- test.c:32: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120, CWE-20). Use
fgets() instead.
gets(f);
@@ -29,7 +29,7 @@ Examining test2.c
- test.c:56: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120).
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120).
Consider strcat_s, strlcat, snprintf, or automatically resizing strings.
Risk is high; the length parameter appears to be a constant, instead of
computing the number of characters left.
@@ -39,7 +39,7 @@ Examining test2.c
- test.c:57: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120).
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120).
Consider strcat_s, strlcat, or automatically resizing strings. Risk is
high; the length parameter appears to be a constant, instead of computing
the number of characters left.
@@ -48,37 +48,37 @@ Examining test2.c
- test.c:60: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
- high, it appears that the size is given as bytes, but the function requires
- size as characters.
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120). Risk
+ is high, it appears that the size is given as bytes, but the function
+ requires size as characters.
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));
- test.c:62: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
- high, it appears that the size is given as bytes, but the function requires
- size as characters.
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120). Risk
+ is high, it appears that the size is given as bytes, but the function
+ requires size as characters.
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);
- test.c:73: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
+ href="https://cwe.mitre.org/data/definitions/732.html">CWE-732).
SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);
- test.c:73: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
+ href="https://cwe.mitre.org/data/definitions/732.html">CWE-732).
SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);
- test.c:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
- (CWE-120).
+ (CWE-120).
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily
misused).
@@ -86,61 +86,61 @@ Examining test2.c
- test.c:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120). Use
sprintf_s, snprintf, or vsnprintf.
sprintf(s, "hello %s", bug);
- test.c:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120). Use
sprintf_s, snprintf, or vsnprintf.
sprintf(s, gettext("hello %s"), bug);
- test.c:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make
+ href="https://cwe.mitre.org/data/definitions/134.html">CWE-134). Make
format string constant.
sprintf(s, unknown, bug);
- test.c:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
- (CWE-134). Use
- a constant for the format specification.
+ (CWE-134).
+ Use a constant for the format specification.
printf(bf, x);
- test.c:25: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a
- limit to %s, or use a different input function.
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120, CWE-20). Specify
+ a limit to %s, or use a different input function.
scanf("%s", s);
- test.c:27: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a
- limit to %s, or use a different input function.
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120, CWE-20). Specify
+ a limit to %s, or use a different input function.
scanf("%s", s);
- test.c:38: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a
+ href="https://cwe.mitre.org/data/definitions/134.html">CWE-134). Use a
constant format string for syslog.
syslog(LOG_ERR, attacker_string);
- test.c:49: [4] (buffer) _mbscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
- (CWE-120).
+ (CWE-120).
Consider using a function version that stops copying at the end of the
buffer.
@@ -149,13 +149,13 @@ Examining test2.c
- test.c:52: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120).
lstrcat(d,s);
- test.c:75: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely (CWE-78). Specify
+ href="https://cwe.mitre.org/data/definitions/78.html">CWE-78). Specify
the application path in the first argument, NOT as part of the second, or
embedded spaces could allow an attacker to force a different program to
run.
@@ -164,7 +164,7 @@ Examining test2.c
- test.c:75: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely (CWE-78). Specify
+ href="https://cwe.mitre.org/data/definitions/78.html">CWE-78). Specify
the application path in the first argument, NOT as part of the second, or
embedded spaces could allow an attacker to force a different program to
run.
@@ -173,15 +173,15 @@ Examining test2.c
- test.c:91: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
- (CWE-120, CWE-20). Check
+ (CWE-120, CWE-20). Check
implementation on installation, or limit the size of all string inputs.
while ((optc = getopt_long (argc, argv, "a",longopts, NULL )) != EOF) {
- test.c:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
- (CWE-120).
+ (CWE-120).
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily
misused). Risk is low because the source is a constant string.
@@ -189,7 +189,7 @@ Examining test2.c
- test.c:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120). Use
sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a
constant maximum length.
@@ -198,33 +198,33 @@ Examining test2.c
- test.c:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform
- bounds checking, use functions that limit length, or ensure that the size
- is larger than the maximum possible length.
