Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ukopp-4.9/zfuncs.h
Examining data/ukopp-4.9/zfuncs.cc
Examining data/ukopp-4.9/ukopp-4.9.cc
FINAL RESULTS:
data/ukopp-4.9/ukopp-4.9.cc:2866:4: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(TFformatscript,0744);
data/ukopp-4.9/ukopp-4.9.cc:3070:16: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
err = chown(file,uid,gid);
data/ukopp-4.9/ukopp-4.9.cc:3072:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
err = chmod(file,perms);
data/ukopp-4.9/ukopp-4.9.cc:3117:16: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
err = chown(file2,uid,gid);
data/ukopp-4.9/ukopp-4.9.cc:3119:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
err = chmod(file2,perms);
data/ukopp-4.9/ukopp-4.9.cc:3900:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(file2,fstat1.st_mode);
data/ukopp-4.9/ukopp-4.9.cc:3901:13: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
err = chown(file2,fstat1.st_uid,fstat1.st_gid);
data/ukopp-4.9/ukopp-4.9.cc:3916:13: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
rcc = readlink(file1,buff,maxfcc);
data/ukopp-4.9/ukopp-4.9.cc:3970:4: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(file2,fstat1.st_mode); // copy owner and permissions
data/ukopp-4.9/ukopp-4.9.cc:3971:10: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
err = chown(file2,fstat1.st_uid,fstat1.st_gid); // from input to output file
data/ukopp-4.9/ukopp-4.9.cc:4008:13: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
vcc = readlink(vfile,vbuff,maxfcc);
data/ukopp-4.9/zfuncs.cc:480:10: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
cc2 = readlink("/proc/self/exe",command+cc1,990);
data/ukopp-4.9/ukopp-4.9.cc:317:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(BJfilespec,argv[++ii]);
data/ukopp-4.9/ukopp-4.9.cc:319:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(BJfilespec,argv[++ii]); clrun++; }
data/ukopp-4.9/ukopp-4.9.cc:320:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(BJfilespec,argv[ii]); // assume a job file and load it
data/ukopp-4.9/ukopp-4.9.cc:431:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"ukopp %s \n",ctime(&datetime)); // v.4.1
data/ukopp-4.9/ukopp-4.9.cc:441:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFbakfiles,"%s/bakfiles",appdirk); // make temp file names
data/ukopp-4.9/ukopp-4.9.cc:442:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFpoopfile,"%s/poopfile",appdirk);
data/ukopp-4.9/ukopp-4.9.cc:443:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFjobfile,"%s/jobfile",appdirk);
data/ukopp-4.9/ukopp-4.9.cc:444:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFdatetime,"%s/datetime",appdirk);
data/ukopp-4.9/ukopp-4.9.cc:445:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFformatscript,"%s/formatscript.sh",appdirk);
data/ukopp-4.9/ukopp-4.9.cc:456:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(BJfspec[1],"%s/*",home); // /home/username/*
data/ukopp-4.9/ukopp-4.9.cc:457:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(BJfspec[2],"%s/*/Trash/*",home); // /home/username/*/Trash/*
data/ukopp-4.9/ukopp-4.9.cc:458:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(BJfspec[3],"%s/.thumbnails/*",home); // /home/username/.thumbnails/*
data/ukopp-4.9/ukopp-4.9.cc:566:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfile,"%s/ukopp.log2",get_zuserdir()); // dump window to log file
data/ukopp-4.9/ukopp-4.9.cc:591:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n""ready \n");
data/ukopp-4.9/ukopp-4.9.cc:596:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** waiting for function to quit \n");
data/ukopp-4.9/ukopp-4.9.cc:600:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** KILL current function \n");
data/ukopp-4.9/ukopp-4.9.cc:650:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("udevadm --version >/dev/null 2>&1"); // keep up with dynamic Linux v.3.4
data/ukopp-4.9/ukopp-4.9.cc:664:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** exceeded %d devices \n",maxdisk);
data/ukopp-4.9/ukopp-4.9.cc:690:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," no devices found \n");
data/ukopp-4.9/ukopp-4.9.cc:715:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(work,name[ii]); \
data/ukopp-4.9/ukopp-4.9.cc:716:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name[ii],name[jj]); \
data/ukopp-4.9/ukopp-4.9.cc:717:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name[jj],work); }
data/ukopp-4.9/ukopp-4.9.cc:758:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text,diskdev[ii]); // /dev/xxx /media/xxx (description)
data/ukopp-4.9/ukopp-4.9.cc:776:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," new target: %s %s \n",BJdev,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:777:17: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:845:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot open job file: %s \n",jobfile);
data/ukopp-4.9/ukopp-4.9.cc:856:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",buff); // output
data/ukopp-4.9/ukopp-4.9.cc:860:23: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:866:23: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:872:20: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:881:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** max job records exceeded \n");
data/ukopp-4.9/ukopp-4.9.cc:912:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot open job file: %s \n",jobfile);
data/ukopp-4.9/ukopp-4.9.cc:951:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n backup job file: %s \n",BJfilespec); // job file v.21
data/ukopp-4.9/ukopp-4.9.cc:956:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",BJfspec[ii]);
data/ukopp-4.9/ukopp-4.9.cc:960:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," include %s%s%d days, %d vers%s \n",
data/ukopp-4.9/ukopp-4.9.cc:962:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog," include %s \n",BJfspec[ii]);
data/ukopp-4.9/ukopp-4.9.cc:966:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," exclude %s \n",BJfspec[ii]);
data/ukopp-4.9/ukopp-4.9.cc:969:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," verify %s \n",vertype[BJvmode]); // verify xxxx
data/ukopp-4.9/ukopp-4.9.cc:970:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," target %s %s \n",BJdev,BJdirk); // target /dev/xxx /xxxxxx
data/ukopp-4.9/ukopp-4.9.cc:1032:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(editwidget,"%s\n",BJfspec[ii]);
data/ukopp-4.9/ukopp-4.9.cc:1036:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(editwidget,"include %s%s%d,%d%s\n",
data/ukopp-4.9/ukopp-4.9.cc:1038:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(editwidget,"include %s\n",BJfspec[ii]);
data/ukopp-4.9/ukopp-4.9.cc:1042:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(editwidget,"exclude %s\n",BJfspec[ii]);
data/ukopp-4.9/ukopp-4.9.cc:1093:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(BJdev,orgBJdev); // restore original target v.4.1
data/ukopp-4.9/ukopp-4.9.cc:1094:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(BJdirk,orgBJdirk);
data/ukopp-4.9/ukopp-4.9.cc:1107:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," target: %s \n",text);
data/ukopp-4.9/ukopp-4.9.cc:1109:17: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:1121:12: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
pp = wscanf(editwidget,ftf);
data/ukopp-4.9/ukopp-4.9.cc:1126:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"%s \n *** %s \n",pp,errmess);
data/ukopp-4.9/ukopp-4.9.cc:1215:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** error: %s file: %s \n",strerror(errno),file2);
data/ukopp-4.9/ukopp-4.9.cc:1226:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(editwidget,"include %s%s%d,%d%s\n",file2,RSEP1,days,vers,RSEP2);
data/ukopp-4.9/ukopp-4.9.cc:1227:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(editwidget,"include %s""\n",file2);
data/ukopp-4.9/ukopp-4.9.cc:1230:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(editwidget,"exclude %s""\n",file2);
data/ukopp-4.9/ukopp-4.9.cc:1277:15: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
nn = sscanf(pp2,RSEP1" %d , %d "RSEP2,&days,&vers);
data/ukopp-4.9/ukopp-4.9.cc:1388:45: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ii < Ndisk && *diskmp[ii] == '/') strcpy(BJdirk,diskmp[ii]);
data/ukopp-4.9/ukopp-4.9.cc:1394:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ii < Ndisk) strcpy(BJdev,diskdev[ii]);
data/ukopp-4.9/ukopp-4.9.cc:1399:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(BJdirk+6,BJdev+4); // e.g. /media/sdf1
data/ukopp-4.9/ukopp-4.9.cc:1428:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"target is valid and not mounted \n"); // mount to existing empty
data/ukopp-4.9/ukopp-4.9.cc:1441:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mountdev,BJdev); // save for later unmount()
data/ukopp-4.9/ukopp-4.9.cc:1442:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mountdirk,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:1443:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"target is valid and mounted \n");
data/ukopp-4.9/ukopp-4.9.cc:1448:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"target directory is valid \n");
data/ukopp-4.9/ukopp-4.9.cc:1454:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"target is valid and not mounted \n"); // can be created at mount time
data/ukopp-4.9/ukopp-4.9.cc:1484:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog,"backup job has errors \n");
data/ukopp-4.9/ukopp-4.9.cc:1502:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," files: %d bytes: %s \n",Mfiles,formatKBMB(Mbytes,3)); // files and bytes to copy
data/ukopp-4.9/ukopp-4.9.cc:1505:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** nothing to back-up \n");
data/ukopp-4.9/ukopp-4.9.cc:1509:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," using backup directory: %s %s \n",BJdev,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:1514:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," assign new version numbers to modified backup files \n"
data/ukopp-4.9/ukopp-4.9.cc:1536:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n *** %s \n",dfile,errmess); // log error v.4.3
data/ukopp-4.9/ukopp-4.9.cc:1542:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d backup files were assigned new versions \n",upvers);
data/ukopp-4.9/ukopp-4.9.cc:1543:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d backup files were deleted \n",deleted);
data/ukopp-4.9/ukopp-4.9.cc:1544:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d expired versions (%s) were purged \n\n",Pfiles,formatKBMB(Pbytes,3));
data/ukopp-4.9/ukopp-4.9.cc:1553:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-2," %s \n",BD_JOBFILE);
data/ukopp-4.9/ukopp-4.9.cc:1557:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-2," %s \n",BD_DATETIME);
data/ukopp-4.9/ukopp-4.9.cc:1561:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," copying new and modified files from disk to backup location \n\n");
data/ukopp-4.9/ukopp-4.9.cc:1571:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",dfile);
data/ukopp-4.9/ukopp-4.9.cc:1575:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** %s \n",errmess); // log error v.4.3
