Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/uvloop-0.14.0+ds1/uvloop/includes/fork_handler.h
Examining data/uvloop-0.14.0+ds1/uvloop/includes/debug.h
Examining data/uvloop-0.14.0+ds1/uvloop/includes/compat.h
Examining data/uvloop-0.14.0+ds1/uvloop/loop.c
FINAL RESULTS:
data/uvloop-0.14.0+ds1/uvloop/loop.c:800:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/uvloop-0.14.0+ds1/uvloop/loop.c:167270:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate) PyErr_Clear();
data/uvloop-0.14.0+ds1/uvloop/loop.c:167271:18: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/uvloop-0.14.0+ds1/uvloop/loop.c:167271:58: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) {
data/uvloop-0.14.0+ds1/uvloop/loop.c:167292:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Py_XDECREF(setstate);
data/uvloop-0.14.0+ds1/uvloop/loop.c:753:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/uvloop-0.14.0+ds1/uvloop/loop.c:1208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _recv_buffer[0x3E800];
data/uvloop-0.14.0+ds1/uvloop/loop.c:3180:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PyObject *(*open)(struct __pyx_obj_6uvloop_4loop_UDPTransport *, int, int);
data/uvloop-0.14.0+ds1/uvloop/loop.c:50945:148: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
__pyx_t_4 = ((struct __pyx_vtabstruct_6uvloop_4loop_UDPTransport *)__pyx_cur_scope->__pyx_v_udp->__pyx_base.__pyx_base.__pyx_base.__pyx_vtab)->open(__pyx_cur_scope->__pyx_v_udp, __pyx_t_6, __pyx_t_7); if (unlikely(!__pyx_t_4)) __PYX_ERR(2, 2969, __pyx_L1_error)
data/uvloop-0.14.0+ds1/uvloop/loop.c:85765:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(__pyx_v_p_uvbufs[__pyx_v_uv_bufs_idx]).base = ((char *)(__pyx_v_p_pybufs[__pyx_v_py_bufs_len]).buf);
data/uvloop-0.14.0+ds1/uvloop/loop.c:106468:75: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__pyx_t_7 = PyBytes_AsString(__pyx_v_el); if (unlikely(__pyx_t_7 == ((char *)NULL))) __PYX_ERR(6, 234, __pyx_L1_error)
data/uvloop-0.14.0+ds1/uvloop/loop.c:116738:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __pyx_v_buf[0x80];
data/uvloop-0.14.0+ds1/uvloop/loop.c:117298:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)(memcpy(__pyx_v_res, (&__pyx_v_ret->addr), __pyx_v_ret->addr_size));
data/uvloop-0.14.0+ds1/uvloop/loop.c:118404:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)(memcpy(((struct sockaddr_un *)(&__pyx_v_ret->addr))->sun_path, __pyx_v_buf, __pyx_v_buflen));
data/uvloop-0.14.0+ds1/uvloop/loop.c:118479:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)(memcpy(__pyx_v_res, (&__pyx_v_ret->addr), __pyx_v_ret->addr_size));
data/uvloop-0.14.0+ds1/uvloop/loop.c:164831:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)result_udata + char_pos * result_ukind, udata, (size_t) (ulength * result_ukind));
data/uvloop-0.14.0+ds1/uvloop/loop.c:166760:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char DIGIT_PAIRS_10[2*10*10+1] = {
data/uvloop-0.14.0+ds1/uvloop/loop.c:166772:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char DIGIT_PAIRS_8[2*8*8+1] = {
data/uvloop-0.14.0+ds1/uvloop/loop.c:166782:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char DIGITS_HEX[2*16+1] = {
data/uvloop-0.14.0+ds1/uvloop/loop.c:166877:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[sizeof(Py_ssize_t)*3+2];
data/uvloop-0.14.0+ds1/uvloop/loop.c:166966:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digits[sizeof(int)*3+2];
data/uvloop-0.14.0+ds1/uvloop/loop.c:167304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char warning[200];
data/uvloop-0.14.0+ds1/uvloop/loop.c:169576:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/uvloop-0.14.0+ds1/uvloop/loop.c:169580:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/uvloop-0.14.0+ds1/uvloop/loop.c:677:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/uvloop-0.14.0+ds1/uvloop/loop.c:798:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1);
data/uvloop-0.14.0+ds1/uvloop/loop.c:7608:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_2 = __Pyx_decode_c_string(__pyx_t_1, 0, strlen(__pyx_t_1), NULL, NULL, NULL); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 2, __pyx_L1_error)
data/uvloop-0.14.0+ds1/uvloop/loop.c:8732:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_2 = __Pyx_decode_c_string(__pyx_t_5, 0, strlen(__pyx_t_5), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(1, 110, __pyx_L1_error)
data/uvloop-0.14.0+ds1/uvloop/loop.c:72868:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_7 = __Pyx_decode_c_string(__pyx_v_handle_ctx, 0, strlen(__pyx_v_handle_ctx), NULL, NULL, PyUnicode_DecodeLatin1); if (unlikely(!__pyx_t_7)) __PYX_ERR(4, 322, __pyx_L1_error)
data/uvloop-0.14.0+ds1/uvloop/loop.c:72976:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_7 = __Pyx_decode_c_string(__pyx_v_handle_ctx, 0, strlen(__pyx_v_handle_ctx), NULL, NULL, PyUnicode_DecodeLatin1); if (unlikely(!__pyx_t_7)) __PYX_ERR(4, 331, __pyx_L1_error)
data/uvloop-0.14.0+ds1/uvloop/loop.c:120338:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_4 = __Pyx_decode_c_string(__pyx_t_5, 0, strlen(__pyx_t_5), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_4)) __PYX_ERR(7, 324, __pyx_L1_error)
data/uvloop-0.14.0+ds1/uvloop/loop.c:162011:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(cstring);
data/uvloop-0.14.0+ds1/uvloop/loop.c:169624:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
ANALYSIS SUMMARY:
Hits = 33
Lines analyzed = 170004 in approximately 4.27 seconds (39796 lines/second)
Physical Source Lines of Code (SLOC) = 97379
Hits@level = [0] 0 [1] 9 [2] 19 [3] 4 [4] 1 [5] 0
Hits@level+ = [0+] 33 [1+] 33 [2+] 24 [3+] 5 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 0.338882 [1+] 0.338882 [2+] 0.24646 [3+] 0.0513458 [4+] 0.0102692 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.