+ href="https://cwe.mitre.org/data/definitions/119.html">CWE-119!/CWE-120).
+ Perform bounds checking, use functions that limit length, or ensure that
+ the size is larger than the maximum possible length.
char d[20];
- test.c:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform
- bounds checking, use functions that limit length, or ensure that the size
- is larger than the maximum possible length.
+ href="https://cwe.mitre.org/data/definitions/119.html">CWE-119!/CWE-120).
+ Perform bounds checking, use functions that limit length, or ensure that
+ the size is larger than the maximum possible length.
char s[20];
- test.c:50: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120). Make
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120). Make
sure destination can always hold the source data.
memcpy(d,s);
- test.c:51: [2] (buffer) CopyMemory:
Does not check for buffer overflows when copying to destination (CWE-120). Make
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120). Make
sure destination can always hold the source data.
CopyMemory(d,s);
@@ -234,13 +234,13 @@ Examining test2.c
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
+ href="https://cwe.mitre.org/data/definitions/362.html">CWE-362).
f = fopen("/etc/passwd", "r");
- test.c:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
- (CWE-120).
+ (CWE-120).
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily
misused). Risk is low because the source is a constant character.
@@ -248,7 +248,7 @@ Examining test2.c
- test.c:18: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120). Use
sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a
constant character.
@@ -256,7 +256,7 @@ Examining test2.c
- test.c:26: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough (CWE-120). Check
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120). Check
that the limit is sufficiently small, or use a different input function.
scanf("%10s", s);
@@ -264,21 +264,21 @@ Examining test2.c
- test.c:53: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120).
strncpy(d,s);
- test.c:54: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120).
_tcsncpy(d,s);
- test.c:55: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120).
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120).
Consider strcat_s, strlcat, snprintf, or automatically resizing strings.
strncat(d,s,10);
@@ -286,21 +286,21 @@ Examining test2.c
- test.c:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ href="https://cwe.mitre.org/data/definitions/126.html">CWE-126).
n = strlen(d);
- test.c:64: [1] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
- very low, the length appears to be in characters not bytes.
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120). Risk
+ is very low, the length appears to be in characters not bytes.
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));
- test.c:66: [1] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
- very low, the length appears to be in characters not bytes.
+ href="https://cwe.mitre.org/data/definitions/120.html">CWE-120). Risk
+ is very low, the length appears to be in characters not bytes.
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0]));
diff --git a/flawfinder b/flawfinder
index aded2b1..1b66191 100755
--- a/flawfinder
+++ b/flawfinder
@@ -439,7 +439,7 @@ class Hit(object):
main_text = h("%(warning)s. " % self)
if output_format: # Create HTML link to CWE definitions
main_text = link_cwe_pattern.sub(
- r'\1\3',
+ r'\1\3',
main_text)
if single_line:
print(main_text, end='')
diff --git a/flawfinder.1 b/flawfinder.1
index e12199c..532458e 100644
--- a/flawfinder.1
+++ b/flawfinder.1
@@ -846,8 +846,8 @@ that can occur in software's architecture, design, code or implementation
that can lead to exploitable security vulnerabilities...
created to serve as a common language for
describing software security weaknesses''
-(http://cwe.mitre.org/about/faq.html).
-For more information on CWEs, see http://cwe.mitre.org.
+(https://cwe.mitre.org/about/faq.html).
+For more information on CWEs, see https://cwe.mitre.org.
.PP
Flawfinder supports the CWE and is officially CWE-Compatible.
Hit descriptions typically include a relevant
@@ -869,7 +869,7 @@ all the CWE mappings are listed as separated by commas.
This often occurs with CWE-20, Improper Input Validation;
thus the report "CWE-676, CWE-120" maps to two CWEs.
In addition, flawfinder provides additional information for those who are
-are interested in the CWE/SANS top 25 list 2011 (http://cwe.mitre.org/top25/)
+are interested in the CWE/SANS top 25 list 2011 (https://cwe.mitre.org/top25/)
when mappings are not directly to them.
Many people will want to search for specific CWEs in this top 25 list,
such as CWE-120 (classic buffer overflow).