Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tlsh-3.4.4+20151206/src/gen_arr2.cpp
Examining data/tlsh-3.4.4+20151206/src/tlsh_util.cpp
Examining data/tlsh-3.4.4+20151206/src/tlsh_impl.cpp
Examining data/tlsh-3.4.4+20151206/src/tlsh.cpp
Examining data/tlsh-3.4.4+20151206/include/tlsh_util.h
Examining data/tlsh-3.4.4+20151206/include/tlsh_impl.h
Examining data/tlsh-3.4.4+20151206/include/tlsh.h
Examining data/tlsh-3.4.4+20151206/py_ext/tlshmodule.cpp
Examining data/tlsh-3.4.4+20151206/test/simple_unittest.cpp
Examining data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp
Examining data/tlsh-3.4.4+20151206/test/tlsh_version.cpp
Examining data/tlsh-3.4.4+20151206/utils/rand_tags.cpp
FINAL RESULTS:
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:56:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int x = abs((int) random()) % total;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:164:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() % 6 == 1)
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:167:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() % 20 == 1) {
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:168:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() % 10 == 1)
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:179:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() % 10 == 1) {
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:210:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:371:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() % 10 == 1) {
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:375:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
} else if (random() % 20 == 1) {
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:378:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
} else if (random() % 3 == 1) {
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:385:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
} else if (random() % 3 == 1) {
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:402:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int ntags = random() % 32;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:405:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() % 2 == 1)
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:490:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int nrow = random() % MAX_ROW;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:491:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int ncol = random() % MAX_COL;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:492:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() % 2 == 1)
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:494:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() % 2 == 1)
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:496:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() % 2 == 1)
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:498:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() % 2 == 1)
data/tlsh-3.4.4+20151206/include/tlsh_impl.h:65:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char slide_window[SLIDING_WND_SIZE];
data/tlsh-3.4.4+20151206/include/tlsh_impl.h:69:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char checksum[TLSH_CHECKSUM_LEN]; // 1 to 3 bytes
data/tlsh-3.4.4+20151206/include/tlsh_impl.h:78:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp_code[CODE_SIZE]; // 32/64 bytes
data/tlsh-3.4.4+20151206/py_ext/tlshmodule.cpp:281:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[TLSH_STRING_LEN + 1];
data/tlsh-3.4.4+20151206/src/tlsh.cpp:39:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char versionBuf[256];
data/tlsh-3.4.4+20151206/src/tlsh_util.cpp:24:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char v_table[256] = {
data/tlsh-3.4.4+20151206/src/tlsh_util.cpp:4716:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char HexLookup[513]= {
data/tlsh-3.4.4+20151206/test/simple_unittest.cpp:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minSizeBuffer1[512];
data/tlsh-3.4.4+20151206/test/simple_unittest.cpp:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minSizeBuffer2[1024];
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:119:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen(fname, "r");
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:153:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fname, "r");
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[2000];
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_fname[2000];
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:323:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(listname, "r");
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:363:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:364:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(listname, "r");
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[2000];
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:484:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[2000];
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:636:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threshold = atoi(argv[argIdx+1]);
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:87:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *anchor_tag_str = (char *) anchor_def[anchor_tag].s;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:133:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *head_tag_str = (char *) head_def[head_tag].s;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:139:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *meta_tag_str = (char *) meta_def[meta_tag].s;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:145:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
meta_tag_str = (char *) meta_def[meta_tag].s;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:175:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *html_tag_str = (char *) html_def[html_tag].s;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:186:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
body_tag_str = (char *) body_def[body_tag].s;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:228:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1000];
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:231:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "w");
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:380:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *oneoff_tag_str = (char *) oneoff_def[oneoff_tag].s;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:389:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rtag_str = (char *) random_def[rtag].s;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:482:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * col_tag_str[MAX_COL];
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:485:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *table_tag_str = (char *) table_def[table_tag].s;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:508:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
row_tag_str = (char *) tr_def[row_tag].s;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:511:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
col_tag_str[ci] = (char *) td_def[col_tag].s;
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:577:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start_seed = atoi(argv[argIdx+1]);
data/tlsh-3.4.4+20151206/utils/rand_tags.cpp:582:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end_seed = atoi(argv[argIdx+1]);
data/tlsh-3.4.4+20151206/src/tlsh_impl.cpp:202:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(buffer, "", bufSize);
data/tlsh-3.4.4+20151206/src/tlsh_impl.cpp:206:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(buffer, "", bufSize);
data/tlsh-3.4.4+20151206/test/simple_unittest.cpp:38:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len1 = strlen(str1);
data/tlsh-3.4.4+20151206/test/simple_unittest.cpp:39:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len2 = strlen(str2);
data/tlsh-3.4.4+20151206/test/simple_unittest.cpp:46:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(minSizeBuffer1, str1, len1);
data/tlsh-3.4.4+20151206/test/simple_unittest.cpp:54:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(minSizeBuffer2, str2, len2);
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:93:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname_offset = tab - filename + strlen(curTab);
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:100:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname_offset = newline - filename + strlen(curNewline);
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:108:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname_offset = linefeed - filename + strlen(curLinefeed);
data/tlsh-3.4.4+20151206/test/tlsh_unittest.cpp:374:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
ANALYSIS SUMMARY:
Hits = 64
Lines analyzed = 7433 in approximately 0.46 seconds (16237 lines/second)
Physical Source Lines of Code (SLOC) = 6851
Hits@level = [0] 132 [1] 10 [2] 36 [3] 18 [4] 0 [5] 0
Hits@level+ = [0+] 196 [1+] 64 [2+] 54 [3+] 18 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 28.609 [1+] 9.3417 [2+] 7.88206 [3+] 2.62735 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.