walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Update correct test results to match memcpy change 

There were some merge conflicts in the original merge of teh
memcpy change - to fix them, regenerate the correct test results.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This commit is contained in:
David A. Wheeler 2018-12-19 08:12:33 -05:00
parent 3c9bf48736
commit 8d6cfec002
6 changed files with 102 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
correct-results-004.txt Normal file → Executable file
View File

@ -1,7 +1,7 @@
test.c:32:2: [5] (buffer) gets:Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. test.c:32:2: [5] (buffer) gets:Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
test.c:56:3: [5] (buffer) strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. test.c:60:3: [5] (buffer) strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:57:3: [5] (buffer) _tcsncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. test.c:61:3: [5] (buffer) _tcsncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:60:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters. test.c:64:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:62:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters. test.c:66:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:73:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732). test.c:77:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).
test.c:73:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732). test.c:77:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).

0
correct-results-005.txt Normal file → Executable file
View File

12
correct-results-006.txt Normal file → Executable file
View File

@ -1,7 +1,7 @@
test.c:32:2: [5] (buffer) gets:Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. test.c:32:2: [5] (buffer) gets:Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
test.c:56:3: [5] (buffer) strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. test.c:60:3: [5] (buffer) strncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:57:3: [5] (buffer) _tcsncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. test.c:61:3: [5] (buffer) _tcsncat:Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.
test.c:60:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters. test.c:64:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:62:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters. test.c:66:3: [5] (buffer) MultiByteToWideChar:Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, it appears that the size is given as bytes, but the function requires size as characters.
test.c:73:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732). test.c:77:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).
test.c:73:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732). test.c:77:3: [5] (misc) SetSecurityDescriptorDacl:Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).