data/ukopp-4.9/ukopp-4.9.cc:1590:15: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (terrs) wprintf(mLog," *** %d files had backup errors \n",terrs);
data/ukopp-4.9/ukopp-4.9.cc:1595:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup time: %.1f secs \n",bsecs);
data/ukopp-4.9/ukopp-4.9.cc:1597:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup speed: %.2f MB/sec \n",bspeed);
data/ukopp-4.9/ukopp-4.9.cc:1598:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup complete \n");
data/ukopp-4.9/ukopp-4.9.cc:1602:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n");
data/ukopp-4.9/ukopp-4.9.cc:1617:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," ready \n");
data/ukopp-4.9/ukopp-4.9.cc:1625:21: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (terrs > 100) wprintf(mLog," too many errors, giving up \n");
data/ukopp-4.9/ukopp-4.9.cc:1626:22: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else if (errmess) wprintf(mLog," %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:1647:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** job data has errors \n");
data/ukopp-4.9/ukopp-4.9.cc:1657:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," using backup directory: %s %s \n",BJdev,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:1663:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n begin synchronize \n");
data/ukopp-4.9/ukopp-4.9.cc:1670:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-2," %s \n",BD_JOBFILE);
data/ukopp-4.9/ukopp-4.9.cc:1674:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-2," %s \n",BD_DATETIME);
data/ukopp-4.9/ukopp-4.9.cc:1683:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," disk >> backup: %s \n",dfile);
data/ukopp-4.9/ukopp-4.9.cc:1685:20: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:1695:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup >> disk: %s \n",dfile);
data/ukopp-4.9/ukopp-4.9.cc:1697:20: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:1722:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup >> disk: %s \n",dfile);
data/ukopp-4.9/ukopp-4.9.cc:1724:26: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:1729:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," disk >> backup: %s \n",dfile);
data/ukopp-4.9/ukopp-4.9.cc:1731:26: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:1748:17: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:1749:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," ready \n"); // v.3.6
data/ukopp-4.9/ukopp-4.9.cc:1785:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",filespec); // output filespec
data/ukopp-4.9/ukopp-4.9.cc:1789:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** %s \n\n",errmess); // log and count errors
data/ukopp-4.9/ukopp-4.9.cc:1805:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",filespec); // output filespec
data/ukopp-4.9/ukopp-4.9.cc:1809:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** %s \n\n",errmess); // log and count errors
data/ukopp-4.9/ukopp-4.9.cc:1827:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d backup files \n",Bnf);
data/ukopp-4.9/ukopp-4.9.cc:1836:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-2," %s \n",filespec);
data/ukopp-4.9/ukopp-4.9.cc:1839:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-1," *** %s \n",errmess); // log and count error
data/ukopp-4.9/ukopp-4.9.cc:1840:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n");
data/ukopp-4.9/ukopp-4.9.cc:1851:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-2," %s \n",filespec);
data/ukopp-4.9/ukopp-4.9.cc:1854:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-1," *** %s \n",errmess); // log and count error
data/ukopp-4.9/ukopp-4.9.cc:1855:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n");
data/ukopp-4.9/ukopp-4.9.cc:1871:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," Compare to correspending disk files (if present). \n\n");
data/ukopp-4.9/ukopp-4.9.cc:1874:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d backup files \n",Bnf);
data/ukopp-4.9/ukopp-4.9.cc:1892:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-2," %s \n",filespec);
data/ukopp-4.9/ukopp-4.9.cc:1895:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-1," *** %s \n",errmess); // log and count error
data/ukopp-4.9/ukopp-4.9.cc:1896:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n");
data/ukopp-4.9/ukopp-4.9.cc:1908:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-2," %s \n",filespec);
data/ukopp-4.9/ukopp-4.9.cc:1911:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-1," *** %s \n",errmess); // log and count error
data/ukopp-4.9/ukopp-4.9.cc:1912:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n");
data/ukopp-4.9/ukopp-4.9.cc:1924:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup files: %d (%s) \n",vfiles,formatKBMB(vbytes,3));
data/ukopp-4.9/ukopp-4.9.cc:1925:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup file read errors: %d \n",fverrs);
data/ukopp-4.9/ukopp-4.9.cc:1928:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," compare failures: %d \n",fcerrs);
data/ukopp-4.9/ukopp-4.9.cc:1931:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," matching disk names: %d mod times: %d \n",dfiles1,dfiles2);
data/ukopp-4.9/ukopp-4.9.cc:1932:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," compare failures: %d \n",fcerrs);
data/ukopp-4.9/ukopp-4.9.cc:1936:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," verify time: %.1f secs \n",secs);
data/ukopp-4.9/ukopp-4.9.cc:1938:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," verify speed: %.2f MB/sec \n",vspeed);
data/ukopp-4.9/ukopp-4.9.cc:1943:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," ready \n"); // v.3.6
data/ukopp-4.9/ukopp-4.9.cc:1982:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d %9s %s (%d, %d) \n",
data/ukopp-4.9/ukopp-4.9.cc:1985:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d %9s %s \n",BJfiles[ii],formatKBMB(BJbytes[ii],3),BJfspec[ii]);
data/ukopp-4.9/ukopp-4.9.cc:1989:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",BJfspec[ii]);
data/ukopp-4.9/ukopp-4.9.cc:1992:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",BJfspec[ii]);
data/ukopp-4.9/ukopp-4.9.cc:1996:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d %9s TOTALS \n", Dnf, formatKBMB(Dbytes,3));
data/ukopp-4.9/ukopp-4.9.cc:2008:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n disk files: %d backup files: %d \n",Dnf,Bnf);
data/ukopp-4.9/ukopp-4.9.cc:2010:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d disk files not found on backup (new files) \n",nnew);
data/ukopp-4.9/ukopp-4.9.cc:2011:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d files with different data (modified files) \n",nmod);
data/ukopp-4.9/ukopp-4.9.cc:2012:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d backup files not found on disk (deleted files) \n",ndel);
data/ukopp-4.9/ukopp-4.9.cc:2013:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d files with identical data (unchanged files) \n",nunc);
data/ukopp-4.9/ukopp-4.9.cc:2014:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," Total differences: %d files (%s new + modified) \n\n",Mfiles,formatKBMB(Mbytes,3));
data/ukopp-4.9/ukopp-4.9.cc:2049:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %5d %5d %5d %8s %s \n",
data/ukopp-4.9/ukopp-4.9.cc:2052:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppdirk,pdirk); // start new directory
data/ukopp-4.9/ukopp-4.9.cc:2083:23: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (kfiles > 0) wprintf(mLog," %5d %5d %5d %s %s \n", // totals from last directory
data/ukopp-4.9/ukopp-4.9.cc:2121:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d %8s %s \n",
data/ukopp-4.9/ukopp-4.9.cc:2124:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppdirk,pdirk); // start new directory
data/ukopp-4.9/ukopp-4.9.cc:2147:21: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (knew > 0) wprintf(mLog," %6d %8s %s \n", // totals from last directory
data/ukopp-4.9/ukopp-4.9.cc:2169:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d %8s %s \n",
data/ukopp-4.9/ukopp-4.9.cc:2172:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppdirk,pdirk); // start new directory
data/ukopp-4.9/ukopp-4.9.cc:2192:21: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (kmod > 0) wprintf(mLog," %6d %8s %s \n", // totals from last directory
data/ukopp-4.9/ukopp-4.9.cc:2214:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d %8s %s \n",
data/ukopp-4.9/ukopp-4.9.cc:2217:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppdirk,pdirk); // start new directory
data/ukopp-4.9/ukopp-4.9.cc:2238:21: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (kdel > 0) wprintf(mLog," %6d %8s %s \n", // totals from last directory
data/ukopp-4.9/ukopp-4.9.cc:2262:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",Drec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:2271:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",Brec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:2306:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s %s %s %s \n",bmod,copy,dmod,Drec[dii].file);
data/ukopp-4.9/ukopp-4.9.cc:2332:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bfile,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:2333:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bfile,Brec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:2354:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %5d %5d %5d %5d %5d %8s %8s %s \n",
data/ukopp-4.9/ukopp-4.9.cc:2378:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bfile,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:2379:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bfile,Brec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:2390:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %5d %5d %8s %s \n",vers,age,formatKBMB(mb1,3),Brec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:2404:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d files found \n",Dnf);
data/ukopp-4.9/ukopp-4.9.cc:2407:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",Drec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:2421:30: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Brec[ii].lover) wprintf(mLog," %s (+ vers %d-%d) \n",
data/ukopp-4.9/ukopp-4.9.cc:2423:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog," %s \n",Brec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:2446:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n matching disk files: \n");
data/ukopp-4.9/ukopp-4.9.cc:2450:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",Drec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:2452:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n matching backup files: \n");
data/ukopp-4.9/ukopp-4.9.cc:2457:33: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Brec[ii].hiver) wprintf(mLog," %s (+ vers %d-%d) \n",
data/ukopp-4.9/ukopp-4.9.cc:2459:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog," %s \n",Brec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:2467:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," ready \n"); // v.3.6
data/ukopp-4.9/ukopp-4.9.cc:2483:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n Restore files from backup \n");
