walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Rewrite print_multi_line. It's now shorter, faster, and formats better

This commit is contained in:
David A. Wheeler 2014-07-19 16:42:14 -04:00
parent f9a6fdd314
commit 7112bf164c
3 changed files with 224 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

223
correct-results.html
View File

@ -15,248 +15,289 @@ Number of dangerous functions in C/C++ ruleset: 160
<p>
Examining test.c <br>
Examining test2.c <br>
<h2>Final Results</h2>
<ul>
<li>test.c:32: <b> [5] </b> (buffer) <i> gets:
Does not check for buffer overflows (CWE-120). Use fgets() instead. </i>
Does not check for buffer overflows (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Use
fgets() instead. </i>
<pre>
gets(f);
</pre>
<li>test.c:56: <b> [5] </b> (buffer) <i> strncat:
Easily used incorrectly (e.g., incorrectly computing the correct
maximum size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
resizing strings. Risk is high; the length parameter appears to be a
constant, instead of computing the number of characters left. </i>
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
Consider strcat_s, strlcat, or automatically resizing strings. Risk is
high; the length parameter appears to be a constant, instead of computing
the number of characters left. </i>
<pre>
strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */
</pre>
<li>test.c:57: <b> [5] </b> (buffer) <i> _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct
maximum size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
resizing strings. Risk is high; the length parameter appears to be a
constant, instead of computing the number of characters left. </i>
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
Consider strcat_s, strlcat, or automatically resizing strings. Risk is
high; the length parameter appears to be a constant, instead of computing
the number of characters left. </i>
<pre>
_tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */
</pre>
<li>test.c:60: <b> [5] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
high, it appears that the size is given as bytes, but the function
requires size as characters. </i>
Requires maximum length in CHARACTERS, not bytes (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk is
high, it appears that the size is given as bytes, but the function requires
size as characters. </i>
<pre>
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));
</pre>
<li>test.c:62: <b> [5] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
high, it appears that the size is given as bytes, but the function
requires size as characters. </i>
Requires maximum length in CHARACTERS, not bytes (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk is
high, it appears that the size is given as bytes, but the function requires
size as characters. </i>
<pre>
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);
</pre>
<li>test.c:73: <b> [5] </b> (misc) <i> SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732). </i>
Access), which would even forbid administrator access (<a
href="http://cwe.mitre.org/data/definitions/732.html">CWE-732</a>). </i>
<pre>
SetSecurityDescriptorDacl(&amp;sd,TRUE,NULL,FALSE);
</pre>
<li>test.c:73: <b> [5] </b> (misc) <i> SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732). </i>
Access), which would even forbid administrator access (<a
href="http://cwe.mitre.org/data/definitions/732.html">CWE-732</a>). </i>
<pre>
SetSecurityDescriptorDacl(&amp;sd,TRUE,NULL,FALSE);
</pre>
<li>test.c:17: <b> [4] </b> (buffer) <i> strcpy:
Does not check for buffer overflows when copying to destination
(CWE-120). Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is
easily misused). </i>
Does not check for buffer overflows when copying to destination (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused). </i>
<pre>
strcpy(b, a);
</pre>
<li>test.c:20: <b> [4] </b> (buffer) <i> sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s,
snprintf, or vsnprintf. </i>
Does not check for buffer overflows (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Use
sprintf_s, snprintf, or vsnprintf. </i>
<pre>
sprintf(s, "hello %s", bug);
</pre>
<li>test.c:21: <b> [4] </b> (buffer) <i> sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s,
snprintf, or vsnprintf. </i>
Does not check for buffer overflows (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Use
sprintf_s, snprintf, or vsnprintf. </i>
<pre>
sprintf(s, gettext("hello %s"), bug);
</pre>
<li>test.c:22: <b> [4] </b> (format) <i> sprintf:
Potential format string problem (CWE-134). Make format string
constant. </i>
Potential format string problem (<a
href="http://cwe.mitre.org/data/definitions/134.html">CWE-134</a>). Make
format string constant. </i>
<pre>
sprintf(s, unknown, bug);
</pre>
<li>test.c:23: <b> [4] </b> (format) <i> printf:
If format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant for the format specification. </i>
