walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Update correct test results to match memcpy change 

There were some merge conflicts in the original merge of teh
memcpy change - to fix them, regenerate the correct test results.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This commit is contained in:
David A. Wheeler 2018-12-19 08:12:33 -05:00
parent 3c9bf48736
commit 8d6cfec002
6 changed files with 102 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
correct-results-004.txt Normal file → Executable file
View File

@ -1,7 +1,7 @@
test.c:32:2: [5] (buffer) gets:Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
test.c:56:3: [5] (buffer) strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:57:3: [5] (buffer) _tcsncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:60:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:62:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:73:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).
test.c:73:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).
test.c:60:3: [5] (buffer) strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:61:3: [5] (buffer) _tcsncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:64:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:66:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:77:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).
test.c:77:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).

0
correct-results-005.txt Normal file → Executable file
View File

12
correct-results-006.txt Normal file → Executable file
View File

@ -1,7 +1,7 @@
test.c:32:2: [5] (buffer) gets:Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
test.c:56:3: [5] (buffer) strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:57:3: [5] (buffer) _tcsncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:60:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:62:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:73:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).
test.c:73:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).
test.c:60:3: [5] (buffer) strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:61:3: [5] (buffer) _tcsncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:64:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:66:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:77:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).
test.c:77:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).

40
correct-results.csv Normal file → Executable file
View File

@ -1,11 +1,11 @@
File,Line,Column,Level,Category,Name,Warning,Suggestion,Note,CWEs,Context,Fingerprint
test.c,32,2,5,buffer,gets,"Does not check for buffer overflows (CWE-120, CWE-20)",Use fgets() instead,,"CWE-120, CWE-20", gets(f);,6a5bb383fb44030b0d9428b17359e94ba3979bc1ce702be450427f85592c649a
test.c,56,3,5,buffer,strncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, snprintf, or automatically resizing strings","Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.",CWE-120," strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */",cbd19c308547e79af13436d8f7dbcf6c62e49e4f62ba9aee38fbef29e0772f74
test.c,57,3,5,buffer,_tcsncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, or automatically resizing strings","Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.",CWE-120," _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */",c3f6ba2c710efc878e66df4578894fd408452cb7cdec7ae6f492a3b1796f8c42
test.c,60,3,5,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is high, it appears that the size is given as bytes, but the function requires size as characters.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));",4f5b73ff337a54d6e1d9a369659ca0ddb4f80e6b7e38a17e5b112f6d3e266e69
test.c,62,3,5,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is high, it appears that the size is given as bytes, but the function requires size as characters.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);",9ecdc1e903acc16a646bf7909a630ae22a7593b70952c39ce6bd9c5a23fad0fd
test.c,73,3,5,misc,SetSecurityDescriptorDacl,"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732)",,,CWE-732," SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);",5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb
test.c,73,3,5,misc,SetSecurityDescriptorDacl,"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732)",,,CWE-732," SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);",5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb
test.c,60,3,5,buffer,strncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, snprintf, or automatically resizing strings","Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.",CWE-120," strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */",cbd19c308547e79af13436d8f7dbcf6c62e49e4f62ba9aee38fbef29e0772f74
test.c,61,3,5,buffer,_tcsncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, or automatically resizing strings","Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.",CWE-120," _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */",c3f6ba2c710efc878e66df4578894fd408452cb7cdec7ae6f492a3b1796f8c42
test.c,64,3,5,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is high, it appears that the size is given as bytes, but the function requires size as characters.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));",4f5b73ff337a54d6e1d9a369659ca0ddb4f80e6b7e38a17e5b112f6d3e266e69
test.c,66,3,5,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is high, it appears that the size is given as bytes, but the function requires size as characters.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);",9ecdc1e903acc16a646bf7909a630ae22a7593b70952c39ce6bd9c5a23fad0fd
test.c,77,3,5,misc,SetSecurityDescriptorDacl,"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732)",,,CWE-732," SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);",5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb
test.c,77,3,5,misc,SetSecurityDescriptorDacl,"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732)",,,CWE-732," SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);",5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb
test.c,17,2,4,buffer,strcpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),"Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",,CWE-120," strcpy(b, a);",c01c8472bb53022e912da4da2faebc67d537855da324020c44bfd5e608a79b77
test.c,20,2,4,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",,CWE-120," sprintf(s, ""hello %s"", bug);",814237858ab012010f3355a49480dd6fa0a2cb8cf8356a98ac1c17c9febf6521
test.c,21,2,4,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",,CWE-120," sprintf(s, gettext(""hello %s""), bug);",b793f18f143fb2297c49e0639384ad73db86eb01a44377aa4d5d09b44b03d747
@ -15,23 +15,25 @@ test.c,25,2,4,buffer,scanf,"The scanf() family's %s operation, without a limit s
test.c,27,2,4,buffer,scanf,"The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20)","Specify a limit to %s, or use a different input function",,"CWE-120, CWE-20"," scanf(""%s"", s);",3f169dd9fe508f70438f818770a3cb8b0f228e4245ea11a929a5fb0a7839fd5f
test.c,38,2,4,format,syslog,"If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134)",Use a constant format string for syslog,,CWE-134," syslog(LOG_ERR, attacker_string);",22e98963d5af7b197a090bd522d2d39b8d8ee7bdf08453fd2008939c92cd9677
test.c,49,3,4,buffer,_mbscpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),Consider using a function version that stops copying at the end of the buffer,,CWE-120," _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */",e00a4a1a0a3603db98a23fcff3c9cdfd9012f5a81826814d9508e0f22089b993
test.c,52,3,4,buffer,lstrcat,Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120),,,CWE-120," lstrcat(d,s);",364b4c512862fdccbca27d2fa7737995b5d24b637a760976c940ae636218d340
test.c,75,3,3,shell,CreateProcess,This causes a new process to execute and is difficult to use safely (CWE-78),"Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run",,CWE-78," CreateProcess(NULL, ""C:\\Program Files\\GoodGuy\\GoodGuy.exe -x"", """");",3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf
test.c,75,3,3,shell,CreateProcess,This causes a new process to execute and is difficult to use safely (CWE-78),"Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run",,CWE-78," CreateProcess(NULL, ""C:\\Program Files\\GoodGuy\\GoodGuy.exe -x"", """");",3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf
test.c,91,20,3,buffer,getopt_long,"Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20)","Check implementation on installation, or limit the size of all string inputs",,"CWE-120, CWE-20"," while ((optc = getopt_long (argc, argv, ""a"",longopts, NULL )) != EOF) {",5bedf6e5bccf596008ef191ec4c5d4cc51a32cff0c05ef62d5f10fab93d0cc24