data/ukopp-4.9/ukopp-4.9.cc:2486:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d backup files found \n",Bnf);
data/ukopp-4.9/ukopp-4.9.cc:2508:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(editwidget,"include %s\n",RJfspec[ii]);
data/ukopp-4.9/ukopp-4.9.cc:2510:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(editwidget,"exclude %s\n",RJfspec[ii]);
data/ukopp-4.9/ukopp-4.9.cc:2543:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rdirk,BJdirk); // start at /media/xxx/dirk/xxx/
data/ukopp-4.9/ukopp-4.9.cc:2559:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rdirk,BJdirk); // validate copy-from location
data/ukopp-4.9/ukopp-4.9.cc:2586:12: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
pp = wscanf(editwidget,ftf); // next record from edit widget
data/ukopp-4.9/ukopp-4.9.cc:2588:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",pp);
data/ukopp-4.9/ukopp-4.9.cc:2663:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rdirk,BJdirk); // copy-from location v.3.9
data/ukopp-4.9/ukopp-4.9.cc:2691:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(editwidget,"include %s""\n",file2 + BJdcc); // omit backup mount point
data/ukopp-4.9/ukopp-4.9.cc:2693:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(editwidget,"exclude %s""\n",file2 + BJdcc);
data/ukopp-4.9/ukopp-4.9.cc:2712:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (! RJvalid) wprintf(mLog," *** restore job has errors \n");
data/ukopp-4.9/ukopp-4.9.cc:2715:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n copy %d files from backup: %s \n",Rnf, RJfrom);
data/ukopp-4.9/ukopp-4.9.cc:2716:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," to directory: %s \n",RJto);
data/ukopp-4.9/ukopp-4.9.cc:2717:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n resulting files will be the following: \n");
data/ukopp-4.9/ukopp-4.9.cc:2727:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** not within copy-from: %s \n",file1);
data/ukopp-4.9/ukopp-4.9.cc:2732:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file2,RJto);
data/ukopp-4.9/ukopp-4.9.cc:2733:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file2+cc2,file1+cc1);
data/ukopp-4.9/ukopp-4.9.cc:2734:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",file2);
data/ukopp-4.9/ukopp-4.9.cc:2738:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** %d errors \n",errs);
data/ukopp-4.9/ukopp-4.9.cc:2743:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," ready \n"); // v.3.6
data/ukopp-4.9/ukopp-4.9.cc:2757:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** restore job has errors \n");
data/ukopp-4.9/ukopp-4.9.cc:2774:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dfile,RJto); // to: /destination/filespec
data/ukopp-4.9/ukopp-4.9.cc:2775:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dfile,Rrec[ii].file + ccf);
data/ukopp-4.9/ukopp-4.9.cc:2776:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",dfile);
data/ukopp-4.9/ukopp-4.9.cc:2778:20: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:2786:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," ready \n"); // v.3.6
data/ukopp-4.9/ukopp-4.9.cc:2803:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n Format a backup device \n");
data/ukopp-4.9/ukopp-4.9.cc:2821:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text,diskdev[ii]); // /dev/xxxx description
data/ukopp-4.9/ukopp-4.9.cc:2848:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," formatting %s with file system %s \n",device,filesys);
data/ukopp-4.9/ukopp-4.9.cc:2852:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot create format script file \n");
data/ukopp-4.9/ukopp-4.9.cc:2878:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," format: %s \n",crec); // print command output
data/ukopp-4.9/ukopp-4.9.cc:2882:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," ready \n"); // v.3.6
data/ukopp-4.9/ukopp-4.9.cc:2893:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",ukopp_title);
data/ukopp-4.9/ukopp-4.9.cc:2894:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," free software: %s \n",ukopp_license);
data/ukopp-4.9/ukopp-4.9.cc:2919:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** %s \n",errmess); // mount status
data/ukopp-4.9/ukopp-4.9.cc:2931:23: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (menu) wprintf(mLog," already mounted \n");
data/ukopp-4.9/ukopp-4.9.cc:2935:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** target directory not on device \n");
data/ukopp-4.9/ukopp-4.9.cc:2954:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mountdev,BJdev); // save mount poop
data/ukopp-4.9/ukopp-4.9.cc:2955:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mountdirk,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:3040:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(poopfile,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:3041:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(poopfile,BD_POOPFILE);
data/ukopp-4.9/ukopp-4.9.cc:3044:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** no owner/permissions file: %s \n",poopfile);
data/ukopp-4.9/ukopp-4.9.cc:3069:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," set owner/perms %d:%d %04o %s \n",uid,gid,perms,file);
data/ukopp-4.9/ukopp-4.9.cc:3071:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog," *** error: %s \n",strerror(errno));
data/ukopp-4.9/ukopp-4.9.cc:3073:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog," *** error: %s \n",strerror(errno));
data/ukopp-4.9/ukopp-4.9.cc:3081:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(poopfile,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:3082:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(poopfile,BD_POOPFILE);
data/ukopp-4.9/ukopp-4.9.cc:3085:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** no owner/permissions file: %s \n",poopfile);
data/ukopp-4.9/ukopp-4.9.cc:3113:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file2,RJto); // offset restore 'from' and 'to' paths
data/ukopp-4.9/ukopp-4.9.cc:3114:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file2 + cct, file + ccf);
data/ukopp-4.9/ukopp-4.9.cc:3116:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," set owner/perms %d:%d %04o %s \n",uid,gid,perms,file2);
data/ukopp-4.9/ukopp-4.9.cc:3118:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog," *** error: %s \n",strerror(errno));
data/ukopp-4.9/ukopp-4.9.cc:3120:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog," *** error: %s \n",strerror(errno));
data/ukopp-4.9/ukopp-4.9.cc:3135:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirk,Drec[ii].file); // next file on disk
data/ukopp-4.9/ukopp-4.9.cc:3149:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** error: %s file: %s \n",strerror(errno),dirk);
data/ukopp-4.9/ukopp-4.9.cc:3161:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pdirk,dirk); // prior = this directory
data/ukopp-4.9/ukopp-4.9.cc:3163:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file,Drec[ii].file); // disk file, again
data/ukopp-4.9/ukopp-4.9.cc:3167:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** error: %s file: %s \n",strerror(errno),file);
data/ukopp-4.9/ukopp-4.9.cc:3180:20: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** poopfile error: %s \n",errmess);
data/ukopp-4.9/ukopp-4.9.cc:3257:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** omit versioned file: %s \n",fsp);
data/ukopp-4.9/ukopp-4.9.cc:3274:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** max files exceeded \n");
data/ukopp-4.9/ukopp-4.9.cc:3301:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** %s omit: %s \n",strerror(Drec[ii].err),Drec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:3339:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," disk files: %d %s \n",nfiles,formatKBMB(nbytes,3));
data/ukopp-4.9/ukopp-4.9.cc:3342:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** bug: nfiles: %d Dnf: %d \n",nfiles,Dnf);
data/ukopp-4.9/ukopp-4.9.cc:3343:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," nbytes: %.0f Dbytes: %.0f \n",nbytes,Dbytes);
data/ukopp-4.9/ukopp-4.9.cc:3351:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** duplicate file: %s \n",Drec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:3389:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"find %s -type f -or -type l >%s",BJdirk,TFbakfiles); // backup filespecs to temp file v.3.0
data/ukopp-4.9/ukopp-4.9.cc:3411:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** filespec too big, omit: %s...",bfile2);
data/ukopp-4.9/ukopp-4.9.cc:3412:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n");
data/ukopp-4.9/ukopp-4.9.cc:3418:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** %s, omit: %s",strerror(errno),bfile2);
data/ukopp-4.9/ukopp-4.9.cc:3419:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n");
data/ukopp-4.9/ukopp-4.9.cc:3440:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d backup files \n",Bnf);
data/ukopp-4.9/ukopp-4.9.cc:3443:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** max files exceeded \n");
data/ukopp-4.9/ukopp-4.9.cc:3493:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bfile,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:3494:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(bfile,Brec[bb].file);
data/ukopp-4.9/ukopp-4.9.cc:3533:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** version %d missing: %s \n",vers,bfile2);
data/ukopp-4.9/ukopp-4.9.cc:3549:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d files not in backup set (unknown retention) \n",noret);
data/ukopp-4.9/ukopp-4.9.cc:3550:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d (%s) curr. file versions \n",Cfiles,formatKBMB(Cbytes,3));
data/ukopp-4.9/ukopp-4.9.cc:3551:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d (%s) prior file versions \n",Vfiles,formatKBMB(Vbytes,3));
data/ukopp-4.9/ukopp-4.9.cc:3552:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d (%s) expired prior versions \n",Pfiles,formatKBMB(Pbytes,3));
data/ukopp-4.9/ukopp-4.9.cc:3554:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"df -h %s",mountdirk); // v.4.2
data/ukopp-4.9/ukopp-4.9.cc:3573:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n generating restore file set \n");
data/ukopp-4.9/ukopp-4.9.cc:3582:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," include %s \n",fspec);
data/ukopp-4.9/ukopp-4.9.cc:3593:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** max files exceeded \n");
data/ukopp-4.9/ukopp-4.9.cc:3599:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d files added \n",ninc);
data/ukopp-4.9/ukopp-4.9.cc:3604:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," exclude %s \n",fspec);
data/ukopp-4.9/ukopp-4.9.cc:3617:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d files removed \n",nexc);
data/ukopp-4.9/ukopp-4.9.cc:3639:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," total file count: %d \n",Rnf);
data/ukopp-4.9/ukopp-4.9.cc:3646:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** not within copy-from; %s \n",Rrec[ii].file);
data/ukopp-4.9/ukopp-4.9.cc:3871:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mpf == 1) strcpy(file1,BJdirk); // prepend mount point if req.
