Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp
Examining data/solarpowerlog-0.24/src/Connections/CAsyncCommand.h
Examining data/solarpowerlog-0.24/src/Connections/factories/IConnectFactory.h
Examining data/solarpowerlog-0.24/src/Connections/factories/IConnectFactory.cpp
Examining data/solarpowerlog-0.24/src/Connections/CConnectDummy.cpp
Examining data/solarpowerlog-0.24/src/Connections/interfaces/IConnect.cpp
Examining data/solarpowerlog-0.24/src/Connections/interfaces/IConnect.h
Examining data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp
Examining data/solarpowerlog-0.24/src/Connections/CConnectDummy.h
Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnection.cpp
Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnectionMaster.h
Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnection.h
Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnectionMaster.cpp
Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnectionSlave.cpp
Examining data/solarpowerlog-0.24/src/Connections/sharedconnection/CSharedConnectionSlave.h
Examining data/solarpowerlog-0.24/src/Connections/CAsyncCommand.cpp
Examining data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.h
Examining data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.h
Examining data/solarpowerlog-0.24/src/interfaces/CTimedWork.h
Examining data/solarpowerlog-0.24/src/interfaces/CMutexHelper.h
Examining data/solarpowerlog-0.24/src/interfaces/CDebugHelper.h
Examining data/solarpowerlog-0.24/src/interfaces/CWorkScheduler.cpp
Examining data/solarpowerlog-0.24/src/interfaces/CCapability.cpp
Examining data/solarpowerlog-0.24/src/interfaces/CMutexHelper.cpp
Examining data/solarpowerlog-0.24/src/interfaces/CTimedWork.cpp
Examining data/solarpowerlog-0.24/src/interfaces/CCapability.h
Examining data/solarpowerlog-0.24/src/interfaces/CWorkScheduler.h
Examining data/solarpowerlog-0.24/src/interfaces/CDebugHelper.cpp
Examining data/solarpowerlog-0.24/src/daemon.h
Examining data/solarpowerlog-0.24/src/DataFilters/interfaces/IDataFilter.h
Examining data/solarpowerlog-0.24/src/DataFilters/interfaces/factories/IDataFilterFactory.h
Examining data/solarpowerlog-0.24/src/DataFilters/interfaces/factories/IDataFilterFactory.cpp
Examining data/solarpowerlog-0.24/src/DataFilters/interfaces/IDataFilter.cpp
Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp
Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/CFormaterWebRootStrip.cpp
Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/IFormater.h
Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/CFormatterSearchCSVEntry.h
Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/CFormatterSearchCSVEntry.cpp
Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/CFormaterWebRootStrip.h
Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/formatter/IFormater.cpp
Examining data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.h
Examining data/solarpowerlog-0.24/src/DataFilters/CCSVOutputFilter.cpp
Examining data/solarpowerlog-0.24/src/DataFilters/CCSVOutputFilter.h
Examining data/solarpowerlog-0.24/src/DataFilters/CDumpOutputFilter.h
Examining data/solarpowerlog-0.24/src/DataFilters/CDumpOutputFilter.cpp
Examining data/solarpowerlog-0.24/src/daemon.cpp
Examining data/solarpowerlog-0.24/src/configuration/ILogger.cpp
Examining data/solarpowerlog-0.24/src/configuration/CConfigHelper.cpp
Examining data/solarpowerlog-0.24/src/configuration/ILogger.h
Examining data/solarpowerlog-0.24/src/configuration/Registry.h
Examining data/solarpowerlog-0.24/src/configuration/CConfigHelper.h
Examining data/solarpowerlog-0.24/src/configuration/Registry.cpp
Examining data/solarpowerlog-0.24/src/porting.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandSoftwareVersion.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandSoftwareVersion.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandTYP.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/ISputnikCommand.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommand.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandSYS.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandSYS.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/ISputnikCommand.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOOnce.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOAlways.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/ISputnikCommandBackoffStrategy.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/ISputnikCommandBackoffStrategy.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOIfSupported.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOTimed.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOOnce.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOTimed.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOAlways.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/BackoffStrategies/CSputnikCmdBOIfSupported.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommand.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/SputnikCommand/CSputnikCommandTYP.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterFactorySputnik.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.h
Examining data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterFactorySputnik.cpp
Examining data/solarpowerlog-0.24/src/Inverters/factories/InverterFactoryFactory.h
Examining data/solarpowerlog-0.24/src/Inverters/factories/IInverterFactory.cpp
Examining data/solarpowerlog-0.24/src/Inverters/factories/IInverterFactory.h
Examining data/solarpowerlog-0.24/src/Inverters/factories/InverterFactoryFactory.cpp
Examining data/solarpowerlog-0.24/src/Inverters/interfaces/ICapaIterator.cpp
Examining data/solarpowerlog-0.24/src/Inverters/interfaces/CNestedCapaIterator.cpp
Examining data/solarpowerlog-0.24/src/Inverters/interfaces/InverterBase.cpp
Examining data/solarpowerlog-0.24/src/Inverters/interfaces/InverterBase.h
Examining data/solarpowerlog-0.24/src/Inverters/interfaces/ICapaIterator.h
Examining data/solarpowerlog-0.24/src/Inverters/interfaces/CNestedCapaIterator.h
Examining data/solarpowerlog-0.24/src/Inverters/Capabilites.h
Examining data/solarpowerlog-0.24/src/Inverters/BasicCommands.h
Examining data/solarpowerlog-0.24/src/Inverters/DummyInverter/CInverterDummy.cpp
Examining data/solarpowerlog-0.24/src/Inverters/DummyInverter/CInverterFactoryDummy.h