test.c,56,3,4,buffer,lstrcat,Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120),,,CWE-120," lstrcat(d,s);",364b4c512862fdccbca27d2fa7737995b5d24b637a760976c940ae636218d340
test.c,79,3,3,shell,CreateProcess,This causes a new process to execute and is difficult to use safely (CWE-78),"Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run",,CWE-78," CreateProcess(NULL, ""C:\\Program Files\\GoodGuy\\GoodGuy.exe -x"", """");",3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf
test.c,79,3,3,shell,CreateProcess,This causes a new process to execute and is difficult to use safely (CWE-78),"Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run",,CWE-78," CreateProcess(NULL, ""C:\\Program Files\\GoodGuy\\GoodGuy.exe -x"", """");",3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf
test.c,95,20,3,buffer,getopt_long,"Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20)","Check implementation on installation, or limit the size of all string inputs",,"CWE-120, CWE-20"," while ((optc = getopt_long (argc, argv, ""a"",longopts, NULL )) != EOF) {",5bedf6e5bccf596008ef191ec4c5d4cc51a32cff0c05ef62d5f10fab93d0cc24
test.c,16,2,2,buffer,strcpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),"Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",Risk is low because the source is a constant string.,CWE-120," strcpy(a, gettext(""Hello there"")); // Did this work?",d64070fb93ff0bb797fb926f4dddc7212d42f77e288d5ceb0cd30ed2979fa28d
test.c,19,2,2,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",Risk is low because the source has a constant maximum length.,CWE-120," sprintf(s, ""hello"");",907b46be1c3ea7b38f90a4d1b0f43b7751cd8cbe38fae840930ff006b702157d
test.c,45,3,2,buffer,char,"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)","Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",,CWE-119!/CWE-120, char d[20];,36c87517700337a59cc3ad3218cfdde56cad37d69cdeccee5a55ab232d5c7946
test.c,46,3,2,buffer,char,"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)","Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",,CWE-119!/CWE-120, char s[20];,213de8e8815fc84c423b55fd845fea541f25744718e486234364bb457863b597
test.c,50,3,2,buffer,memcpy,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," memcpy(d,s);",92c755cad0dde2a75803f34005c0412e084d89ce35f2fe16264702c9bcc3af95
test.c,51,3,2,buffer,CopyMemory,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," CopyMemory(d,s);",977f8c805ddd76ff32e0f7aea08701ba97d9ce6955136e98b308ed4f70eb2e11
test.c,97,7,2,misc,fopen,"Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)",,,CWE-362," f = fopen(""/etc/passwd"", ""r""); ",2ec6928c77a8b54caa61d0459f367c4394ee1f5e6f488753f587bfa9c780bad8
test.c,50,3,2,buffer,memcpy,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," memcpy(d,s); // fail - no size",e667b352fb0748c67b607b11577b11bad87545779c39923e61839dd04056055f
test.c,53,3,2,buffer,memcpy,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," memcpy(&n,s,sizeof(s)); // fail - sizeof not of destination",01bcc2c8ba2d928ac3315b4dcc6593042ea05e62888a10a6d2cf16797a65ed32
test.c,54,3,2,buffer,memcpy,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," memcpy(d,s,n); // fail - size unguessable",2517a2fb5981193a6017cca660d16e85aab133706cbec302df97aaa623fc77ef
test.c,55,3,2,buffer,CopyMemory,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," CopyMemory(d,s);",977f8c805ddd76ff32e0f7aea08701ba97d9ce6955136e98b308ed4f70eb2e11
test.c,101,7,2,misc,fopen,"Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)",,,CWE-362," f = fopen(""/etc/passwd"", ""r""); ",2ec6928c77a8b54caa61d0459f367c4394ee1f5e6f488753f587bfa9c780bad8
test.c,15,2,1,buffer,strcpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),"Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",Risk is low because the source is a constant character.,CWE-120," strcpy(a, ""\n""); // Did this work?",0badc5f4c500d17b42794feaca54ee0f49e607a32510af3ed749579001017edb
test.c,18,2,1,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",Risk is low because the source is a constant character.,CWE-120," sprintf(s, ""\n"");",c65fbd60851f3c8ace22332805966606488c0d242c1823493c582e267609b1a7
test.c,26,2,1,buffer,scanf,It's unclear if the %s limit in the format string is small enough (CWE-120),"Check that the limit is sufficiently small, or use a different input function",,CWE-120," scanf(""%10s"", s);",e24c4c801f10acfa93098b2bef58524efe4f88237f2dd8b58be9afa838616afe