data/ukopp-4.9/ukopp-4.9.cc:3872:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file1,sfile);
data/ukopp-4.9/ukopp-4.9.cc:3873:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mpf == 2) strcpy(file2,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:3874:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file2,dfile);
data/ukopp-4.9/ukopp-4.9.cc:3902:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog,"error: %s \n",wstrerror(err));
data/ukopp-4.9/ukopp-4.9.cc:3907:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mpf == 1) strcpy(file1,BJdirk); // refresh filespecs
data/ukopp-4.9/ukopp-4.9.cc:3908:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file1,sfile);
data/ukopp-4.9/ukopp-4.9.cc:3909:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (mpf == 2) strcpy(file2,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:3910:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file2,dfile);
data/ukopp-4.9/ukopp-4.9.cc:3972:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog,"error: %s \n",wstrerror(err));
data/ukopp-4.9/ukopp-4.9.cc:4002:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vfile,BJdirk); // prepend mount point
data/ukopp-4.9/ukopp-4.9.cc:4003:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(vfile,dfile);
data/ukopp-4.9/ukopp-4.9.cc:4083:12: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog,"large block direct I/O not allowed \n %s",errmess);
data/ukopp-4.9/ukopp-4.9.cc:4087:12: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog,"permission denied \n %s",errmess);
data/ukopp-4.9/ukopp-4.9.cc:4119:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(psep1,VSEP1);
data/ukopp-4.9/ukopp-4.9.cc:4121:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(psep1+2,VSEP2);
data/ukopp-4.9/ukopp-4.9.cc:4136:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fspec1,BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:4137:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fspec1,bakrec.file);
data/ukopp-4.9/ukopp-4.9.cc:4138:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fspec2,fspec1);
data/ukopp-4.9/ukopp-4.9.cc:4167:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fspec,BJdirk); // prepend backup location
data/ukopp-4.9/ukopp-4.9.cc:4168:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fspec,bakrec.file);
data/ukopp-4.9/ukopp-4.9.cc:4225:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dfile,file);
data/ukopp-4.9/ukopp-4.9.cc:4257:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s: %s \n",pname,crec);
data/ukopp-4.9/ukopp-4.9.cc:4263:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog," %s status: %s \n", pname, strerror(err));
data/ukopp-4.9/ukopp-4.9.cc:4264:9: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog," OK \n");
data/ukopp-4.9/zfuncs.cc:210:4: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format,arglist);
data/ukopp-4.9/zfuncs.cc:237:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,200,format,arglist);
data/ukopp-4.9/zfuncs.cc:260:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,400,format,arglist);
data/ukopp-4.9/zfuncs.cc:278:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,tempfile);
data/ukopp-4.9/zfuncs.cc:280:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(command);
data/ukopp-4.9/zfuncs.cc:314:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,300,format,arglist);
data/ukopp-4.9/zfuncs.cc:336:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("cat zappcrash tracedump > zappcrash2"); // combine zappcrash and tracedump
data/ukopp-4.9/zfuncs.cc:337:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("mv -f zappcrash2 zappcrash");
data/ukopp-4.9/zfuncs.cc:338:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("xdg-open zappcrash"); // popup zappcrash text file
data/ukopp-4.9/zfuncs.cc:466:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(command);
data/ukopp-4.9/zfuncs.cc:470:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(command);
data/ukopp-4.9/zfuncs.cc:493:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(command);
data/ukopp-4.9/zfuncs.cc:902:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(cbuff,cc,command,arglist);
data/ukopp-4.9/zfuncs.cc:905:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(cbuff);
data/ukopp-4.9/zfuncs.cc:939:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(cbuff,cc,command,arglist);
data/ukopp-4.9/zfuncs.cc:943:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(cbuff);
data/ukopp-4.9/zfuncs.cc:1007:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(command[ii],2000,Fcommand,arglist);
data/ukopp-4.9/zfuncs.cc:1023:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(command[ii]); // start command, wait until done
data/ukopp-4.9/zfuncs.cc:1081:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buff,9999,command,arglist);
data/ukopp-4.9/zfuncs.cc:1084:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fid = popen(buff,"r"); // execute command, output to FID
data/ukopp-4.9/zfuncs.cc:1133:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff,"ps -C %s h o pid",pname);
data/ukopp-4.9/zfuncs.cc:1134:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fid = popen(buff,"r"); // popen() instead of system()
data/ukopp-4.9/zfuncs.cc:1167:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(xtcommand);
data/ukopp-4.9/zfuncs.cc:1175:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(xtcommand);
data/ukopp-4.9/zfuncs.cc:1312:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirk,ppath);
data/ukopp-4.9/zfuncs.cc:1327:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file,pp); // file part
data/ukopp-4.9/zfuncs.cc:1334:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ext,pp); // .ext part
data/ukopp-4.9/zfuncs.cc:1797:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (dest != source) strcpy(dest,source);
data/ukopp-4.9/zfuncs.cc:1841:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (dest != source) strcpy(dest,source);
data/ukopp-4.9/zfuncs.cc:1944:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest,source);
data/ukopp-4.9/zfuncs.cc:1965:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest,source);
data/ukopp-4.9/zfuncs.cc:1998:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(strout,strin);
data/ukopp-4.9/zfuncs.cc:2034:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftemp,strout);
data/ukopp-4.9/zfuncs.cc:2111:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(work,pNum);
data/ukopp-4.9/zfuncs.cc:2112:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(work+k1,pNum+k2+1);
data/ukopp-4.9/zfuncs.cc:2113:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pNum,work);
data/ukopp-4.9/zfuncs.cc:2148:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp,string);
data/ukopp-4.9/zfuncs.cc:2559:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pstr) strcpy(pstr+1,pstr+2);
data/ukopp-4.9/zfuncs.cc:2562:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pstr) strcpy(pstr+1,pstr+2);
data/ukopp-4.9/zfuncs.cc:2565:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pstr) strcpy(pstr+1,pstr+2);
data/ukopp-4.9/zfuncs.cc:2568:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pstr) strcpy(pstr+2,pstr+3);
data/ukopp-4.9/zfuncs.cc:2571:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pstr) strcpy(pstr+2,pstr+3);
data/ukopp-4.9/zfuncs.cc:2821:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"find \"%s\" -type f -or -type l",searchpath); // find files (ordinary, symlink)
data/ukopp-4.9/zfuncs.cc:2822:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fid = popen(command,"r");
data/ukopp-4.9/zfuncs.cc:2895:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"find \"%s\" -type f -or -type l",searchpath); // find files (ordinary, symlink)
data/ukopp-4.9/zfuncs.cc:2896:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fid = popen(command,"r");
data/ukopp-4.9/zfuncs.cc:3899:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,199,format,arglist);
data/ukopp-4.9/zfuncs.cc:4007:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zappname,appname); // save app name v.5.6
data/ukopp-4.9/zfuncs.cc:4014:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zprefix,work); // /prefix
data/ukopp-4.9/zfuncs.cc:4083:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filespec,filetype); // leave /type as default
data/ukopp-4.9/zfuncs.cc:4085:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strEqu(filetype,"doc")) strcpy(filespec,zdocdir); // /usr/share/doc/appname
data/ukopp-4.9/zfuncs.cc:4086:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strEqu(filetype,"data")) strcpy(filespec,zdatadir); // /usr/share/appname/data
data/ukopp-4.9/zfuncs.cc:4087:35: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strEqu(filetype,"locale")) strcpy(filespec,zlocalesdir); // /usr/share/appname/locales
data/ukopp-4.9/zfuncs.cc:4088:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strEqu(filetype,"user")) strcpy(filespec,zuserdir); // /home/<user>/.appname
data/ukopp-4.9/zfuncs.cc:4090:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filespec,zuserdir); // /home/<user>/.appname/locales
data/ukopp-4.9/zfuncs.cc:4097:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fext,pp); // file type .fext
data/ukopp-4.9/zfuncs.cc:4109:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filespec+cc+1,fname); // /directories.../fname
data/ukopp-4.9/zfuncs.cc:4113:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp,lc_RC); // /directories.../fname-lc_RC.fext
data/ukopp-4.9/zfuncs.cc:4114:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pp,fext);
data/ukopp-4.9/zfuncs.cc:4118:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp+3,fext); // /directories.../fname-lc.fext
data/ukopp-4.9/zfuncs.cc:4123:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pp,fext);
data/ukopp-4.9/zfuncs.cc:4127:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp,fext); // /directories.../fname.fext
data/ukopp-4.9/zfuncs.cc:4132:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filespec,zdocdir); // /usr/share/doc/appname/extras
data/ukopp-4.9/zfuncs.cc:4236:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("which firefox"); // use xdg-open only as last resort
data/ukopp-4.9/zfuncs.cc:4239:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("which chromium-browser");
data/ukopp-4.9/zfuncs.cc:4242:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("which xdg-open");
data/ukopp-4.9/zfuncs.cc:4280:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fid = popen(xdgcomm,"r"); // get desktop directory for user locale
data/ukopp-4.9/zfuncs.cc:4285:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int nn = fscanf(fid,"%s",dtdir);
data/ukopp-4.9/zfuncs.cc:4492:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(poname,pp+1);
data/ukopp-4.9/zfuncs.cc:4503:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ponamexx,poname);
data/ukopp-4.9/zfuncs.cc:4504:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(poname+(pp+1-poname),zlang); // translate-en.po >> translate-xx.po
