diff --git a/correct-results.html b/correct-results.html index 25c2b01..7628c6b 100644 --- a/correct-results.html +++ b/correct-results.html @@ -9,8 +9,8 @@
Examining test.c
diff --git a/correct-results.txt b/correct-results.txt
index 24295c7..b309120 100644
--- a/correct-results.txt
+++ b/correct-results.txt
@@ -1,4 +1,4 @@
-Flawfinder version 1.28, (C) 2001-2007 David A. Wheeler.
+Flawfinder version 1.29, (C) 2001-2014 David A. Wheeler.
Number of dangerous functions in C/C++ ruleset: 160
Examining test.c
Examining test2.c
diff --git a/flawfinder b/flawfinder
index 82c7c31..a924854 100755
--- a/flawfinder
+++ b/flawfinder
@@ -6,7 +6,7 @@
See the man page for a description of the options."""
-version="1.28"
+version="1.29"
# The default output is as follows:
# filename:line_number [risk_level] (type) function_name: message
@@ -1478,9 +1478,9 @@ def display_header():
print "
-Examining test.c
-Examining test2.c
-
- gets(f); --
- strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */ --
- _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */ --
- MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)); --
- MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName); --
- SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE); --
- SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE); --
- strcpy(b, a); --
- sprintf(s, "hello %s", bug); --
- sprintf(s, gettext("hello %s"), bug); --
- sprintf(s, unknown, bug); --
- printf(bf, x); --
- scanf("%s", s); --
- scanf("%s", s); --
- syslog(LOG_ERR, attacker_string); --
- _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */ --
- lstrcat(d,s); --
- CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); --
- CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); --
- while ((optc = getopt_long (argc, argv, "a",longopts, NULL )) != EOF) { --
- strcpy(a, gettext("Hello there")); // Did this work? --
- sprintf(s, "hello"); --
- char d[20]; --
- char s[20]; --
- memcpy(d,s); --
- CopyMemory(d,s); --
- f = fopen("/etc/passwd", "r"); --
- strcpy(a, "\n"); // Did this work? --
- sprintf(s, "\n"); --
- scanf("%10s", s); --
- strncpy(d,s); --
- _tcsncpy(d,s); --
- strncat(d,s,10); --
- n = strlen(d); --
- MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0])); --
- MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0])); --
-Hits = 36
-
-Lines analyzed = 118
-
-Physical Source Lines of Code (SLOC) = 80
-
-Hits@level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7
-Hits@level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7
-Hits/KSLOC@level+ = [0+] 450 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5
-Suppressed hits = 2 (use --neverignore to show them)
-
-Minimum risk level = 1
-
-Not every hit is necessarily a security vulnerability.
-
-There may be other security vulnerabilities; review your code!
-
-
diff --git a/test-results.txt b/test-results.txt
deleted file mode 100644
index 24295c7..0000000
--- a/test-results.txt
+++ /dev/null
@@ -1,150 +0,0 @@
-Flawfinder version 1.28, (C) 2001-2007 David A. Wheeler.
-Number of dangerous functions in C/C++ ruleset: 160
-Examining test.c
-Examining test2.c
-test.c:32: [5] (buffer) gets:
- Does not check for buffer overflows (CWE-120). Use fgets() instead.
-test.c:56: [5] (buffer) strncat:
- Easily used incorrectly (e.g., incorrectly computing the correct
- maximum size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
- resizing strings. Risk is high; the length parameter appears to be a
- constant, instead of computing the number of characters left.
-test.c:57: [5] (buffer) _tcsncat:
- Easily used incorrectly (e.g., incorrectly computing the correct
- maximum size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
- resizing strings. Risk is high; the length parameter appears to be a
- constant, instead of computing the number of characters left.
-test.c:60: [5] (buffer) MultiByteToWideChar:
- Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
- high, it appears that the size is given as bytes, but the function
- requires size as characters.
-test.c:62: [5] (buffer) MultiByteToWideChar:
- Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
- high, it appears that the size is given as bytes, but the function
- requires size as characters.
-test.c:73: [5] (misc) SetSecurityDescriptorDacl:
- Never create NULL ACLs; an attacker can set it to Everyone (Deny All
- Access), which would even forbid administrator access (CWE-732).
-test.c:73: [5] (misc) SetSecurityDescriptorDacl:
- Never create NULL ACLs; an attacker can set it to Everyone (Deny All
- Access), which would even forbid administrator access (CWE-732).
-test.c:17: [4] (buffer) strcpy:
- Does not check for buffer overflows when copying to destination
- (CWE-120). Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is
- easily misused).
-test.c:20: [4] (buffer) sprintf:
- Does not check for buffer overflows (CWE-120). Use sprintf_s,
- snprintf, or vsnprintf.
-test.c:21: [4] (buffer) sprintf:
- Does not check for buffer overflows (CWE-120). Use sprintf_s,
- snprintf, or vsnprintf.
-test.c:22: [4] (format) sprintf:
- Potential format string problem (CWE-134). Make format string
- constant.