test.c,53,3,1,buffer,strncpy,Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120),,,CWE-120," strncpy(d,s);",8fa14bf72393a00f667ffcc06b7b7e5f0b6d2f16d8d67444db06b0deb35b5f5e
test.c,54,3,1,buffer,_tcsncpy,Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120),,,CWE-120," _tcsncpy(d,s);",691fabd4ca960a00e4c538eee0187ee0fdf59bd43dd71e792c14175150369b8b
test.c,55,3,1,buffer,strncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, snprintf, or automatically resizing strings",,CWE-120," strncat(d,s,10);",dd92f996a554bfbc038bea27640ba25dcf298383140a8330dca7cdacf493a701
test.c,58,7,1,buffer,strlen,Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126),,,CWE-126, n = strlen(d);,db7201c7df7f543ea76febb060bda167e414e71e3d18095fe1def69f8c47a4f6
test.c,64,3,1,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is very low, the length appears to be in characters not bytes.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));",1813fc329227b38abae867d8023a9e29c7517d679fe55c86f8300dde681b6470
test.c,66,3,1,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is very low, the length appears to be in characters not bytes.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0]));",7c6cdcb10ad3a16b8bfd56e3dac84829f9bc3e39d4dde74a2be9bbe000102fc5
test.c,57,3,1,buffer,strncpy,Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120),,,CWE-120," strncpy(d,s);",8fa14bf72393a00f667ffcc06b7b7e5f0b6d2f16d8d67444db06b0deb35b5f5e
test.c,58,3,1,buffer,_tcsncpy,Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120),,,CWE-120," _tcsncpy(d,s);",691fabd4ca960a00e4c538eee0187ee0fdf59bd43dd71e792c14175150369b8b
test.c,59,3,1,buffer,strncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, snprintf, or automatically resizing strings",,CWE-120," strncat(d,s,10);",dd92f996a554bfbc038bea27640ba25dcf298383140a8330dca7cdacf493a701
test.c,62,7,1,buffer,strlen,Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126),,,CWE-126, n = strlen(d);,db7201c7df7f543ea76febb060bda167e414e71e3d18095fe1def69f8c47a4f6
test.c,68,3,1,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is very low, the length appears to be in characters not bytes.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));",1813fc329227b38abae867d8023a9e29c7517d679fe55c86f8300dde681b6470
test.c,70,3,1,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is very low, the length appears to be in characters not bytes.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0]));",7c6cdcb10ad3a16b8bfd56e3dac84829f9bc3e39d4dde74a2be9bbe000102fc5

1 File Line Column Level Category Name Warning Suggestion Note CWEs Context Fingerprint
2 test.c 32 2 5 buffer gets Does not check for buffer overflows (CWE-120, CWE-20) Use fgets() instead CWE-120, CWE-20 gets(f); 6a5bb383fb44030b0d9428b17359e94ba3979bc1ce702be450427f85592c649a
3 test.c 56 60 3 5 buffer strncat Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120) Consider strcat_s, strlcat, snprintf, or automatically resizing strings Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. CWE-120 strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */ cbd19c308547e79af13436d8f7dbcf6c62e49e4f62ba9aee38fbef29e0772f74
4 test.c 57 61 3 5 buffer _tcsncat Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120) Consider strcat_s, strlcat, or automatically resizing strings Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. CWE-120 _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */ c3f6ba2c710efc878e66df4578894fd408452cb7cdec7ae6f492a3b1796f8c42
5 test.c 60 64 3 5 buffer MultiByteToWideChar Requires maximum length in CHARACTERS, not bytes (CWE-120) Risk is high, it appears that the size is given as bytes, but the function requires size as characters. CWE-120 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)); 4f5b73ff337a54d6e1d9a369659ca0ddb4f80e6b7e38a17e5b112f6d3e266e69
6 test.c 62 66 3 5 buffer MultiByteToWideChar Requires maximum length in CHARACTERS, not bytes (CWE-120) Risk is high, it appears that the size is given as bytes, but the function requires size as characters. CWE-120 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName); 9ecdc1e903acc16a646bf7909a630ae22a7593b70952c39ce6bd9c5a23fad0fd
7 test.c 73 77 3 5 misc SetSecurityDescriptorDacl Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732) CWE-732 SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE); 5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb
8 test.c 73 77 3 5 misc SetSecurityDescriptorDacl Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732) CWE-732 SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE); 5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb
9 test.c 17 2 4 buffer strcpy Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) CWE-120 strcpy(b, a); c01c8472bb53022e912da4da2faebc67d537855da324020c44bfd5e608a79b77
10 test.c 20 2 4 buffer sprintf Does not check for buffer overflows (CWE-120) Use sprintf_s, snprintf, or vsnprintf CWE-120 sprintf(s, "hello %s", bug); 814237858ab012010f3355a49480dd6fa0a2cb8cf8356a98ac1c17c9febf6521
11 test.c 21 2 4 buffer sprintf Does not check for buffer overflows (CWE-120) Use sprintf_s, snprintf, or vsnprintf CWE-120 sprintf(s, gettext("hello %s"), bug); b793f18f143fb2297c49e0639384ad73db86eb01a44377aa4d5d09b44b03d747
15 test.c 27 2 4 buffer scanf The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20) Specify a limit to %s, or use a different input function CWE-120, CWE-20 scanf("%s", s); 3f169dd9fe508f70438f818770a3cb8b0f228e4245ea11a929a5fb0a7839fd5f
16 test.c 38 2 4 format syslog If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134) Use a constant format string for syslog CWE-134 syslog(LOG_ERR, attacker_string); 22e98963d5af7b197a090bd522d2d39b8d8ee7bdf08453fd2008939c92cd9677
17 test.c 49 3 4 buffer _mbscpy Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) Consider using a function version that stops copying at the end of the buffer CWE-120 _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */ e00a4a1a0a3603db98a23fcff3c9cdfd9012f5a81826814d9508e0f22089b993
18 test.c 52 56 3 4 buffer lstrcat Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120) CWE-120 lstrcat(d,s); 364b4c512862fdccbca27d2fa7737995b5d24b637a760976c940ae636218d340
19 test.c 75 79 3 3 shell CreateProcess This causes a new process to execute and is difficult to use safely (CWE-78) Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run CWE-78 CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); 3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf
20 test.c 75 79 3 3 shell CreateProcess This causes a new process to execute and is difficult to use safely (CWE-78) Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run CWE-78 CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); 3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf
21 test.c 91 95 20 3 buffer getopt_long Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20) Check implementation on installation, or limit the size of all string inputs CWE-120, CWE-20 while ((optc = getopt_long (argc, argv, "a",longopts, NULL )) != EOF) { 5bedf6e5bccf596008ef191ec4c5d4cc51a32cff0c05ef62d5f10fab93d0cc24
22 test.c 16 2 2 buffer strcpy Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) Risk is low because the source is a constant string. CWE-120 strcpy(a, gettext("Hello there")); // Did this work? d64070fb93ff0bb797fb926f4dddc7212d42f77e288d5ceb0cd30ed2979fa28d
23 test.c 19 2 2 buffer sprintf Does not check for buffer overflows (CWE-120) Use sprintf_s, snprintf, or vsnprintf Risk is low because the source has a constant maximum length. CWE-120 sprintf(s, "hello"); 907b46be1c3ea7b38f90a4d1b0f43b7751cd8cbe38fae840930ff006b702157d
24 test.c 45 3 2 buffer char Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120) Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length CWE-119!/CWE-120 char d[20]; 36c87517700337a59cc3ad3218cfdde56cad37d69cdeccee5a55ab232d5c7946
25 test.c 46 3 2 buffer char Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120) Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length CWE-119!/CWE-120 char s[20]; 213de8e8815fc84c423b55fd845fea541f25744718e486234364bb457863b597
26 test.c 50 3 2 buffer memcpy Does not check for buffer overflows when copying to destination (CWE-120) Make sure destination can always hold the source data CWE-120 memcpy(d,s); memcpy(d,s); // fail - no size 92c755cad0dde2a75803f34005c0412e084d89ce35f2fe16264702c9bcc3af95 e667b352fb0748c67b607b11577b11bad87545779c39923e61839dd04056055f
27 test.c 51 53 3 2 buffer CopyMemory memcpy Does not check for buffer overflows when copying to destination (CWE-120) Make sure destination can always hold the source data CWE-120 CopyMemory(d,s); memcpy(&n,s,sizeof(s)); // fail - sizeof not of destination 977f8c805ddd76ff32e0f7aea08701ba97d9ce6955136e98b308ed4f70eb2e11 01bcc2c8ba2d928ac3315b4dcc6593042ea05e62888a10a6d2cf16797a65ed32