data/ukopp-4.9/zfuncs.cc:4509:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(localpo,"%s/%s",ulocalesdir,poname); // final uncompressed local .po file
data/ukopp-4.9/zfuncs.cc:4824:6: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void wprintf(GtkWidget *mLog, int line, cchar *format, ... ) // "printf" version
data/ukopp-4.9/zfuncs.cc:4830:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,999,format,arglist);
data/ukopp-4.9/zfuncs.cc:4837:6: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void wprintf(GtkWidget *mLog, cchar *format, ... ) // "printf", scrolling output
data/ukopp-4.9/zfuncs.cc:4843:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,999,format,arglist); // stop overflow, remove warning
data/ukopp-4.9/zfuncs.cc:4924:8: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
char * wscanf(GtkWidget *mLog, int & ftf)
data/ukopp-4.9/zfuncs.cc:4989:14: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
prec = wscanf(mLog,ftf); // get text line
data/ukopp-4.9/zfuncs.cc:6273:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mdesc+1,desc);
data/ukopp-4.9/zfuncs.cc:8007:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zdposn[nn].wintitle,wintitle);
data/ukopp-4.9/zfuncs.cc:8157:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zdposn[ii].wintitle,wintitle); // add window to table
data/ukopp-4.9/zfuncs.cc:8245:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wname[ii],pp1); // save widget name and data
data/ukopp-4.9/zfuncs.cc:8246:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wdata2,pp2);
data/ukopp-4.9/zfuncs.cc:8485:17: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (mWin) wprintf(mLog," %s\n",text);
data/ukopp-4.9/zfuncs.cc:8561:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,999,format,arglist);
data/ukopp-4.9/zfuncs.cc:8589:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,999,format,arglist);
data/ukopp-4.9/zfuncs.cc:8614:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,400,format,arglist);
data/ukopp-4.9/zfuncs.cc:8649:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,400,format,arglist);
data/ukopp-4.9/zfuncs.cc:8839:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptext,text);
data/ukopp-4.9/zfuncs.cc:8892:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptext,text);
data/ukopp-4.9/zfuncs.cc:9458:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(imagesize,100,formatsize,pwidth,pheight); // show print size in dialog
data/ukopp-4.9/zfuncs.cc:9497:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(imagesize,100,formatsize,pwidth,pheight); // show print size in dialog
data/ukopp-4.9/zfuncs.cc:9967:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pp) strcpy(pp+1,pfile); // in same directory as prior
data/ukopp-4.9/zfuncs.cc:10031:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pp) strcpy(pp+1,pfile); // in same directory as prior
data/ukopp-4.9/zfuncs.cc:10116:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(textWin," %s %.12g \n",pname,pvalue);
data/ukopp-4.9/zfuncs.cc:10326:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (xcc) strcpy(xpp,string); // copy string
data/ukopp-4.9/zfuncs.cc:10339:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xpp,xstr.xpp); // copy string
data/ukopp-4.9/zfuncs.cc:10371:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xpp,xstr.xpp); // copy string
data/ukopp-4.9/zfuncs.cc:10391:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (xcc) strcpy(xpp,str); // copy string
data/ukopp-4.9/zfuncs.cc:10401:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp.xpp,x1.xpp); // with both input strings
data/ukopp-4.9/zfuncs.cc:10402:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp.xpp + x1.xcc, x2.xpp);
data/ukopp-4.9/zfuncs.cc:10415:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp.xpp,x1.xpp); // with both input strings
data/ukopp-4.9/zfuncs.cc:10416:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (s2) strcpy(temp.xpp + x1.xcc, s2);
data/ukopp-4.9/zfuncs.cc:10429:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (s1) strcpy(temp.xpp,s1); // with both input strings
data/ukopp-4.9/zfuncs.cc:10430:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp.xpp + cc1, x2.xpp);
data/ukopp-4.9/zfuncs.cc:10453:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xpp2,xpp); // copy to new space
data/ukopp-4.9/zfuncs.cc:10488:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xpp2,xpp); // copy to new space
data/ukopp-4.9/zfuncs.cc:10897:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string,table+pos); // return string
data/ukopp-4.9/zfuncs.cc:11151:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname,name);
data/ukopp-4.9/zfuncs.h:312:6: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void wprintf(GtkWidget *Win, int line, cchar *format, ...); // "printf" version
data/ukopp-4.9/zfuncs.h:313:6: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void wprintf(GtkWidget *Win, cchar *format, ... ); // "printf" to next line, scroll up
data/ukopp-4.9/zfuncs.h:317:8: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
char * wscanf(GtkWidget *Win, int &ftf); // get text lines from edit widget
data/ukopp-4.9/ukopp-4.9.cc:452:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME"); // get "/home/username"
data/ukopp-4.9/zfuncs.cc:3759:11: [3] (random) nrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return nrand48((unsigned int16 *) seed);
data/ukopp-4.9/zfuncs.cc:3772:11: [3] (random) erand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return erand48((unsigned int16 *) seed);
data/ukopp-4.9/zfuncs.cc:4024:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf(zuserdir,199,"%s/.%s",getenv("HOME"),zappname); // /home/<username>/.appname/
data/ukopp-4.9/zfuncs.cc:4444:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pp = getenv("LANG"); // use $LANG if defined
data/ukopp-4.9/zfuncs.cc:4445:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (! pp) pp = getenv("LANGUAGE"); // use $LANGUAGE if defined
data/ukopp-4.9/ukopp-4.9.cc:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TFbakfiles[100]; // /home/user/.ukopp/xxx temp. files
data/ukopp-4.9/ukopp-4.9.cc:73:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TFjobfile[100], TFpoopfile[100];
data/ukopp-4.9/ukopp-4.9.cc:74:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TFdatetime[100], TFformatscript[100];
data/ukopp-4.9/ukopp-4.9.cc:78:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diskdev[100][40]; // /dev/xxx
data/ukopp-4.9/ukopp-4.9.cc:79:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diskdesc[100][60]; // device description
data/ukopp-4.9/ukopp-4.9.cc:80:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diskmp[100][60]; // mount point, /media/xxxx
data/ukopp-4.9/ukopp-4.9.cc:86:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mountdev[40]; // current mount data
data/ukopp-4.9/ukopp-4.9.cc:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mountdirk[200];
data/ukopp-4.9/ukopp-4.9.cc:91:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BJfilespec[maxfcc]; // backup job file
data/ukopp-4.9/ukopp-4.9.cc:94:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *BJfspec[maxnx]; // filespec (wild)
data/ukopp-4.9/ukopp-4.9.cc:100:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BJdev[40] = ""; // backup device (maybe)
data/ukopp-4.9/ukopp-4.9.cc:101:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BJdirk[200] = ""; // backup target directory
data/ukopp-4.9/ukopp-4.9.cc:106:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *vertype[4] = { "none","incremental","full","compare" }; // verify types
data/ukopp-4.9/ukopp-4.9.cc:160:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RJfrom[300]; // restore copy-from: /directory/.../
data/ukopp-4.9/ukopp-4.9.cc:161:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RJto[300]; // restore copy-to: /directory/.../
data/ukopp-4.9/ukopp-4.9.cc:164:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *RJfspec[maxnx]; // filespec of include/exclude
data/ukopp-4.9/ukopp-4.9.cc:245:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char menu1[20], menu2[40]; // top-menu, sub-menu
data/ukopp-4.9/ukopp-4.9.cc:455:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(BJfspec[0],"# default backup job"); // comment
data/ukopp-4.9/ukopp-4.9.cc:470:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(BJdirk,"/unknown"); // backup target directory, cc
data/ukopp-4.9/ukopp-4.9.cc:473:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(RJfrom,"/home/"); // file restore copy-from location
data/ukopp-4.9/ukopp-4.9.cc:474:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(RJto,"/home/"); // file restore copy-to location
data/ukopp-4.9/ukopp-4.9.cc:496:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char button2[20], *pp;
data/ukopp-4.9/ukopp-4.9.cc:513:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[100];
data/ukopp-4.9/ukopp-4.9.cc:555:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[200];
data/ukopp-4.9/ukopp-4.9.cc:645:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buff, diskdev1[40], diskdesc1[60], work[100];
data/ukopp-4.9/ukopp-4.9.cc:651:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (! err) strcpy(work,"udevadm info -e"); // new Linux command
data/ukopp-4.9/ukopp-4.9.cc:652:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(work,"udevinfo -e"); // old Linux command
data/ukopp-4.9/ukopp-4.9.cc:660:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (usbf) strcat(diskdesc[Ndisk]," (USB)"); // note if USB device
data/ukopp-4.9/ukopp-4.9.cc:661:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(diskmp[Ndisk],"(not mounted)"); // mount point TBD
data/ukopp-4.9/ukopp-4.9.cc:673:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(diskdev1,"/dev/");
data/ukopp-4.9/ukopp-4.9.cc:744:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[300];
data/ukopp-4.9/ukopp-4.9.cc:836:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, *fspec, buff[1000];
data/ukopp-4.9/ukopp-4.9.cc:843:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(jobfile,"r"); // open job file
data/ukopp-4.9/ukopp-4.9.cc:907:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/ukopp-4.9/ukopp-4.9.cc:910:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(jobfile,"w"); // open file
data/ukopp-4.9/ukopp-4.9.cc:981:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orgBJdev[40]; // v.4.1
data/ukopp-4.9/ukopp-4.9.cc:982:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orgBJdirk[200];
data/ukopp-4.9/ukopp-4.9.cc:989:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[300];
data/ukopp-4.9/ukopp-4.9.cc:1057:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, *fspec, text[300];
data/ukopp-4.9/ukopp-4.9.cc:1219:41: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (S_ISDIR(filestat.st_mode)) strcat(file2,"/*"); // if directory, append wildcard
data/ukopp-4.9/ukopp-4.9.cc:1398:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(BJdirk,"/media"); // set a default for device