If format strings can be influenced by an attacker, they can be exploited
(<a href="http://cwe.mitre.org/data/definitions/134.html">CWE-134</a>). Use
a constant for the format specification. </i>
<pre>
printf(bf, x);
</pre>
<li>test.c:25: <b> [4] </b> (buffer) <i> scanf:
The scanf() family's %s operation, without a limit specification,
permits buffer overflows (CWE-120). Specify a limit to %s, or use a
different input function. </i>
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Specify
a limit to %s, or use a different input function. </i>
<pre>
scanf("%s", s);
</pre>
<li>test.c:27: <b> [4] </b> (buffer) <i> scanf:
The scanf() family's %s operation, without a limit specification,
permits buffer overflows (CWE-120). Specify a limit to %s, or use a
different input function. </i>
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Specify
a limit to %s, or use a different input function. </i>
<pre>
scanf("%s", s);
</pre>
<li>test.c:38: <b> [4] </b> (format) <i> syslog:
If syslog's format strings can be influenced by an attacker, they can
be exploited (CWE-134). Use a constant format string for syslog. </i>
If syslog's format strings can be influenced by an attacker, they can be
exploited (<a
href="http://cwe.mitre.org/data/definitions/134.html">CWE-134</a>). Use a
constant format string for syslog. </i>
<pre>
syslog(LOG_ERR, attacker_string);
</pre>
<li>test.c:49: <b> [4] </b> (buffer) <i> _mbscpy:
Does not check for buffer overflows when copying to destination
(CWE-120). Consider using a function version that stops copying at the end of
the buffer. </i>
Does not check for buffer overflows when copying to destination (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
Consider using a function version that stops copying at the end of the
buffer. </i>
<pre>
_mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */
</pre>
<li>test.c:52: <b> [4] </b> (buffer) <i> lstrcat:
Does not check for buffer overflows when concatenating to destination
(CWE-120). </i>
Does not check for buffer overflows when concatenating to destination (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i>
<pre>
lstrcat(d,s);
</pre>
<li>test.c:75: <b> [3] </b> (shell) <i> CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run. </i>
This causes a new process to execute and is difficult to use safely (<a
href="http://cwe.mitre.org/data/definitions/78.html">CWE-78</a>). Specify
the application path in the first argument, NOT as part of the second, or
embedded spaces could allow an attacker to force a different program to
run. </i>
<pre>
CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", "");
</pre>
<li>test.c:75: <b> [3] </b> (shell) <i> CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run. </i>
This causes a new process to execute and is difficult to use safely (<a
href="http://cwe.mitre.org/data/definitions/78.html">CWE-78</a>). Specify
the application path in the first argument, NOT as part of the second, or
embedded spaces could allow an attacker to force a different program to
run. </i>
<pre>
CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", "");
</pre>
<li>test.c:91: <b> [3] </b> (buffer) <i> getopt_long:
Some older implementations do not protect against internal buffer
overflows (CWE-120). Check implementation on installation, or limit the
size of all string inputs. </i>
Some older implementations do not protect against internal buffer overflows
(<a href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
Check implementation on installation, or limit the size of all string
inputs. </i>
<pre>
while ((optc = getopt_long (argc, argv, "a",longopts, NULL )) != EOF) {
</pre>
<li>test.c:16: <b> [2] </b> (buffer) <i> strcpy:
Does not check for buffer overflows when copying to destination
(CWE-120). Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is
easily misused). Risk is low because the source is a constant string. </i>
Does not check for buffer overflows when copying to destination (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused). Risk is low because the source is a constant string. </i>
<pre>
strcpy(a, gettext("Hello there")); // Did this work?
</pre>
<li>test.c:19: <b> [2] </b> (buffer) <i> sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s,
snprintf, or vsnprintf. Risk is low because the source has a constant maximum
length. </i>
Does not check for buffer overflows (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Use
sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a
constant maximum length. </i>
<pre>
sprintf(s, "hello");
</pre>
<li>test.c:45: <b> [2] </b> (buffer) <i> char:
Statically-sized arrays can be overflowed (CWE-120). Perform bounds
checking, use functions that limit length, or ensure that the size is
larger than the maximum possible length (CWE-119). </i>
Statically-sized arrays can be overflowed (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Perform