28 test.c 97 54 7 3 2 misc buffer fopen memcpy Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362) Does not check for buffer overflows when copying to destination (CWE-120) Make sure destination can always hold the source data CWE-362 CWE-120 f = fopen("/etc/passwd", "r"); memcpy(d,s,n); // fail - size unguessable 2ec6928c77a8b54caa61d0459f367c4394ee1f5e6f488753f587bfa9c780bad8 2517a2fb5981193a6017cca660d16e85aab133706cbec302df97aaa623fc77ef
29 test.c 55 3 2 buffer CopyMemory Does not check for buffer overflows when copying to destination (CWE-120) Make sure destination can always hold the source data CWE-120 CopyMemory(d,s); 977f8c805ddd76ff32e0f7aea08701ba97d9ce6955136e98b308ed4f70eb2e11
30 test.c 101 7 2 misc fopen Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362) CWE-362 f = fopen("/etc/passwd", "r"); 2ec6928c77a8b54caa61d0459f367c4394ee1f5e6f488753f587bfa9c780bad8
31 test.c 15 2 1 buffer strcpy Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) Risk is low because the source is a constant character. CWE-120 strcpy(a, "\n"); // Did this work? 0badc5f4c500d17b42794feaca54ee0f49e607a32510af3ed749579001017edb
32 test.c 18 2 1 buffer sprintf Does not check for buffer overflows (CWE-120) Use sprintf_s, snprintf, or vsnprintf Risk is low because the source is a constant character. CWE-120 sprintf(s, "\n"); c65fbd60851f3c8ace22332805966606488c0d242c1823493c582e267609b1a7
33 test.c 26 2 1 buffer scanf It's unclear if the %s limit in the format string is small enough (CWE-120) Check that the limit is sufficiently small, or use a different input function CWE-120 scanf("%10s", s); e24c4c801f10acfa93098b2bef58524efe4f88237f2dd8b58be9afa838616afe
34 test.c 53 57 3 1 buffer strncpy Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120) CWE-120 strncpy(d,s); 8fa14bf72393a00f667ffcc06b7b7e5f0b6d2f16d8d67444db06b0deb35b5f5e
35 test.c 54 58 3 1 buffer _tcsncpy Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120) CWE-120 _tcsncpy(d,s); 691fabd4ca960a00e4c538eee0187ee0fdf59bd43dd71e792c14175150369b8b
36 test.c 55 59 3 1 buffer strncat Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120) Consider strcat_s, strlcat, snprintf, or automatically resizing strings CWE-120 strncat(d,s,10); dd92f996a554bfbc038bea27640ba25dcf298383140a8330dca7cdacf493a701
37 test.c 58 62 7 1 buffer strlen Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126) CWE-126 n = strlen(d); db7201c7df7f543ea76febb060bda167e414e71e3d18095fe1def69f8c47a4f6
38 test.c 64 68 3 1 buffer MultiByteToWideChar Requires maximum length in CHARACTERS, not bytes (CWE-120) Risk is very low, the length appears to be in characters not bytes. CWE-120 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0])); 1813fc329227b38abae867d8023a9e29c7517d679fe55c86f8300dde681b6470
39 test.c 66 70 3 1 buffer MultiByteToWideChar Requires maximum length in CHARACTERS, not bytes (CWE-120) Risk is very low, the length appears to be in characters not bytes. CWE-120 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0])); 7c6cdcb10ad3a16b8bfd56e3dac84829f9bc3e39d4dde74a2be9bbe000102fc5

64
correct-results.html Normal file → Executable file
View File

@ -26,7 +26,7 @@ Examining test2.c <br>
<pre>
gets(f);
</pre>
<li>test.c:56: <b> [5] </b> (buffer) <i> strncat:
<li>test.c:60: <b> [5] </b> (buffer) <i> strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
@ -36,7 +36,7 @@ Examining test2.c <br>
<pre>
strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */
</pre>
<li>test.c:57: <b> [5] </b> (buffer) <i> _tcsncat:
<li>test.c:61: <b> [5] </b> (buffer) <i> _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
@ -46,7 +46,7 @@ Examining test2.c <br>
<pre>
_tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */
</pre>
<li>test.c:60: <b> [5] </b> (buffer) <i> MultiByteToWideChar:
<li>test.c:64: <b> [5] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk
is high, it appears that the size is given as bytes, but the function
@ -54,7 +54,7 @@ Examining test2.c <br>
<pre>
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));
</pre>
<li>test.c:62: <b> [5] </b> (buffer) <i> MultiByteToWideChar:
<li>test.c:66: <b> [5] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk
is high, it appears that the size is given as bytes, but the function
@ -62,14 +62,14 @@ Examining test2.c <br>
<pre>
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);
</pre>