data/ukopp-4.9/ukopp-4.9.cc:1474:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[100];
data/ukopp-4.9/ukopp-4.9.cc:1609:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message," %d files had backup errors \n",terrs); // repeat backup status v.4.5
data/ukopp-4.9/ukopp-4.9.cc:1613:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message," %d files had verify errors \n",terrs); // add verify status v.4.5
data/ukopp-4.9/ukopp-4.9.cc:1762:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filespec[maxfcc];
data/ukopp-4.9/ukopp-4.9.cc:1955:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fspec2[200], bfile[maxfcc];
data/ukopp-4.9/ukopp-4.9.cc:1956:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pslash, *pdirk, ppdirk[maxfcc];
data/ukopp-4.9/ukopp-4.9.cc:1957:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[100];
data/ukopp-4.9/ukopp-4.9.cc:1965:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bmod[20], dmod[20];
data/ukopp-4.9/ukopp-4.9.cc:2526:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, *fspec, rdirk[300];
data/ukopp-4.9/ukopp-4.9.cc:2653:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file1, *file2, rdirk[300];
data/ukopp-4.9/ukopp-4.9.cc:2688:41: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (S_ISDIR(filestat.st_mode)) strcat(file2,"/*"); // if directory, append wildcard
data/ukopp-4.9/ukopp-4.9.cc:2710:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file1, file2[maxfcc];
data/ukopp-4.9/ukopp-4.9.cc:2753:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dfile[maxfcc];
data/ukopp-4.9/ukopp-4.9.cc:2799:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[200], device[20], filesys[20], label[20], *crec;
data/ukopp-4.9/ukopp-4.9.cc:2850:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(TFformatscript,"w");
data/ukopp-4.9/ukopp-4.9.cc:2909:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch, work[300];
data/ukopp-4.9/ukopp-4.9.cc:2965:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char work[200];
data/ukopp-4.9/ukopp-4.9.cc:3013:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(TFdatetime,"w");
data/ukopp-4.9/ukopp-4.9.cc:3031:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[maxfcc], file2[maxfcc];
data/ukopp-4.9/ukopp-4.9.cc:3032:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirk[maxfcc], pdirk[maxfcc];
data/ukopp-4.9/ukopp-4.9.cc:3033:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, poopfile[100];
data/ukopp-4.9/ukopp-4.9.cc:3042:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(poopfile,"r"); // open poopfile
data/ukopp-4.9/ukopp-4.9.cc:3083:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(poopfile,"r");
data/ukopp-4.9/ukopp-4.9.cc:3128:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(TFpoopfile,"w");
data/ukopp-4.9/ukopp-4.9.cc:3225:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fspec+cc,"/*");
data/ukopp-4.9/ukopp-4.9.cc:3377:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[300], *pp, *psep1;
data/ukopp-4.9/ukopp-4.9.cc:3378:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bfile[maxfcc], *bfile2;
data/ukopp-4.9/ukopp-4.9.cc:3398:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(TFbakfiles,"r"); // read file list
data/ukopp-4.9/ukopp-4.9.cc:3863:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file1[maxfcc], file2[maxfcc];
data/ukopp-4.9/ukopp-4.9.cc:3865:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp1, *pp2, buff[BIOCC];
data/ukopp-4.9/ukopp-4.9.cc:3929:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid1 = open(file1,O_RDONLY+O_NOATIME+O_LARGEFILE); // open input file
data/ukopp-4.9/ukopp-4.9.cc:3932:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid2 = open(file2,O_WRONLY+O_CREAT+O_TRUNC+O_LARGEFILE,0700); // open output file
data/ukopp-4.9/ukopp-4.9.cc:3993:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vfile[maxfcc], *vbuff = 0, *dbuff = 0;
data/ukopp-4.9/ukopp-4.9.cc:4015:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vfid = open(vfile,open_flagsV); // open for read, large blocks, direct I/O
data/ukopp-4.9/ukopp-4.9.cc:4033:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vfid = open(vfile,open_flagsV); // open for read, large blocks, direct I/O
data/ukopp-4.9/ukopp-4.9.cc:4036:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfid = open(dfile,open_flagsD); // disk files, use cached I/O
data/ukopp-4.9/ukopp-4.9.cc:4120:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(psep1+2,"%d",vers);
data/ukopp-4.9/ukopp-4.9.cc:4133:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fspec1[maxfcc], fspec2[maxfcc];
data/ukopp-4.9/ukopp-4.9.cc:4163:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fspec[maxfcc];
data/ukopp-4.9/ukopp-4.9.cc:4223:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dfile[maxfcc], *pp;
data/ukopp-4.9/ukopp-4.9.cc:4249:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[500], *crec;
data/ukopp-4.9/zfuncs.cc:185:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zappname[20]; // app name/version
data/ukopp-4.9/zfuncs.cc:186:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zprefix[200], zdatadir[200], zdocdir[200]; // app directories
data/ukopp-4.9/zfuncs.cc:187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zicondir[200], zlocalesdir[200], zuserdir[200];
data/ukopp-4.9/zfuncs.cc:188:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zlang[8] = "en"; // "lc" or "lc_RC"
data/ukopp-4.9/zfuncs.cc:189:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JPGquality[4] = "90"; // JPG file save quality
data/ukopp-4.9/zfuncs.cc:234:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/ukopp-4.9/zfuncs.cc:255:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[400], tempfile[30], command[100];
data/ukopp-4.9/zfuncs.cc:267:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message," "); // lengthen short message
data/ukopp-4.9/zfuncs.cc:271:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempfile,"/tmp/zpopup-%06d",getpid()); // write message to temp file
data/ukopp-4.9/zfuncs.cc:272:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(tempfile,"w");
data/ukopp-4.9/zfuncs.cc:277:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command,"xmessage -buttons OK:0 -center -timeout 5 -file "); // create popup with message file
data/ukopp-4.9/zfuncs.cc:279:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command," &"); // return immediately
data/ukopp-4.9/zfuncs.cc:301:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[300];
data/ukopp-4.9/zfuncs.cc:326:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen("zappcrash","w"); // open zappcrash file (can hang here)
data/ukopp-4.9/zfuncs.cc:391:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filebuff[50][100];
data/ukopp-4.9/zfuncs.cc:392:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char funcbuff[50][40];
data/ukopp-4.9/zfuncs.cc:435:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen("tracedump","w");
data/ukopp-4.9/zfuncs.cc:461:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1000];
data/ukopp-4.9/zfuncs.cc:465:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command,"which gksu > /dev/null 2>&1"); // Debian
data/ukopp-4.9/zfuncs.cc:467:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command,"gksu \"");
data/ukopp-4.9/zfuncs.cc:469:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command,"which beesu > /dev/null 2>&1"); // Fedora, just to be different
data/ukopp-4.9/zfuncs.cc:471:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command,"beesu \"");
data/ukopp-4.9/zfuncs.cc:490:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command,"\" &"); // return immediately
data/ukopp-4.9/zfuncs.cc:594:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200];
data/ukopp-4.9/zfuncs.cc:599:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen("/proc/self/stat","r");
data/ukopp-4.9/zfuncs.cc:658:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1000];
data/ukopp-4.9/zfuncs.cc:659:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *pnames[20];
data/ukopp-4.9/zfuncs.cc:683:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(pfile,"r"); // open /proc/xxx file
data/ukopp-4.9/zfuncs.cc:779:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(lockfile,O_RDWR|O_CREAT,0666); // open or create the lock file
data/ukopp-4.9/zfuncs.cc:984:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *command[10];
data/ukopp-4.9/zfuncs.cc:1070:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[10000], *prec;
data/ukopp-4.9/zfuncs.cc:1130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100], *pp;
data/ukopp-4.9/zfuncs.cc:1140:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(buff);
data/ukopp-4.9/zfuncs.cc:1161:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtcommand[500];
data/ukopp-4.9/zfuncs.cc:1193:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buff, errmessage[200] = "missing programs:\n";
data/ukopp-4.9/zfuncs.cc:1303:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dirk[1000], file[200], ext[8];
data/ukopp-4.9/zfuncs.cc:1482:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, buff[200];
data/ukopp-4.9/zfuncs.cc:1493:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen("/proc/self/stat","r");
data/ukopp-4.9/zfuncs.cc:1559:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *retf[100];
data/ukopp-4.9/zfuncs.cc:1560:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pf1, pf2[2000]; // 2000 limit v.5.2
data/ukopp-4.9/zfuncs.cc:1563:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char blankstring[2], nullstring[1];
data/ukopp-4.9/zfuncs.cc:1623:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delims[2] = "x";
data/ukopp-4.9/zfuncs.cc:1744:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outstring[40];
data/ukopp-4.9/zfuncs.cc:2015:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftemp[maxfcc];
data/ukopp-4.9/zfuncs.cc:2078:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char work[20];
data/ukopp-4.9/zfuncs.cc:2542:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ccc = sprintf(string,"%d",inum);
data/ukopp-4.9/zfuncs.cc:2556:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"%.*g",digits,dnum);
data/ukopp-4.9/zfuncs.cc:2592:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *output[100];
data/ukopp-4.9/zfuncs.cc:2791:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char matchfile[maxfcc];
data/ukopp-4.9/zfuncs.cc:2792:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char searchpath[maxfcc];
data/ukopp-4.9/zfuncs.cc:2793:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[maxfcc];
data/ukopp-4.9/zfuncs.cc:2865:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char matchfile[maxfcc];
data/ukopp-4.9/zfuncs.cc:2866:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char searchpath[maxfcc];
data/ukopp-4.9/zfuncs.cc:2867:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[maxfcc];
data/ukopp-4.9/zfuncs.cc:3896:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/ukopp-4.9/zfuncs.cc:3994:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char work[200];