bounds checking, use functions that limit length, or ensure that the size
is larger than the maximum possible length (CWE-119). </i>
<pre>
char d[20];
</pre>
<li>test.c:46: <b> [2] </b> (buffer) <i> char:
Statically-sized arrays can be overflowed (CWE-120). Perform bounds
checking, use functions that limit length, or ensure that the size is
larger than the maximum possible length (CWE-119). </i>
Statically-sized arrays can be overflowed (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Perform
bounds checking, use functions that limit length, or ensure that the size
is larger than the maximum possible length (CWE-119). </i>
<pre>
char s[20];
</pre>
<li>test.c:50: <b> [2] </b> (buffer) <i> memcpy:
Does not check for buffer overflows when copying to destination
(CWE-120). Make sure destination can always hold the source data. </i>
Does not check for buffer overflows when copying to destination (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make
sure destination can always hold the source data. </i>
<pre>
memcpy(d,s);
</pre>
<li>test.c:51: <b> [2] </b> (buffer) <i> CopyMemory:
Does not check for buffer overflows when copying to destination
(CWE-120). Make sure destination can always hold the source data. </i>
Does not check for buffer overflows when copying to destination (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make
sure destination can always hold the source data. </i>
<pre>
CopyMemory(d,s);
</pre>
<li>test.c:97: <b> [2] </b> (misc) <i> fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move
things around to create a race condition, control its ancestors, or change
its contents? (CWE-362). </i>
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (<a
href="http://cwe.mitre.org/data/definitions/362.html">CWE-362</a>). </i>
<pre>
f = fopen("/etc/passwd", "r");
</pre>
<li>test.c:15: <b> [1] </b> (buffer) <i> strcpy:
Does not check for buffer overflows when copying to destination
(CWE-120). Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is
easily misused). Risk is low because the source is a constant
character. </i>
Does not check for buffer overflows when copying to destination (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused). Risk is low because the source is a constant character. </i>
<pre>
strcpy(a, "\n"); // Did this work?
</pre>
<li>test.c:18: <b> [1] </b> (buffer) <i> sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s,
snprintf, or vsnprintf. Risk is low because the source is a constant character. </i>
Does not check for buffer overflows (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Use
sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a
constant character. </i>
<pre>
sprintf(s, "\n");
</pre>
<li>test.c:26: <b> [1] </b> (buffer) <i> scanf:
it's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function. </i>
It's unclear if the %s limit in the format string is small enough (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Check
that the limit is sufficiently small, or use a different input function. </i>
<pre>
scanf("%10s", s);
</pre>
<li>test.c:53: <b> [1] </b> (buffer) <i> strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for
invalid pointers (CWE-120). </i>
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i>
<pre>
strncpy(d,s);
</pre>
<li>test.c:54: <b> [1] </b> (buffer) <i> _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for
invalid pointers (CWE-120). </i>
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i>
<pre>
_tcsncpy(d,s);
</pre>
<li>test.c:55: <b> [1] </b> (buffer) <i> strncat:
Easily used incorrectly (e.g., incorrectly computing the correct
maximum size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
resizing strings. </i>
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
Consider strcat_s, strlcat, or automatically resizing strings. </i>
<pre>
strncat(d,s,10);
</pre>
<li>test.c:58: <b> [1] </b> (buffer) <i> strlen:
Does not handle strings that are not \0-terminated (it could cause a
crash if unprotected) (CWE-119). </i>
Does not handle strings that are not \0-terminated (it could cause a crash
if unprotected) (<a
href="http://cwe.mitre.org/data/definitions/119.html">CWE-119</a>). </i>
<pre>
n = strlen(d);
</pre>
<li>test.c:64: <b> [1] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
Requires maximum length in CHARACTERS, not bytes (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk is
very low, the length appears to be in characters not bytes. </i>
<pre>
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));
</pre>
<li>test.c:66: <b> [1] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
Requires maximum length in CHARACTERS, not bytes (<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk is
very low, the length appears to be in characters not bytes. </i>
<pre>
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0]));
</pre>
</ul>
<h2>Analysis Summary</h2>
<p>
Hits = 36
<br>