Examining data/solarpowerlog-0.24/src/Inverters/DummyInverter/CInverterFactoryDummy.cpp
Examining data/solarpowerlog-0.24/src/Inverters/DummyInverter/CInverterDummy.h
Examining data/solarpowerlog-0.24/src/ctemplate/ctemplate.c
Examining data/solarpowerlog-0.24/src/ctemplate/ctemplate.h
Examining data/solarpowerlog-0.24/src/patterns/ICommandTarget.h
Examining data/solarpowerlog-0.24/src/patterns/ICommand.cpp
Examining data/solarpowerlog-0.24/src/patterns/ICommandTarget.cpp
Examining data/solarpowerlog-0.24/src/patterns/IObserverObserver.cpp
Examining data/solarpowerlog-0.24/src/patterns/CValue.h
Examining data/solarpowerlog-0.24/src/patterns/ICommand.h
Examining data/solarpowerlog-0.24/src/patterns/IValue.h
Examining data/solarpowerlog-0.24/src/patterns/IValue.cpp
Examining data/solarpowerlog-0.24/src/patterns/IObserverObserver.h
Examining data/solarpowerlog-0.24/src/patterns/IObserverSubject.h
Examining data/solarpowerlog-0.24/src/patterns/IObserverSubject.cpp
Examining data/solarpowerlog-0.24/src/solarpowerlog.cpp
FINAL RESULTS:
data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:75:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
asyncASIOCompletionHandler(size_t *b, boost::system::error_code *ec)
data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:81:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void operator()(const boost::system::error_code& e,
data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:90:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code *ec;
data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:112:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:421:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:457:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (boost::system::system_error &e) {
data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:474:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec, ec2;
data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:524:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec, handlerec;
data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:731:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec, handlerec;
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:71:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
asyncASIOCompletionHandler( size_t *b, boost::system::error_code *ec )
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:75:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void operator()( const boost::system::error_code& e,
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:82:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
void operator() (const boost::system::error_code& e)
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:90:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code *ec;
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:122:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:340:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code handlerec;
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:378:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:449:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec, ec2;
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:502:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:503:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code read_handlerec;
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:671:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:672:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code write_handlerec;
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:844:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
boost::system::error_code ec;
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:851:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (boost::system::system_error &e) {
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1145:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(newfile, inclfile);
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1147:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newfile, parentfile);
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1149:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp == 0 ? newfile : cp + 1, inclfile + 4);
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1319:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(var->value, value);
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1320:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
var->name = strcpy(var->value + vlen, name);
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1460:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newfmt->name, name);
data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:434:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ec = port->open(portname, ec);
data/solarpowerlog-0.24/src/Connections/CConnectSerialAsio.cpp:529:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2] = {0,0};
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:507:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/solarpowerlog-0.24/src/Connections/CConnectTCPAsio.cpp:620:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recved[avail + 2];
data/solarpowerlog-0.24/src/DataFilters/CCSVOutputFilter.cpp:293:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[tmp.size() + 10];
data/solarpowerlog-0.24/src/DataFilters/CCSVOutputFilter.cpp:309:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(tmp.c_str(), fstream::out | fstream::in | fstream::app
data/solarpowerlog-0.24/src/DataFilters/CCSVOutputFilter.cpp:315:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(tmp.c_str(), fstream::out | fstream::app | fstream::binary);
data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp:309:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fs.open(s.c_str(), fstream::out | fstream::trunc | fstream::binary);
data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp:314:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fs.open(s.c_str(), fstream::out | fstream::app | fstream::binary);
data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp:515:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[htmlfile.size() + 10]; //note: the %s will be removed, so +10 is enough.