40
correct-results.csv Normal file → Executable file
View File

@ -1,11 +1,11 @@
File,Line,Column,Level,Category,Name,Warning,Suggestion,Note,CWEs,Context,Fingerprint File,Line,Column,Level,Category,Name,Warning,Suggestion,Note,CWEs,Context,Fingerprint
test.c,32,2,5,buffer,gets,"Does not check for buffer overflows (CWE-120, CWE-20)",Use fgets() instead,,"CWE-120, CWE-20", gets(f);,6a5bb383fb44030b0d9428b17359e94ba3979bc1ce702be450427f85592c649a test.c,32,2,5,buffer,gets,"Does not check for buffer overflows (CWE-120, CWE-20)",Use fgets() instead,,"CWE-120, CWE-20", gets(f);,6a5bb383fb44030b0d9428b17359e94ba3979bc1ce702be450427f85592c649a
test.c,56,3,5,buffer,strncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, snprintf, or automatically resizing strings","Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.",CWE-120," strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */",cbd19c308547e79af13436d8f7dbcf6c62e49e4f62ba9aee38fbef29e0772f74 test.c,60,3,5,buffer,strncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, snprintf, or automatically resizing strings","Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.",CWE-120," strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */",cbd19c308547e79af13436d8f7dbcf6c62e49e4f62ba9aee38fbef29e0772f74
test.c,57,3,5,buffer,_tcsncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, or automatically resizing strings","Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.",CWE-120," _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */",c3f6ba2c710efc878e66df4578894fd408452cb7cdec7ae6f492a3b1796f8c42 test.c,61,3,5,buffer,_tcsncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, or automatically resizing strings","Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.",CWE-120," _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */",c3f6ba2c710efc878e66df4578894fd408452cb7cdec7ae6f492a3b1796f8c42
test.c,60,3,5,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is high, it appears that the size is given as bytes, but the function requires size as characters.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));",4f5b73ff337a54d6e1d9a369659ca0ddb4f80e6b7e38a17e5b112f6d3e266e69 test.c,64,3,5,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is high, it appears that the size is given as bytes, but the function requires size as characters.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));",4f5b73ff337a54d6e1d9a369659ca0ddb4f80e6b7e38a17e5b112f6d3e266e69
test.c,62,3,5,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is high, it appears that the size is given as bytes, but the function requires size as characters.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);",9ecdc1e903acc16a646bf7909a630ae22a7593b70952c39ce6bd9c5a23fad0fd test.c,66,3,5,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is high, it appears that the size is given as bytes, but the function requires size as characters.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);",9ecdc1e903acc16a646bf7909a630ae22a7593b70952c39ce6bd9c5a23fad0fd
test.c,73,3,5,misc,SetSecurityDescriptorDacl,"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732)",,,CWE-732," SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);",5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb test.c,77,3,5,misc,SetSecurityDescriptorDacl,"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732)",,,CWE-732," SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);",5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb
test.c,73,3,5,misc,SetSecurityDescriptorDacl,"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732)",,,CWE-732," SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);",5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb test.c,77,3,5,misc,SetSecurityDescriptorDacl,"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732)",,,CWE-732," SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);",5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb
test.c,17,2,4,buffer,strcpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),"Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",,CWE-120," strcpy(b, a);",c01c8472bb53022e912da4da2faebc67d537855da324020c44bfd5e608a79b77 test.c,17,2,4,buffer,strcpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),"Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",,CWE-120," strcpy(b, a);",c01c8472bb53022e912da4da2faebc67d537855da324020c44bfd5e608a79b77
test.c,20,2,4,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",,CWE-120," sprintf(s, ""hello %s"", bug);",814237858ab012010f3355a49480dd6fa0a2cb8cf8356a98ac1c17c9febf6521 test.c,20,2,4,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",,CWE-120," sprintf(s, ""hello %s"", bug);",814237858ab012010f3355a49480dd6fa0a2cb8cf8356a98ac1c17c9febf6521
test.c,21,2,4,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",,CWE-120," sprintf(s, gettext(""hello %s""), bug);",b793f18f143fb2297c49e0639384ad73db86eb01a44377aa4d5d09b44b03d747 test.c,21,2,4,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",,CWE-120," sprintf(s, gettext(""hello %s""), bug);",b793f18f143fb2297c49e0639384ad73db86eb01a44377aa4d5d09b44b03d747
@ -15,23 +15,25 @@ test.c,25,2,4,buffer,scanf,"The scanf() family's %s operation, without a limit s
test.c,27,2,4,buffer,scanf,"The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20)","Specify a limit to %s, or use a different input function",,"CWE-120, CWE-20"," scanf(""%s"", s);",3f169dd9fe508f70438f818770a3cb8b0f228e4245ea11a929a5fb0a7839fd5f test.c,27,2,4,buffer,scanf,"The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20)","Specify a limit to %s, or use a different input function",,"CWE-120, CWE-20"," scanf(""%s"", s);",3f169dd9fe508f70438f818770a3cb8b0f228e4245ea11a929a5fb0a7839fd5f