156
correct-results.txt
View File

@ -2,138 +2,140 @@ Flawfinder version 1.29, (C) 2001-2014 David A. Wheeler.
Number of dangerous functions in C/C++ ruleset: 160
Examining test.c
Examining test2.c
FINAL RESULTS:
test.c:32: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120). Use fgets() instead.
Does not check for buffer overflows (CWE-120). Use fgets() instead.
test.c:56: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct
maximum size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
resizing strings. Risk is high; the length parameter appears to be a
constant, instead of computing the number of characters left.
test.c:57: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct
maximum size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
resizing strings. Risk is high; the length parameter appears to be a
constant, instead of computing the number of characters left.
test.c:60: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
high, it appears that the size is given as bytes, but the function
requires size as characters.
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
test.c:62: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
high, it appears that the size is given as bytes, but the function
requires size as characters.
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
test.c:73: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
Access), which would even forbid administrator access (CWE-732).
test.c:73: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
Access), which would even forbid administrator access (CWE-732).
test.c:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination
(CWE-120). Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is
easily misused).
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused).
test.c:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s,
snprintf, or vsnprintf.
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
test.c:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s,
snprintf, or vsnprintf.
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
test.c:22: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string
constant.
Potential format string problem (CWE-134). Make format string constant.
test.c:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant for the format specification.
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
test.c:25: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification,
permits buffer overflows (CWE-120). Specify a limit to %s, or use a
different input function.
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120). Specify a limit to %s, or use a different input
function.
test.c:27: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification,
permits buffer overflows (CWE-120). Specify a limit to %s, or use a
different input function.
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120). Specify a limit to %s, or use a different input
function.
test.c:38: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can
be exploited (CWE-134). Use a constant format string for syslog.
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
test.c:49: [4] (buffer) _mbscpy:
Does not check for buffer overflows when copying to destination
(CWE-120). Consider using a function version that stops copying at the end of
the buffer.
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using a function version that stops copying at the end of the
buffer.
test.c:52: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
(CWE-120).
(CWE-120).
test.c:75: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
different program to run.
test.c:75: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
different program to run.
test.c:91: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer
overflows (CWE-120). Check implementation on installation, or limit the
size of all string inputs.
Some older implementations do not protect against internal buffer overflows
(CWE-120). Check implementation on installation, or limit the size of all
string inputs.
test.c:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination
(CWE-120). Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is
easily misused). Risk is low because the source is a constant string.
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused). Risk is low because the source is a constant string.
test.c:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s,
snprintf, or vsnprintf. Risk is low because the source has a constant maximum
length.
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
test.c:45: [2] (buffer) char:
Statically-sized arrays can be overflowed (CWE-120). Perform bounds
checking, use functions that limit length, or ensure that the size is
larger than the maximum possible length (CWE-119).
larger than the maximum possible length (CWE-119).
test.c:46: [2] (buffer) char:
Statically-sized arrays can be overflowed (CWE-120). Perform bounds
checking, use functions that limit length, or ensure that the size is
larger than the maximum possible length (CWE-119).
larger than the maximum possible length (CWE-119).
test.c:50: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination
(CWE-120). Make sure destination can always hold the source data.
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
test.c:51: [2] (buffer) CopyMemory:
Does not check for buffer overflows when copying to destination
(CWE-120). Make sure destination can always hold the source data.
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
test.c:97: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move
things around to create a race condition, control its ancestors, or change
its contents? (CWE-362).
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test.c:15: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination
(CWE-120). Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is
easily misused). Risk is low because the source is a constant
character.
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused). Risk is low because the source is a constant character.
test.c:18: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s,
snprintf, or vsnprintf. Risk is low because the source is a constant character.
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
test.c:26: [1] (buffer) scanf:
it's unclear if the %s limit in the format string is small enough
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
input function.
test.c:53: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for
invalid pointers (CWE-120).
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers (CWE-120).
test.c:54: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for
invalid pointers (CWE-120).
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers (CWE-120).
test.c:55: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct
maximum size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
resizing strings.
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
resizing strings.
test.c:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated (it could cause a
crash if unprotected) (CWE-119).
Does not handle strings that are not \0-terminated (it could cause a crash
if unprotected) (CWE-119).
test.c:64: [1] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
very low, the length appears to be in characters not bytes.
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is very
low, the length appears to be in characters not bytes.
test.c:66: [1] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is
very low, the length appears to be in characters not bytes.
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is very
low, the length appears to be in characters not bytes.
ANALYSIS SUMMARY:
Hits = 36
Lines analyzed = 118

35
flawfinder
View File

@ -270,30 +270,21 @@ def h(s):
def print_multi_line(text):
# Print text as multiple indented lines.
width = 72
width = 78
prefix = " "
starting_position = len(prefix) + 1
printed_something = 0 # Have we printed on this line?
position = starting_position
nextword = ""
#
print prefix,
for c in text:
if (c == " "):
print nextword,
position = position + 1 # account for space we just printed.
printed_something = 1
nextword = ""
else: # NonSpace.
nextword = nextword + c
position = position + 1
if position > width: # Whups, out of space
if (printed_something): # We've printed something out.
print # Done with this line, move to next.
print prefix,
position = starting_position
print nextword, # Print remainder (can be overlong if no spaces)
position = starting_position
#
for w in text.split():
if len(w) + position >= width:
print
print prefix,
position = starting_position
print w,
position = position + len(w) + 1
# This matches references to CWE identifiers, so we can HTMLize them.
# We don't refer to CWE-1 through CWE-9, so we'll only match on 2+ digits.
link_cwe_pattern = re.compile(r'(CWE-([1-9][0-9]+))([,()])')
@ -639,7 +630,7 @@ def c_scanf(hit):
elif p_low_risk_scanf_format.search(source):
# This is often okay, but sometimes extremely serious.
hit.level = 1
hit.warning = "it's unclear if the %s limit in the format string is small enough (CWE-120)"
hit.warning = "It's unclear if the %s limit in the format string is small enough (CWE-120)"
hit.suggestion = "Check that the limit is sufficiently small, or use a different input function"
else:
# No risky scanf request.