-test.c:23: [4] (format) printf:
- If format strings can be influenced by an attacker, they can be
- exploited (CWE-134). Use a constant for the format specification.
-test.c:25: [4] (buffer) scanf:
- The scanf() family's %s operation, without a limit specification,
- permits buffer overflows (CWE-120). Specify a limit to %s, or use a
- different input function.
-test.c:27: [4] (buffer) scanf:
- The scanf() family's %s operation, without a limit specification,
- permits buffer overflows (CWE-120). Specify a limit to %s, or use a
- different input function.
-test.c:38: [4] (format) syslog:
- If syslog's format strings can be influenced by an attacker, they can
- be exploited (CWE-134). Use a constant format string for syslog.
-test.c:49: [4] (buffer) _mbscpy:
- Does not check for buffer overflows when copying to destination
- (CWE-120). Consider using a function version that stops copying at the end of
- the buffer.
-test.c:52: [4] (buffer) lstrcat:
- Does not check for buffer overflows when concatenating to destination
- (CWE-120).
-test.c:75: [3] (shell) CreateProcess:
- This causes a new process to execute and is difficult to use safely
- (CWE-78). Specify the application path in the first argument, NOT as part
- of the second, or embedded spaces could allow an attacker to force a
- different program to run.
-test.c:75: [3] (shell) CreateProcess:
- This causes a new process to execute and is difficult to use safely
- (CWE-78). Specify the application path in the first argument, NOT as part
- of the second, or embedded spaces could allow an attacker to force a
- different program to run.
-test.c:91: [3] (buffer) getopt_long:
- Some older implementations do not protect against internal buffer
- overflows (CWE-120). Check implementation on installation, or limit the
- size of all string inputs.
-test.c:16: [2] (buffer) strcpy:
- Does not check for buffer overflows when copying to destination
- (CWE-120). Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is
- easily misused). Risk is low because the source is a constant string.
-test.c:19: [2] (buffer) sprintf:
- Does not check for buffer overflows (CWE-120). Use sprintf_s,
- snprintf, or vsnprintf. Risk is low because the source has a constant maximum
- length.
-test.c:45: [2] (buffer) char:
- Statically-sized arrays can be overflowed (CWE-120). Perform bounds
- checking, use functions that limit length, or ensure that the size is
- larger than the maximum possible length (CWE-119).
-test.c:46: [2] (buffer) char:
- Statically-sized arrays can be overflowed (CWE-120). Perform bounds
- checking, use functions that limit length, or ensure that the size is
- larger than the maximum possible length (CWE-119).
-test.c:50: [2] (buffer) memcpy:
- Does not check for buffer overflows when copying to destination
- (CWE-120). Make sure destination can always hold the source data.
-test.c:51: [2] (buffer) CopyMemory:
- Does not check for buffer overflows when copying to destination
- (CWE-120). Make sure destination can always hold the source data.
-test.c:97: [2] (misc) fopen:
- Check when opening files - can an attacker redirect it (via symlinks),
- force the opening of special file type (e.g., device files), move
- things around to create a race condition, control its ancestors, or change
- its contents? (CWE-362).
-test.c:15: [1] (buffer) strcpy:
- Does not check for buffer overflows when copying to destination
- (CWE-120). Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is
- easily misused). Risk is low because the source is a constant
- character.
-test.c:18: [1] (buffer) sprintf:
- Does not check for buffer overflows (CWE-120). Use sprintf_s,
- snprintf, or vsnprintf. Risk is low because the source is a constant character.
-test.c:26: [1] (buffer) scanf:
- it's unclear if the %s limit in the format string is small enough
- (CWE-120). Check that the limit is sufficiently small, or use a different
- input function.
-test.c:53: [1] (buffer) strncpy:
- Easily used incorrectly; doesn't always \0-terminate or check for
- invalid pointers (CWE-120).
-test.c:54: [1] (buffer) _tcsncpy:
- Easily used incorrectly; doesn't always \0-terminate or check for
- invalid pointers (CWE-120).
-test.c:55: [1] (buffer) strncat:
- Easily used incorrectly (e.g., incorrectly computing the correct
- maximum size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
- resizing strings.
-test.c:58: [1] (buffer) strlen:
- Does not handle strings that are not \0-terminated (it could cause a
- crash if unprotected) (CWE-119).
-test.c:64: [1] (buffer) MultiByteToWideChar:
- Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
- very low, the length appears to be in characters not bytes.
-test.c:66: [1] (buffer) MultiByteToWideChar:
- Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
- very low, the length appears to be in characters not bytes.
-
-Hits = 36
-Lines analyzed = 118
-Physical Source Lines of Code (SLOC) = 80
-Hits@level = [0] 0 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7
-Hits@level+ = [0+] 36 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7
-Hits/KSLOC@level+ = [0+] 450 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5
-Suppressed hits = 2 (use --neverignore to show them)
-Minimum risk level = 1
-Not every hit is necessarily a security vulnerability.
-There may be other security vulnerabilities; review your code!
-
-Testing for no ending newline:
-Lines analyzed = 32