data/ukopp-4.9/zfuncs.cc:3995:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[200], oldlog[200];
data/ukopp-4.9/zfuncs.cc:4077:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, fname[20], fext[8];
data/ukopp-4.9/zfuncs.cc:4078:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lc_RC[8]; // -lc or -lc_RC
data/ukopp-4.9/zfuncs.cc:4091:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filespec,"/locales");
data/ukopp-4.9/zfuncs.cc:4122:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pp,"-en"); // /directories.../fname-en.fext
data/ukopp-4.9/zfuncs.cc:4133:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filespec,"/extras"); // due to Linux chaos
data/ukopp-4.9/zfuncs.cc:4152:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filespec[200], url[200];
data/ukopp-4.9/zfuncs.cc:4181:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200];
data/ukopp-4.9/zfuncs.cc:4197:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filex[40], filespec[200], command[200];
data/ukopp-4.9/zfuncs.cc:4201:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filex,".gz");
data/ukopp-4.9/zfuncs.cc:4230:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prog[20];
data/ukopp-4.9/zfuncs.cc:4237:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (! err) strcpy(prog,"firefox"); // v.5.2
data/ukopp-4.9/zfuncs.cc:4240:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (! err) strcpy(prog,"chromium-browser");
data/ukopp-4.9/zfuncs.cc:4243:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (! err) strcpy(prog,"xdg-open");
data/ukopp-4.9/zfuncs.cc:4271:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char appname[20], dtdir[200], dtfile[200], work[200];
data/ukopp-4.9/zfuncs.cc:4294:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(dtfile,"w");
data/ukopp-4.9/zfuncs.cc:4396:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[ZTXmaxcc], *ppq1, *ppq2;
data/ukopp-4.9/zfuncs.cc:4398:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Etext[ZTXmaxcc], Ttext[ZTXmaxcc]; // .po text: "line 1 %s \n" "line 2"
data/ukopp-4.9/zfuncs.cc:4417:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localpo[200], installpo[200], ulocalesdir[200];
data/ukopp-4.9/zfuncs.cc:4418:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, poname[20], ponamexx[20];
data/ukopp-4.9/zfuncs.cc:4448:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(zlang,"en"); // use English
data/ukopp-4.9/zfuncs.cc:4451:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (*zlang < 'a') strcpy(zlang,"en"); // use English if garbage
data/ukopp-4.9/zfuncs.cc:4505:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(poname,".po");
data/ukopp-4.9/zfuncs.cc:4513:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fidr = fopen(localpo,"r"); // open .po file
data/ukopp-4.9/zfuncs.cc:4648:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cleanstring[ZTXmaxcc];
data/ukopp-4.9/zfuncs.cc:4827:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1000];
data/ukopp-4.9/zfuncs.cc:4840:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1000];
data/ukopp-4.9/zfuncs.cc:4978:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(filespec,"w"); // open file
data/ukopp-4.9/zfuncs.cc:5033:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[50];
data/ukopp-4.9/zfuncs.cc:5333:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconpath[200];
data/ukopp-4.9/zfuncs.cc:5603:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, buff[maxText];
data/ukopp-4.9/zfuncs.cc:5618:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(menuconfigfile,"r"); // read window geometry
data/ukopp-4.9/zfuncs.cc:5675:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(pp+5);
data/ukopp-4.9/zfuncs.cc:5836:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(menuconfigfile,"w"); // open for write
data/ukopp-4.9/zfuncs.cc:6079:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[maxText];
data/ukopp-4.9/zfuncs.cc:6249:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconpath[200], *mdesc, *name__;
data/ukopp-4.9/zfuncs.cc:6652:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vdata[30], iconpath[200];
data/ukopp-4.9/zfuncs.cc:6838:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(vdata,"%g",val);
data/ukopp-4.9/zfuncs.cc:6844:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pp = strField(data,'|',1); gdkrgba.red = f256 * atoi(pp); // RGB values are 0-1 v.5.8
data/ukopp-4.9/zfuncs.cc:6845:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pp = strField(data,'|',2); gdkrgba.green = f256 * atoi(pp);
data/ukopp-4.9/zfuncs.cc:6846:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pp = strField(data,'|',3); gdkrgba.blue = f256 * atoi(pp);
data/ukopp-4.9/zfuncs.cc:6897:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[8];
data/ukopp-4.9/zfuncs.cc:7059:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (pp) gdkrgba.red = f256 * atoi(pp); // RGB range is 0-1 v.5.8
data/ukopp-4.9/zfuncs.cc:7061:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (pp) gdkrgba.green = f256 * atoi(pp);
data/ukopp-4.9/zfuncs.cc:7063:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (pp) gdkrgba.blue = f256 * atoi(pp);
data/ukopp-4.9/zfuncs.cc:7243:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdata[20];
data/ukopp-4.9/zfuncs.cc:7323:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sdata,"%g",dval);
data/ukopp-4.9/zfuncs.cc:7330:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sdata,"%.0f|%.0f|%.0f",gdkrgba.red*255,gdkrgba.green*255,gdkrgba.blue*255);
data/ukopp-4.9/zfuncs.cc:7337:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sdata,"%g",dval);
data/ukopp-4.9/zfuncs.cc:7467:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1000];
data/ukopp-4.9/zfuncs.cc:7714:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[16];
data/ukopp-4.9/zfuncs.cc:7716:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"%d",idata);
data/ukopp-4.9/zfuncs.cc:7723:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[32];
data/ukopp-4.9/zfuncs.cc:7756:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idata = atoi(zdata);
data/ukopp-4.9/zfuncs.cc:7965:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wintitle[64]; // window title (ID)
data/ukopp-4.9/zfuncs.cc:7982:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posfile[200], buff[100], wintitle[64], *pp;
data/ukopp-4.9/zfuncs.cc:7991:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(posfile,"r");
data/ukopp-4.9/zfuncs.cc:8019:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(posfile,"w");
data/ukopp-4.9/zfuncs.cc:8053:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wintitle[64], *pp;
data/ukopp-4.9/zfuncs.cc:8124:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wintitle[64], *pp;
data/ukopp-4.9/zfuncs.cc:8199:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zdinputsfile[200], buff[200];
data/ukopp-4.9/zfuncs.cc:8200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zdtitle[100], wname[100][100], wdata[100][200];
data/ukopp-4.9/zfuncs.cc:8201:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, *pp1, *pp2, wdata2[200];
data/ukopp-4.9/zfuncs.cc:8211:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(zdinputsfile,"r"); // no file
data/ukopp-4.9/zfuncs.cc:8224:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nw = atoi(pp);
data/ukopp-4.9/zfuncs.cc:8279:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(zdinputsfile,"w");
data/ukopp-4.9/zfuncs.cc:8316:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zdtitle[100], wname[100], wdata[200], *type;
data/ukopp-4.9/zfuncs.cc:8491:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
secs = atoi(action+5);
data/ukopp-4.9/zfuncs.cc:8551:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1000];
data/ukopp-4.9/zfuncs.cc:8586:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1000];
data/ukopp-4.9/zfuncs.cc:8606:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[400];
data/ukopp-4.9/zfuncs.cc:8643:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[400];
data/ukopp-4.9/zfuncs.cc:9363:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printsettingsfile[200], pagesetupfile[200];
data/ukopp-4.9/zfuncs.cc:9410:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imagesize[100];
data/ukopp-4.9/zfuncs.cc:9482:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imagesize[100];
data/ukopp-4.9/zfuncs.cc:9679:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconpath[200];
data/ukopp-4.9/zfuncs.cc:9882:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zparmfile[200]; // last used parm file
data/ukopp-4.9/zfuncs.cc:9957:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100], *fgs, *pp;
data/ukopp-4.9/zfuncs.cc:9971:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(pfile,"r");
data/ukopp-4.9/zfuncs.cc:10035:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(pfile,"w");
data/ukopp-4.9/zfuncs.cc:10132:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptemp[20], *pname;
data/ukopp-4.9/zfuncs.cc:10179:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ptemp,"%.12g",parmlist.value[ii]);
data/ukopp-4.9/zfuncs.cc:10956:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(wmi,"queue");
data/ukopp-4.9/zfuncs.h:625:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wmi[8];
data/ukopp-4.9/ukopp-4.9.cc:469:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(BJdev,""); // backup target device (maybe)
data/ukopp-4.9/ukopp-4.9.cc:471:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BJdcc = strlen(BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:674:10: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(diskdev1,buff+3,14); // save /dev/devid
data/ukopp-4.9/ukopp-4.9.cc:1287:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp2 = pp1 + strlen(pp1);
data/ukopp-4.9/ukopp-4.9.cc:1308:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp2 = pp1 + strlen(pp1);
data/ukopp-4.9/ukopp-4.9.cc:1372:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BJdcc = strlen(BJdirk);
data/ukopp-4.9/ukopp-4.9.cc:1402:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BJdcc = strlen(BJdirk); // set target directory cc
data/ukopp-4.9/ukopp-4.9.cc:1434:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(diskmp[ii]);
data/ukopp-4.9/ukopp-4.9.cc:2544:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(rdirk,RJfrom,299);
data/ukopp-4.9/ukopp-4.9.cc:2560:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(rdirk,RJfrom,299); // /media/xxx/dirk/...
data/ukopp-4.9/ukopp-4.9.cc:2568:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(RJfrom); // insure '/' at end
data/ukopp-4.9/ukopp-4.9.cc:2569:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (RJfrom[cc-1] != '/') strcat(RJfrom,"/");
data/ukopp-4.9/ukopp-4.9.cc:2581:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(RJto); // insure '/' at end
data/ukopp-4.9/ukopp-4.9.cc:2582:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (RJto[cc-1] != '/') strcat(RJto,"/");
data/ukopp-4.9/ukopp-4.9.cc:2664:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(rdirk,RJfrom,299); // /media/xxx/dirk/...
