stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/telepathy-logger-0.8.2/extensions/_gen/interfaces.h
Examining data/telepathy-logger-0.8.2/extensions/_gen/svc-misc.h
Examining data/telepathy-logger-0.8.2/extensions/_gen/enums.h
Examining data/telepathy-logger-0.8.2/extensions/_gen/gtypes.h
Examining data/telepathy-logger-0.8.2/extensions/_gen/cli-misc.h
Examining data/telepathy-logger-0.8.2/extensions/extensions.c
Examining data/telepathy-logger-0.8.2/extensions/extensions.h
Examining data/telepathy-logger-0.8.2/extensions/extensions-cli.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/action-chain-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/call-event.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/call-channel-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-manager-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/util-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/text-event.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store-empathy-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/text-event-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store-xml-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/client-factory.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store-sqlite-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/dbus-service-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/util.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/action-chain.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/event.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-iter-pidgin-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/observer.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-iter.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/entity.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/call-event.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store-factory-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/entity.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/call-channel.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/debug.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store-pidgin.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store-xml.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/entity-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/observer-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store-factory.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/conf-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/conf.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-manager.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store-pidgin-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/event-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-iter-xml-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/dbus-service.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-iter-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/text-channel.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/telepathy-logger.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store-empathy.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/text-event.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/text-channel-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/debug-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-iter-xml.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/call-event-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/client-factory-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-iter-pidgin.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-walker.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-walker-internal.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/event.h
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-manager.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-store-sqlite.c
Examining data/telepathy-logger-0.8.2/telepathy-logger/log-walker.c
Examining data/telepathy-logger-0.8.2/tests/lib/util.h
Examining data/telepathy-logger-0.8.2/tests/lib/textchan-null.h
Examining data/telepathy-logger-0.8.2/tests/lib/textchan-null.c
Examining data/telepathy-logger-0.8.2/tests/lib/simple-account.c
Examining data/telepathy-logger-0.8.2/tests/lib/util.c
Examining data/telepathy-logger-0.8.2/tests/lib/simple-conn.c
Examining data/telepathy-logger-0.8.2/tests/lib/contacts-conn.c
Examining data/telepathy-logger-0.8.2/tests/lib/contacts-conn.h
Examining data/telepathy-logger-0.8.2/tests/lib/simple-account-manager.h
Examining data/telepathy-logger-0.8.2/tests/lib/simple-account-manager.c
Examining data/telepathy-logger-0.8.2/tests/lib/simple-conn.h
Examining data/telepathy-logger-0.8.2/tests/lib/simple-account.h
Examining data/telepathy-logger-0.8.2/tests/test-tpl-conf.c
Examining data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-store-xml.c
Examining data/telepathy-logger-0.8.2/tests/dbus/test-entity.c
Examining data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-iter-xml.c
Examining data/telepathy-logger-0.8.2/tests/dbus/test-log-manager.c
Examining data/telepathy-logger-0.8.2/tests/dbus/test-tpl-observer.c
Examining data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-iter-pidgin.c
Examining data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-walker.c
Examining data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-store-pidgin.c
Examining data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-store-sqlite.c
Examining data/telepathy-logger-0.8.2/src/test-api.c
Examining data/telepathy-logger-0.8.2/src/telepathy-logger.c

FINAL RESULTS:

data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-store-xml.c:34:13:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  g_assert (system (command) == 0);
data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-store-xml.c:38:13:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  g_assert (system (command) == 0);
data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-store-xml.c:43:13:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  g_assert (system (command) == 0);
data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-store-xml.c:100:11:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      if (system (command) == -1)
data/telepathy-logger-0.8.2/telepathy-logger/log-store-pidgin.c:210:48:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
        dir = g_build_path (G_DIR_SEPARATOR_S, g_get_home_dir (), ".purple",
data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-store-pidgin.c:256:42:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  dir = g_build_path (G_DIR_SEPARATOR_S, g_get_home_dir (), ".purple",
data/telepathy-logger-0.8.2/tests/dbus/test-tpl-log-store-xml.c:82:7:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
      g_get_tmp_dir (), "logger-test-logs", NULL);
data/telepathy-logger-0.8.2/telepathy-logger/log-manager.c:230:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (copy, list, sizeof (GList));
data/telepathy-logger-0.8.2/telepathy-logger/dbus-service.c:532:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      file_contents, strlen (file_contents), NULL, FALSE,
data/telepathy-logger-0.8.2/telepathy-logger/debug-internal.h:71:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    _path += strlen (TP_CONN_OBJECT_PATH_BASE); \
data/telepathy-logger-0.8.2/telepathy-logger/debug-internal.h:73:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    _path += strlen (TP_ACCOUNT_OBJECT_PATH_BASE); \
data/telepathy-logger-0.8.2/telepathy-logger/debug-internal.h:92:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    _path += strlen (TP_CONN_OBJECT_PATH_BASE); \
data/telepathy-logger-0.8.2/telepathy-logger/debug-internal.h:94:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    _path += strlen (TP_ACCOUNT_OBJECT_PATH_BASE); \
data/telepathy-logger-0.8.2/telepathy-logger/event-internal.h:39:14:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  gboolean (*equal) (TplEvent *event1, TplEvent *event2);
data/telepathy-logger-0.8.2/telepathy-logger/event.c:388:38:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  return TPL_EVENT_GET_CLASS (self)->equal (self, data);
data/telepathy-logger-0.8.2/telepathy-logger/log-store-pidgin.c:286:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        id = g_strndup (orig_id, strlen (orig_id) - 2);
data/telepathy-logger-0.8.2/telepathy-logger/log-store-pidgin.c:568:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    id = g_strndup (strv[len-2], (strlen (strv[len-2]) - 5));
data/telepathy-logger-0.8.2/telepathy-logger/log-store-pidgin.c:1012:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          gchar *id = g_strndup (name, strlen (name) - 5);
data/telepathy-logger-0.8.2/telepathy-logger/log-store-sqlite.c:305:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen (TP_ACCOUNT_OBJECT_PATH_BASE);
data/telepathy-logger-0.8.2/telepathy-logger/log-store-sqlite.c:313:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen (TP_ACCOUNT_OBJECT_PATH_BASE);
data/telepathy-logger-0.8.2/telepathy-logger/log-store-sqlite.c:321:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen (TP_CONN_OBJECT_PATH_BASE);
data/telepathy-logger-0.8.2/telepathy-logger/log-store-xml.c:246:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name += strlen (TP_ACCOUNT_OBJECT_PATH_BASE);
data/telepathy-logger-0.8.2/telepathy-logger/log-store-xml.c:418:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        fseek (file, -strlen (LOG_FOOTER), SEEK_END);
data/telepathy-logger-0.8.2/telepathy-logger/text-event.c:184:57:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  return TPL_EVENT_CLASS (tpl_text_event_parent_class)->equal (event1, event2)

ANALYSIS SUMMARY:

Hits = 24
Lines analyzed = 23343 in approximately 0.47 seconds (49812 lines/second)
Physical Source Lines of Code (SLOC) = 16018
Hits@level = [0]   3 [1]  16 [2]   1 [3]   3 [4]   4 [5]   0
Hits@level+ = [0+]  27 [1+]  24 [2+]   8 [3+]   7 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 1.6856 [1+] 1.49831 [2+] 0.499438 [3+] 0.437008 [4+] 0.249719 [5+]   0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.