Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/searchmonkey-0.8.3/src/main.c
Examining data/searchmonkey-0.8.3/src/support.c
Examining data/searchmonkey-0.8.3/src/support.h
Examining data/searchmonkey-0.8.3/src/interface.c
Examining data/searchmonkey-0.8.3/src/interface.h
Examining data/searchmonkey-0.8.3/src/callbacks.c
Examining data/searchmonkey-0.8.3/src/callbacks.h
Examining data/searchmonkey-0.8.3/src/search.c
Examining data/searchmonkey-0.8.3/src/search.h
Examining data/searchmonkey-0.8.3/src/savestate.c
Examining data/searchmonkey-0.8.3/src/savestate.h
Examining data/searchmonkey-0.8.3/src/regexwizard.c
Examining data/searchmonkey-0.8.3/src/regexwizard.h
Examining data/searchmonkey-0.8.3/src/systemio.c
Examining data/searchmonkey-0.8.3/src/systemio.h
Examining data/searchmonkey-0.8.3/src/misc.h
Examining data/searchmonkey-0.8.3/src/lgpl.h
Examining data/searchmonkey-0.8.3/src/misc.c
FINAL RESULTS:
data/searchmonkey-0.8.3/src/search.c:213:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,zip_strerror(archive));
data/searchmonkey-0.8.3/src/search.c:387:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,zip_strerror(archive));
data/searchmonkey-0.8.3/src/main.c:61:34: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gConfigFile = g_build_filename(g_get_home_dir(), "." PACKAGE, SEARCHMONKEY_CONFIG, NULL); /* Create hidden directory to store searchmonkey data */
data/searchmonkey-0.8.3/src/main.c:82:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "?d:f:t:")) != -1)
data/searchmonkey-0.8.3/src/savestate.c:227:45: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
addUniqueRow(GTK_WIDGET(tmpCombo), g_get_home_dir()); /* Set default look in folder */
data/searchmonkey-0.8.3/src/savestate.c:238:45: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
addUniqueRow(GTK_WIDGET(tmpCombo), g_get_home_dir()); /* Set default look in folder */
data/searchmonkey-0.8.3/src/search.c:1286:63: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
tmpExtractedFile = DocXCheckFile((gchar*)tmpFileName, GetTempFileName("monkey") );
data/searchmonkey-0.8.3/src/search.c:1299:62: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
tmpExtractedFile = ODTCheckFile((gchar*)tmpFileName, GetTempFileName("monkey") );
data/searchmonkey-0.8.3/src/search.c:1314:62: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
tmpExtractedFile = PDFCheckFile((gchar*)tmpFileName, GetTempFileName("monkey") );
data/searchmonkey-0.8.3/src/systemio.c:81:8: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
gchar *GetTempFileName(gchar *fileSchema)
data/searchmonkey-0.8.3/src/systemio.c:85:12: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
tmpFile = tempnam(NULL, fileSchema );
data/searchmonkey-0.8.3/src/systemio.c:228:67: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gtk_file_chooser_set_current_folder (GTK_FILE_CHOOSER (dialog), g_get_home_dir());
data/searchmonkey-0.8.3/src/systemio.c:1149:23: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
retStr = g_strdup(g_get_home_dir());
data/searchmonkey-0.8.3/src/systemio.c:1169:31: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
tmpStr[1] = g_strconcat(g_get_home_dir(), &tmpStr[0][2], NULL);
data/searchmonkey-0.8.3/src/systemio.h:29:8: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
gchar *GetTempFileName(gchar *fileSchema);
data/searchmonkey-0.8.3/src/search.c:132:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputFile = fopen(path_to_tmp_file,"w");
data/searchmonkey-0.8.3/src/search.c:234:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputFile = fopen(path_to_tmp_file,"w");
data/searchmonkey-0.8.3/src/search.c:407:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputFile = fopen(path_to_tmp_file,"w");
data/searchmonkey-0.8.3/src/search.c:1666:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];/* added by Luc A., 27/12/2017 */
data/searchmonkey-0.8.3/src/systemio.c:587:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tmpStr = (char *)G_EXE_LIST[exeData->i][exeData->j];
data/searchmonkey-0.8.3/src/search.c:140:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j=0; j<strlen(text_of_page);j++)
data/searchmonkey-0.8.3/src/search.c:317:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(str , sizeof(gchar), strlen(str), outputFile);
data/searchmonkey-0.8.3/src/search.c:445:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(str , sizeof(gchar), strlen(str), outputFile);
data/searchmonkey-0.8.3/src/search.c:1284:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( g_ascii_strncasecmp (&tmpFileName[strlen(tmpFileName)-4],"docx", 4) == 0 )
data/searchmonkey-0.8.3/src/search.c:1294:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( g_ascii_strncasecmp (&tmpFileName[strlen(tmpFileName)-3],"odt", 3) == 0 )
data/searchmonkey-0.8.3/src/search.c:1310:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( g_ascii_strncasecmp (&tmpFileName[strlen(tmpFileName)-3],"pdf", 3) == 0 )
data/searchmonkey-0.8.3/src/systemio.c:52:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(str)==0)
data/searchmonkey-0.8.3/src/systemio.c:54:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<=strlen(str);i++)
ANALYSIS SUMMARY:
Hits = 28
Lines analyzed = 13507 in approximately 0.36 seconds (37970 lines/second)
Physical Source Lines of Code (SLOC) = 10323
Hits@level = [0] 17 [1] 8 [2] 5 [3] 13 [4] 2 [5] 0
Hits@level+ = [0+] 45 [1+] 28 [2+] 20 [3+] 15 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 4.3592 [1+] 2.71239 [2+] 1.93742 [3+] 1.45307 [4+] 0.193742 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.