data/ukopp-4.9/ukopp-4.9.cc:2665:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rdcc = strlen(rdirk);
data/ukopp-4.9/ukopp-4.9.cc:2719:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(RJfrom); // from: /dirk/xxx/.../
data/ukopp-4.9/ukopp-4.9.cc:2720:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc2 = strlen(RJto); // to: /dirk/yyy/.../
data/ukopp-4.9/ukopp-4.9.cc:2770:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ccf = strlen(RJfrom); // from: /media/xxx/filespec
data/ukopp-4.9/ukopp-4.9.cc:2926:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(diskmp[ii]);
data/ukopp-4.9/ukopp-4.9.cc:3010:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(dt2);
data/ukopp-4.9/ukopp-4.9.cc:3056:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(file);
data/ukopp-4.9/ukopp-4.9.cc:3089:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ccf = strlen(RJfrom);
data/ukopp-4.9/ukopp-4.9.cc:3090:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cct = strlen(RJto);
data/ukopp-4.9/ukopp-4.9.cc:3099:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(file);
data/ukopp-4.9/ukopp-4.9.cc:3223:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(fspec) - 1; // (BJfspec has the extra length)
data/ukopp-4.9/ukopp-4.9.cc:3248:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fcc = strlen(fsp);
data/ukopp-4.9/ukopp-4.9.cc:3396:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gcc = strlen(BD_UKOPPDIRK); // directory for ukopp special files
data/ukopp-4.9/ukopp-4.9.cc:3409:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fcc = strlen(bfile2);
data/ukopp-4.9/ukopp-4.9.cc:3453:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fcc = strlen(bfile2);
data/ukopp-4.9/ukopp-4.9.cc:3641:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(RJfrom); // copy from: /dirk/.../
data/ukopp-4.9/ukopp-4.9.cc:3941:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rcc = read(fid1,buff,BIOCC); // read huge blocks
data/ukopp-4.9/ukopp-4.9.cc:4023:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vcc = read(vfid,vbuff,BIOCC);
data/ukopp-4.9/ukopp-4.9.cc:4046:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vcc = read(vfid,vbuff,BIOCC); // read two files
data/ukopp-4.9/ukopp-4.9.cc:4049:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dcc = read(dfid,dbuff,BIOCC);
data/ukopp-4.9/ukopp-4.9.cc:4104:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fcc = strlen(filespec);
data/ukopp-4.9/ukopp-4.9.cc:4123:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return fcc + strlen(psep1);
data/ukopp-4.9/zfuncs.cc:223:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/ukopp-4.9/zfuncs.cc:242:4: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/ukopp-4.9/zfuncs.cc:265:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(message);
data/ukopp-4.9/zfuncs.cc:419:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&filebuff[ii][0],file,99);
data/ukopp-4.9/zfuncs.cc:420:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&funcbuff[ii][0],func,39);
data/ukopp-4.9/zfuncs.cc:478:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(command); // gksu (or) beesu
data/ukopp-4.9/zfuncs.cc:690:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fcc = strlen(pnames[ii]);
data/ukopp-4.9/zfuncs.cc:898:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(command) + 1000;
data/ukopp-4.9/zfuncs.cc:935:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(command) + 1000;
data/ukopp-4.9/zfuncs.cc:1250:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(buff);
data/ukopp-4.9/zfuncs.cc:1309:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(ppath);
data/ukopp-4.9/zfuncs.cc:1325:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp) > 199) return 1; // filename too long
data/ukopp-4.9/zfuncs.cc:1332:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! pp || strlen(pp) > 7) return 0; // file part, no .ext
data/ukopp-4.9/zfuncs.cc:1572:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(blankstring," ");
data/ukopp-4.9/zfuncs.cc:1746:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
incc = strlen(instring);
data/ukopp-4.9/zfuncs.cc:1772:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest,source,cc);
data/ukopp-4.9/zfuncs.cc:1774:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(source) >= cc) return 1; // truncated
data/ukopp-4.9/zfuncs.cc:1785:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest,source,cc);
data/ukopp-4.9/zfuncs.cc:1786:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ii = strlen(source);
data/ukopp-4.9/zfuncs.cc:1803:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ii = strlen(dest);
data/ukopp-4.9/zfuncs.cc:1820:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp2 = source + strlen(source) - 1;
data/ukopp-4.9/zfuncs.cc:1876:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxcc = maxcc - strlen(dest) - 1;
data/ukopp-4.9/zfuncs.cc:1883:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dest,ps,maxcc);
data/ukopp-4.9/zfuncs.cc:1884:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxcc = maxcc - strlen(ps);
data/ukopp-4.9/zfuncs.cc:1982:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(ssin);
data/ukopp-4.9/zfuncs.cc:1983:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc2 = strlen(ssout);
data/ukopp-4.9/zfuncs.cc:1990:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(strout,strin,ccc);
data/ukopp-4.9/zfuncs.cc:1993:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(strout,ssout,cc2);
data/ukopp-4.9/zfuncs.cc:2054:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! ccin) ccin = strlen(in);
data/ukopp-4.9/zfuncs.cc:2080:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(pNum);
data/ukopp-4.9/zfuncs.cc:2133:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cc = strlen(string);
data/ukopp-4.9/zfuncs.cc:2147:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *pp = (char *) malloc(strlen(string)+1+more);
data/ukopp-4.9/zfuncs.cc:2244:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(utf8out,utf8in+ii,kk);
data/ukopp-4.9/zfuncs.cc:2573:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cc) *cc = strlen(string);
data/ukopp-4.9/zfuncs.cc:2808:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(wpath);
data/ukopp-4.9/zfuncs.cc:2838:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(matchfile); // get rid of trailing \n
data/ukopp-4.9/zfuncs.cc:2882:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(wpath);
data/ukopp-4.9/zfuncs.cc:2912:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(matchfile); // get rid of trailing \n
data/ukopp-4.9/zfuncs.cc:3031:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(seekrec);
data/ukopp-4.9/zfuncs.cc:4025:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(zuserdir); // stop humongous username v.5.3
data/ukopp-4.9/zfuncs.cc:4107:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(filespec);
data/ukopp-4.9/zfuncs.cc:4110:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(filespec); // |
data/ukopp-4.9/zfuncs.cc:4563:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Ttext) < 3) // translation is "" (quotes included)
data/ukopp-4.9/zfuncs.cc:4680:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp) == 0) pp = english; // translation is "" v.5.6
data/ukopp-4.9/zfuncs.cc:4703:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tstring[ii]) == 0) break; // translation is "" v.5.6
data/ukopp-4.9/zfuncs.cc:4992:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(prec);
data/ukopp-4.9/zfuncs.cc:5121:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(ztext);
data/ukopp-4.9/zfuncs.cc:5653:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp+5) > 0)
data/ukopp-4.9/zfuncs.cc:5659:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp+5)) menus[me].func = strdup(pp+5);
data/ukopp-4.9/zfuncs.cc:5664:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp+5)) {
data/ukopp-4.9/zfuncs.cc:5759:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text2 = (char *) malloc(strlen(text)+2); // replace "\n" with newline
data/ukopp-4.9/zfuncs.cc:5863:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp = pxbfile + strlen(pxbfile); // create a local PNG file for pixbuf
data/ukopp-4.9/zfuncs.cc:6270:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(desc); // v.5.6
data/ukopp-4.9/zfuncs.cc:6274:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mdesc+cc1+1," ");
data/ukopp-4.9/zfuncs.cc:6325:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(name); // prepare menu name with trailing blanks
data/ukopp-4.9/zfuncs.cc:7490:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(text);
data/ukopp-4.9/zfuncs.cc:7492:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text+cc,cliptext,999-cc); // add clipboard text
data/ukopp-4.9/zfuncs.cc:8001:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp) < 64) continue;
data/ukopp-4.9/zfuncs.cc:8004:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(wintitle) < 3) continue;
data/ukopp-4.9/zfuncs.cc:8090:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp) < 2) return;
data/ukopp-4.9/zfuncs.cc:8150:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp) < 2) return;
data/ukopp-4.9/zfuncs.cc:8241:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc2 = strlen(pp2);
data/ukopp-4.9/zfuncs.cc:8379:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else strcpy(wdata,"");
data/ukopp-4.9/zfuncs.cc:8837:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(text); // construct popup window
data/ukopp-4.9/zfuncs.cc:8890:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(text); // construct popup window
data/ukopp-4.9/zfuncs.cc:9178:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(file1) >= maxfcc)
data/ukopp-4.9/zfuncs.cc:9574:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(file);
data/ukopp-4.9/zfuncs.cc:9602:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = (char *) malloc(strlen(inp)+1);
data/ukopp-4.9/zfuncs.cc:10067:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(parmname);
data/ukopp-4.9/zfuncs.cc:10319:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (string) xcc = strlen(string); // string length
data/ukopp-4.9/zfuncs.cc:10381:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (str) xcc = strlen(str);
data/ukopp-4.9/zfuncs.cc:10413:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s2) cc2 = strlen(s2);
data/ukopp-4.9/zfuncs.cc:10427:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s1) cc1 = strlen(s1);
data/ukopp-4.9/zfuncs.cc:10441:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int scc = strlen(string);
data/ukopp-4.9/zfuncs.cc:10467:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(xpp+pos,string,scc); // insert string, without null
data/ukopp-4.9/zfuncs.cc:10479:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int scc = strlen(string);
data/ukopp-4.9/zfuncs.cc:10499:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(xpp+pos,string,scc); // insert string, without null
data/ukopp-4.9/zfuncs.cc:10518:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (xcc != (int) strlen(xpp)) zappcrash("xstring xcc != strlen(xpp)",null);
data/ukopp-4.9/zfuncs.cc:10811:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(table+pos,string,cc); // insert new string
data/ukopp-4.9/zfuncs.cc:11009:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000); // sleep in 1 millisec. steps
data/ukopp-4.9/zfuncs.cc:11148:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cc = strlen(name);
ANALYSIS SUMMARY:
Hits = 754
Lines analyzed = 16305 in approximately 0.47 seconds (34437 lines/second)
Physical Source Lines of Code (SLOC) = 10893
Hits@level = [0] 94 [1] 118 [2] 222 [3] 6 [4] 396 [5] 12
Hits@level+ = [0+] 848 [1+] 754 [2+] 636 [3+] 414 [4+] 408 [5+] 12
Hits/KSLOC@level+ = [0+] 77.8482 [1+] 69.2188 [2+] 58.3861 [3+] 38.0061 [4+] 37.4552 [5+] 1.10162
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.