data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp:524:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(buf, "w+");
data/solarpowerlog-0.24/src/DataFilters/HTMLWriter/CHTMLWriter.cpp:530:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(htmlfile.c_str(), "w+");
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:652:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:654:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%02x", (unsigned char) s[i]);
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:780:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:531:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:533:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%02x", (unsigned char)s[i]);
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:696:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:698:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%02x", (unsigned char)s[i]);
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:895:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/solarpowerlog-0.24/src/configuration/CConfigHelper.h:352:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
store = (const char *)set[setting.c_str()][index];
data/solarpowerlog-0.24/src/configuration/CConfigHelper.h:385:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
store = (const char *) set[i][index];
data/solarpowerlog-0.24/src/configuration/CConfigHelper.h:409:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
store = (const char *) set[i][index];
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1]; /* name of format function */
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[1]; /* value and name stored here */
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:241:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) != 0 &&
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:494:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, p, i);
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:715:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((level = atoi(value)) < 1 || level > t->loop_depth) {
data/solarpowerlog-0.24/src/daemon.cpp:107:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pidfile_fd = open(pidfile.c_str(),O_WRONLY | O_CREAT | O_EXCL,
data/solarpowerlog-0.24/src/daemon.cpp:172:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/solarpowerlog-0.24/src/solarpowerlog.cpp:207:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/solarpowerlog-0.24/src/solarpowerlog.cpp:369:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
name = (const char *) rt[i]["name"];
data/solarpowerlog-0.24/src/solarpowerlog.cpp:370:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
manufactor = (const char *) rt[i]["manufactor"];
data/solarpowerlog-0.24/src/solarpowerlog.cpp:371:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
model = (const char *) rt[i]["model"];
data/solarpowerlog-0.24/src/solarpowerlog.cpp:445:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
name = (const char *) rt[i]["name"];
data/solarpowerlog-0.24/src/solarpowerlog.cpp:446:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
previousfilter = (const char *) rt[i]["datasource"];
data/solarpowerlog-0.24/src/solarpowerlog.cpp:447:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
type = (const char *) rt[i]["type"];
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:782:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf) + telegram.length() + 10 + 6;
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:925:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while (++i < strlen(delimiters));
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:937:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while (++i < strlen(delimiters));
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:955:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while (++i < strlen(delimiters));
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeries.cpp:964:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while (++i < strlen(delimiters));
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:1041:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while (++i < strlen(delimiters));
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:1052:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while (++i < strlen(delimiters));
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:1070:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while (++i < strlen(delimiters));
data/solarpowerlog-0.24/src/Inverters/SputnikEngineering/CInverterSputnikSSeriesSimulator.cpp:1078:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while (++i < strlen(delimiters));
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:456:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen(attrname);
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1143:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newfile = mymalloc(strlen(parentfile) + strlen(inclfile));
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1143:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newfile = mymalloc(strlen(parentfile) + strlen(inclfile));
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1316:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(name) + 1;
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1317:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen = strlen(value) + 1;
data/solarpowerlog-0.24/src/ctemplate/ctemplate.c:1459:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newfmt = (TMPL_fmtlist *) mymalloc(sizeof(*newfmt) + strlen(name));
data/solarpowerlog-0.24/src/daemon.cpp:165:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/solarpowerlog-0.24/src/daemon.cpp:174:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(pidfile_fd,buf,strlen(buf));
ANALYSIS SUMMARY:
Hits = 84
Lines analyzed = 19489 in approximately 0.50 seconds (39042 lines/second)
Physical Source Lines of Code (SLOC) = 9950
Hits@level = [0] 27 [1] 17 [2] 38 [3] 0 [4] 29 [5] 0
Hits@level+ = [0+] 111 [1+] 84 [2+] 67 [3+] 29 [4+] 29 [5+] 0
Hits/KSLOC@level+ = [0+] 11.1558 [1+] 8.44221 [2+] 6.73367 [3+] 2.91457 [4+] 2.91457 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.