<li>test.c:73: <b> [5] </b> (misc) <i> SetSecurityDescriptorDacl:
<li>test.c:77: <b> [5] </b> (misc) <i> SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (<a
href="https://cwe.mitre.org/data/definitions/732.html">CWE-732</a>). </i>
<pre>
SetSecurityDescriptorDacl(&amp;sd,TRUE,NULL,FALSE);
</pre>
<li>test.c:73: <b> [5] </b> (misc) <i> SetSecurityDescriptorDacl:
<li>test.c:77: <b> [5] </b> (misc) <i> SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (<a
href="https://cwe.mitre.org/data/definitions/732.html">CWE-732</a>). </i>
@ -146,14 +146,14 @@ Examining test2.c <br>
<pre>
_mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */
</pre>
<li>test.c:52: <b> [4] </b> (buffer) <i> lstrcat:
<li>test.c:56: <b> [4] </b> (buffer) <i> lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i>
<pre>
lstrcat(d,s);
</pre>
<li>test.c:75: <b> [3] </b> (shell) <i> CreateProcess:
<li>test.c:79: <b> [3] </b> (shell) <i> CreateProcess:
This causes a new process to execute and is difficult to use safely (<a
href="https://cwe.mitre.org/data/definitions/78.html">CWE-78</a>). Specify
the application path in the first argument, NOT as part of the second, or
@ -162,7 +162,7 @@ Examining test2.c <br>
<pre>
CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", "");
</pre>
<li>test.c:75: <b> [3] </b> (shell) <i> CreateProcess:
<li>test.c:79: <b> [3] </b> (shell) <i> CreateProcess:
This causes a new process to execute and is difficult to use safely (<a
href="https://cwe.mitre.org/data/definitions/78.html">CWE-78</a>). Specify
the application path in the first argument, NOT as part of the second, or
@ -171,7 +171,7 @@ Examining test2.c <br>
<pre>
CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", "");
</pre>
<li>test.c:91: <b> [3] </b> (buffer) <i> getopt_long:
<li>test.c:95: <b> [3] </b> (buffer) <i> getopt_long:
Some older implementations do not protect against internal buffer overflows
(<a href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>, <a
href="https://cwe.mitre.org/data/definitions/20.html">CWE-20</a>). Check
@ -220,16 +220,30 @@ Examining test2.c <br>
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make
sure destination can always hold the source data. </i>
<pre>
memcpy(d,s);
memcpy(d,s); // fail - no size
</pre>
<li>test.c:51: <b> [2] </b> (buffer) <i> CopyMemory:
<li>test.c:53: <b> [2] </b> (buffer) <i> memcpy:
Does not check for buffer overflows when copying to destination (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make
sure destination can always hold the source data. </i>
<pre>
memcpy(&amp;n,s,sizeof(s)); // fail - sizeof not of destination
</pre>
<li>test.c:54: <b> [2] </b> (buffer) <i> memcpy:
Does not check for buffer overflows when copying to destination (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make
sure destination can always hold the source data. </i>
<pre>
memcpy(d,s,n); // fail - size unguessable
</pre>
<li>test.c:55: <b> [2] </b> (buffer) <i> CopyMemory:
Does not check for buffer overflows when copying to destination (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make
sure destination can always hold the source data. </i>
<pre>
CopyMemory(d,s);
</pre>
<li>test.c:97: <b> [2] </b> (misc) <i> fopen:
<li>test.c:101: <b> [2] </b> (misc) <i> fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
@ -261,21 +275,21 @@ Examining test2.c <br>
<pre>
scanf("%10s", s);
</pre>
<li>test.c:53: <b> [1] </b> (buffer) <i> strncpy:
<li>test.c:57: <b> [1] </b> (buffer) <i> strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i>
<pre>
strncpy(d,s);
</pre>
<li>test.c:54: <b> [1] </b> (buffer) <i> _tcsncpy:
<li>test.c:58: <b> [1] </b> (buffer) <i> _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i>
<pre>
_tcsncpy(d,s);
</pre>
<li>test.c:55: <b> [1] </b> (buffer) <i> strncat:
<li>test.c:59: <b> [1] </b> (buffer) <i> strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
@ -283,21 +297,21 @@ Examining test2.c <br>
<pre>
strncat(d,s,10);
</pre>
<li>test.c:58: <b> [1] </b> (buffer) <i> strlen:
<li>test.c:62: <b> [1] </b> (buffer) <i> strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (<a
href="https://cwe.mitre.org/data/definitions/126.html">CWE-126</a>). </i>
<pre>
n = strlen(d);
</pre>
<li>test.c:64: <b> [1] </b> (buffer) <i> MultiByteToWideChar:
<li>test.c:68: <b> [1] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk
is very low, the length appears to be in characters not bytes. </i>
