempFileName: Temporary file race condition in certain cases (e.g., if run as SYSTEM in many versions of Windows) (CWE-377). tmpExtractedFile = DocXCheckFile((gchar*)tmpFileName, GetTempFileName("monkey") ); data/searchmonkey-0.8.3/src/search.c:1299:62: [3] (tmpfile) GetTempFileName: Temporary file race condition in certain cases (e.g., if run as SYSTEM in many versions of Windows) (CWE-377). tmpExtractedFile = ODTCheckFile((gchar*)tmpFileName, GetTempFileName("monkey") ); data/searchmonkey-0.8.3/src/search.c:1314:62: [3] (tmpfile) GetTempFileName: Temporary file race condition in certain cases (e.g., if run as SYSTEM in many versions of Windows) (CWE-377). tmpExtractedFile = PDFCheckFile((gchar*)tmpFileName, GetTempFileName("monkey") ); data/searchmonkey-0.8.3/src/systemio.c:81:8: [3] (tmpfile) GetTempFileName: Temporary file race condition in certain cases (e.g., if run as SYSTEM in many versions of Windows) (CWE-377). gchar *GetTempFileName(gchar *fileSchema) data/searchmonkey-0.8.3/src/systemio.c:85:12: [3] (tmpfile) tempnam: Temporary file race condition (CWE-377). tmpFile = tempnam(NULL, fileSchema ); data/searchmonkey-0.8.3/src/systemio.c:228:67: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (dialog), g_get_home_dir()); data/searchmonkey-0.8.3/src/systemio.c:1149:23: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. retStr = g_strdup(g_get_home_dir()); data/searchmonkey-0.8.3/src/systemio.c:1169:31: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tmpStr[1] = g_strconcat(g_get_home_dir(), &tmpStr[0][2], NULL); data/searchmonkey-0.8.3/src/systemio.h:29:8: [3] (tmpfile) GetTempFileName: Temporary file race condition in certain cases (e.g., if run as SYSTEM in many versions of Windows) (CWE-377). gchar *GetTempFileName(gchar *fileSchema); data/searchmonkey-0.8.3/src/search.c:132:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outputFile = fopen(path_to_tmp_file,"w"); data/searchmonkey-0.8.3/src/search.c:234:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outputFile = fopen(path_to_tmp_file,"w"); data/searchmonkey-0.8.3/src/search.c:407:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outputFile = fopen(path_to_tmp_file,"w"); data/searchmonkey-0.8.3/src/search.c:1666:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80];/* added by Luc A., 27/12/2017 */ data/searchmonkey-0.8.3/src/systemio.c:587:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. tmpStr = (char *)G_EXE_LIST[exeData->i][exeData->j]; data/searchmonkey-0.8.3/src/search.c:140:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(j=0; j<strlen(text_of_page);j++) data/searchmonkey-0.8.3/src/search.c:317:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(str , sizeof(gchar), strlen(str), outputFile); data/searchmonkey-0.8.3/src/search.c:445:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(str , sizeof(gchar), strlen(str), outputFile); data/searchmonkey-0.8.3/src/search.c:1284:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( g_ascii_strncasecmp (&tmpFileName[strlen(tmpFileName)-4],"docx", 4) == 0 ) data/searchmonkey-0.8.3/src/search.c:1294:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( g_ascii_strncasecmp (&tmpFileName[strlen(tmpFileName)-3],"odt", 3) == 0 ) data/searchmonkey-0.8.3/src/search.c:1310:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( g_ascii_strncasecmp (&tmpFileName[strlen(tmpFileName)-3],"pdf", 3) == 0 ) data/searchmonkey-0.8.3/src/systemio.c:52:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(str)==0) data/searchmonkey-0.8.3/src/systemio.c:54:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=0;i<=strlen(str);i++) ANALYSIS SUMMARY: Hits = 28 Lines analyzed = 13507 in approximately 0.36 seconds (37970 lines/second) Physical Source Lines of Code (SLOC) = 10323 Hits@level = [0] 17 [1] 8 [2] 5 [3] 13 [4] 2 [5] 0 Hits@level+ = [0+] 45 [1+] 28 [2+] 20 [3+] 15 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 4.3592 [1+] 2.71239 [2+] 1.93742 [3+] 1.45307 [4+] 0.193742 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.