Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xbomb-2.2b/xbomb.c
Examining data/xbomb-2.2b/xbomb.h
Examining data/xbomb-2.2b/xwindow.c
Examining data/xbomb-2.2b/icon.h
Examining data/xbomb-2.2b/hiscore.c
FINAL RESULTS:
data/xbomb-2.2b/hiscore.c:24:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int fprintf(FILE*, const char*,...);
data/xbomb-2.2b/hiscore.c:25:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf(const char*, ... );
data/xbomb-2.2b/hiscore.c:26:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int sscanf(char*, const char*,...);
data/xbomb-2.2b/hiscore.c:145:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name[grid_level-GAME_LEVEL][10],username);
data/xbomb-2.2b/hiscore.c:157:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name[grid_level-GAME_LEVEL][j],name[grid_level-GAME_LEVEL][j-1]);
data/xbomb-2.2b/hiscore.c:161:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name[grid_level-GAME_LEVEL][changed],username);
data/xbomb-2.2b/hiscore.c:185:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(datestr[i],ctime(&date[grid_level-GAME_LEVEL][i]));
data/xbomb-2.2b/hiscore.c:245:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name[i][j],sn.name);
data/xbomb-2.2b/hiscore.c:275:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sn.name,name[i][j]);
data/xbomb-2.2b/xbomb.c:22:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf(const char*, ... );
data/xbomb-2.2b/xbomb.c:112:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)t);
data/xbomb-2.2b/hiscore.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *levels[NLEVELS], /*+ levels (difficulty). +*/
data/xbomb-2.2b/hiscore.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *filenames[NTYPES]={"/var/games/xbomb/xbomb6.hi","/var/games/xbomb/xbomb4.hi","/var/games/xbomb/xbomb3.hi"};
data/xbomb-2.2b/hiscore.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pos[11][5]={"Top","2nd","3rd","4th","5th","6th","7th","8th","9th","10th","Lost"};
data/xbomb-2.2b/hiscore.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[NLEVELS+1][11][21];
data/xbomb-2.2b/hiscore.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20]; /*+ The user name. +*/
data/xbomb-2.2b/hiscore.c:175:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[11][32],*scores[11][4],scorestr[11][10];
data/xbomb-2.2b/hiscore.c:194:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{sprintf(scorestr[i],"%6.2f",(double)score[grid_level-GAME_LEVEL][i]/1000.0);scores[i][2]=scorestr[i];}
data/xbomb-2.2b/hiscore.c:196:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{sprintf(scorestr[i],"%6.1f",(double)score[grid_level-GAME_LEVEL][i]/1000.0);scores[i][2]=scorestr[i];}
data/xbomb-2.2b/hiscore.c:198:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
{sprintf(scorestr[i],"%6.0f",(double)score[grid_level-GAME_LEVEL][i]/1000.0);scores[i][2]=scorestr[i];}
data/xbomb-2.2b/hiscore.c:226:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name[i][j],"nobody");
data/xbomb-2.2b/hiscore.c:230:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filenames[grid_type-GAME_TYPE],"r");
data/xbomb-2.2b/hiscore.c:263:4: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(filenames[grid_type-GAME_TYPE],"w");
data/xbomb-2.2b/xbomb.c:31:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *levels[NLEVELS]={"Easy","Medium","Difficult"}, /*+ levels (difficulty). +*/
data/xbomb-2.2b/xbomb.c:50:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char state[MAX_SIZE][MAX_SIZE];
data/xbomb-2.2b/xbomb.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char levstr[3];
data/xbomb-2.2b/xbomb.c:88:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(levstr,"-%1d",j+1);
data/xbomb-2.2b/xbomb.h:88:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void DisplayHighScores(char *scores[11][4],int which_score);
data/xbomb-2.2b/xwindow.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *levels[NLEVELS], /*+ levels (difficulty). +*/
data/xbomb-2.2b/xwindow.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4][6];
data/xbomb-2.2b/xwindow.c:299:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name[0],"hs%da",i);
data/xbomb-2.2b/xwindow.c:300:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name[1],"hs%db",i);
data/xbomb-2.2b/xwindow.c:301:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name[2],"hs%ds",i);
data/xbomb-2.2b/xwindow.c:302:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name[3],"hs%dd",i);
data/xbomb-2.2b/xwindow.c:416:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char grid_numbers[13][2]={" ","1","2","3","4","5","6","7","8","9","A","B","C"};
data/xbomb-2.2b/xwindow.c:528:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void DisplayHighScores(char *scores[11][4],int which_score)
data/xbomb-2.2b/xwindow.c:943:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[16];
data/xbomb-2.2b/xwindow.c:945:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"UXB : %3d",n);
data/xbomb-2.2b/xwindow.c:968:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[16];
data/xbomb-2.2b/xwindow.c:976:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"Time : %4d",ticks);
data/xbomb-2.2b/xwindow.c:996:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[16];
data/xbomb-2.2b/xwindow.c:997:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"Time : 0");
data/xbomb-2.2b/xwindow.c:1011:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[16];
data/xbomb-2.2b/xwindow.c:1016:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"Time : %8.3f",(double)ticks/1000.0);
data/xbomb-2.2b/xbomb.c:97:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(argv[i][0]=='-' && !strncasecmp(types[j],argv[i]+1,strlen(argv[i])-1))
data/xbomb-2.2b/xbomb.c:102:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(argv[i])>2 && !strncmp("-hiscore",argv[i],strlen(argv[i])))
data/xbomb-2.2b/xbomb.c:102:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(argv[i])>2 && !strncmp("-hiscore",argv[i],strlen(argv[i])))
ANALYSIS SUMMARY:
Hits = 47
Lines analyzed = 1983 in approximately 0.07 seconds (30473 lines/second)
Physical Source Lines of Code (SLOC) = 1242
Hits@level = [0] 15 [1] 3 [2] 33 [3] 1 [4] 10 [5] 0
Hits@level+ = [0+] 62 [1+] 47 [2+] 44 [3+] 11 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 49.9195 [1+] 37.8422 [2+] 35.4267 [3+] 8.85668 [4+] 8.05153 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.