<pre>
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));
</pre>
<li>test.c:66: <b> [1] </b> (buffer) <i> MultiByteToWideChar:
<li>test.c:70: <b> [1] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk
is very low, the length appears to be in characters not bytes. </i>
@ -307,15 +321,15 @@ Examining test2.c <br>
</ul>
<h2>Analysis Summary</h2>
<p>
Hits = 36
Hits = 38
<br>
Lines analyzed = 118
Lines analyzed = 122
<br>
Physical Source Lines of Code (SLOC) = 80
Physical Source Lines of Code (SLOC) = 84
<br>
Hits@level = [0] 16 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7 <br>
Hits@level+ = [0+] 52 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7 <br>
Hits/KSLOC@level+ = [0+] 650 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5 <br>
Hits@level = [0] 16 [1] 9 [2] 9 [3] 3 [4] 10 [5] 7 <br>
Hits@level+ = [0+] 54 [1+] 38 [2+] 29 [3+] 20 [4+] 17 [5+] 7 <br>
Hits/KSLOC@level+ = [0+] 642.857 [1+] 452.381 [2+] 345.238 [3+] 238.095 [4+] 202.381 [5+] 83.3333 <br>
Suppressed hits = 2 (use --neverignore to show them)
<br>
Minimum risk level = 1

54
correct-results.txt Normal file → Executable file
View File

@ -7,29 +7,29 @@ FINAL RESULTS:
test.c:32: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
test.c:56: [5] (buffer) strncat:
test.c:60: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
test.c:57: [5] (buffer) _tcsncat:
test.c:61: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left.
test.c:60: [5] (buffer) MultiByteToWideChar:
test.c:64: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
test.c:62: [5] (buffer) MultiByteToWideChar:
test.c:66: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
test.c:73: [5] (misc) SetSecurityDescriptorDacl:
test.c:77: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
test.c:73: [5] (misc) SetSecurityDescriptorDacl:
test.c:77: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
test.c:17: [4] (buffer) strcpy:
@ -62,20 +62,20 @@ test.c:49: [4] (buffer) _mbscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
test.c:52: [4] (buffer) lstrcat:
test.c:56: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
test.c:75: [3] (shell) CreateProcess:
test.c:79: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
test.c:75: [3] (shell) CreateProcess:
test.c:79: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
test.c:91: [3] (buffer) getopt_long:
test.c:95: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
@ -99,10 +99,16 @@ test.c:46: [2] (buffer) char:
test.c:50: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
test.c:51: [2] (buffer) CopyMemory:
test.c:53: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
test.c:97: [2] (misc) fopen:
test.c:54: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
test.c:55: [2] (buffer) CopyMemory:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
test.c:101: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
@ -118,34 +124,34 @@ test.c:26: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
test.c:53: [1] (buffer) strncpy:
test.c:57: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
test.c:54: [1] (buffer) _tcsncpy:
test.c:58: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
test.c:55: [1] (buffer) strncat:
test.c:59: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
test.c:58: [1] (buffer) strlen:
test.c:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
test.c:64: [1] (buffer) MultiByteToWideChar:
test.c:68: [1] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is very
low, the length appears to be in characters not bytes.
test.c:66: [1] (buffer) MultiByteToWideChar:
test.c:70: [1] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is very
low, the length appears to be in characters not bytes.
ANALYSIS SUMMARY:
Hits = 36
Lines analyzed = 118
Physical Source Lines of Code (SLOC) = 80
Hits@level = [0] 16 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7
Hits@level+ = [0+] 52 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7
Hits/KSLOC@level+ = [0+] 650 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5
Hits = 38
Lines analyzed = 122
Physical Source Lines of Code (SLOC) = 84
Hits@level = [0] 16 [1] 9 [2] 9 [3] 3 [4] 10 [5] 7
Hits@level+ = [0+] 54 [1+] 38 [2+] 29 [3+] 20 [4+] 17 [5+] 7
Hits/KSLOC@level+ = [0+] 642.857 [1+] 452.381 [2+] 345.238 [3+] 238.095 [4+] 202.381 [5+] 83.3333
Suppressed hits = 2 (use --neverignore to show them)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.