test.c,38,2,4,format,syslog,"If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134)",Use a constant format string for syslog,,CWE-134," syslog(LOG_ERR, attacker_string);",22e98963d5af7b197a090bd522d2d39b8d8ee7bdf08453fd2008939c92cd9677 test.c,38,2,4,format,syslog,"If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134)",Use a constant format string for syslog,,CWE-134," syslog(LOG_ERR, attacker_string);",22e98963d5af7b197a090bd522d2d39b8d8ee7bdf08453fd2008939c92cd9677
test.c,49,3,4,buffer,_mbscpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),Consider using a function version that stops copying at the end of the buffer,,CWE-120," _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */",e00a4a1a0a3603db98a23fcff3c9cdfd9012f5a81826814d9508e0f22089b993 test.c,49,3,4,buffer,_mbscpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),Consider using a function version that stops copying at the end of the buffer,,CWE-120," _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */",e00a4a1a0a3603db98a23fcff3c9cdfd9012f5a81826814d9508e0f22089b993
test.c,52,3,4,buffer,lstrcat,Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120),,,CWE-120," lstrcat(d,s);",364b4c512862fdccbca27d2fa7737995b5d24b637a760976c940ae636218d340 test.c,56,3,4,buffer,lstrcat,Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120),,,CWE-120," lstrcat(d,s);",364b4c512862fdccbca27d2fa7737995b5d24b637a760976c940ae636218d340
test.c,75,3,3,shell,CreateProcess,This causes a new process to execute and is difficult to use safely (CWE-78),"Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run",,CWE-78," CreateProcess(NULL, ""C:\\Program Files\\GoodGuy\\GoodGuy.exe -x"", """");",3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf test.c,79,3,3,shell,CreateProcess,This causes a new process to execute and is difficult to use safely (CWE-78),"Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run",,CWE-78," CreateProcess(NULL, ""C:\\Program Files\\GoodGuy\\GoodGuy.exe -x"", """");",3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf
test.c,75,3,3,shell,CreateProcess,This causes a new process to execute and is difficult to use safely (CWE-78),"Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run",,CWE-78," CreateProcess(NULL, ""C:\\Program Files\\GoodGuy\\GoodGuy.exe -x"", """");",3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf test.c,79,3,3,shell,CreateProcess,This causes a new process to execute and is difficult to use safely (CWE-78),"Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run",,CWE-78," CreateProcess(NULL, ""C:\\Program Files\\GoodGuy\\GoodGuy.exe -x"", """");",3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf
test.c,91,20,3,buffer,getopt_long,"Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20)","Check implementation on installation, or limit the size of all string inputs",,"CWE-120, CWE-20"," while ((optc = getopt_long (argc, argv, ""a"",longopts, NULL )) != EOF) {",5bedf6e5bccf596008ef191ec4c5d4cc51a32cff0c05ef62d5f10fab93d0cc24 test.c,95,20,3,buffer,getopt_long,"Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20)","Check implementation on installation, or limit the size of all string inputs",,"CWE-120, CWE-20"," while ((optc = getopt_long (argc, argv, ""a"",longopts, NULL )) != EOF) {",5bedf6e5bccf596008ef191ec4c5d4cc51a32cff0c05ef62d5f10fab93d0cc24
test.c,16,2,2,buffer,strcpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),"Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",Risk is low because the source is a constant string.,CWE-120," strcpy(a, gettext(""Hello there"")); // Did this work?",d64070fb93ff0bb797fb926f4dddc7212d42f77e288d5ceb0cd30ed2979fa28d test.c,16,2,2,buffer,strcpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),"Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",Risk is low because the source is a constant string.,CWE-120," strcpy(a, gettext(""Hello there"")); // Did this work?",d64070fb93ff0bb797fb926f4dddc7212d42f77e288d5ceb0cd30ed2979fa28d
test.c,19,2,2,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",Risk is low because the source has a constant maximum length.,CWE-120," sprintf(s, ""hello"");",907b46be1c3ea7b38f90a4d1b0f43b7751cd8cbe38fae840930ff006b702157d test.c,19,2,2,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",Risk is low because the source has a constant maximum length.,CWE-120," sprintf(s, ""hello"");",907b46be1c3ea7b38f90a4d1b0f43b7751cd8cbe38fae840930ff006b702157d
test.c,45,3,2,buffer,char,"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)","Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",,CWE-119!/CWE-120, char d[20];,36c87517700337a59cc3ad3218cfdde56cad37d69cdeccee5a55ab232d5c7946 test.c,45,3,2,buffer,char,"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)","Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",,CWE-119!/CWE-120, char d[20];,36c87517700337a59cc3ad3218cfdde56cad37d69cdeccee5a55ab232d5c7946
test.c,46,3,2,buffer,char,"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)","Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",,CWE-119!/CWE-120, char s[20];,213de8e8815fc84c423b55fd845fea541f25744718e486234364bb457863b597 test.c,46,3,2,buffer,char,"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)","Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length",,CWE-119!/CWE-120, char s[20];,213de8e8815fc84c423b55fd845fea541f25744718e486234364bb457863b597
test.c,50,3,2,buffer,memcpy,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," memcpy(d,s);",92c755cad0dde2a75803f34005c0412e084d89ce35f2fe16264702c9bcc3af95 test.c,50,3,2,buffer,memcpy,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," memcpy(d,s); // fail - no size",e667b352fb0748c67b607b11577b11bad87545779c39923e61839dd04056055f
test.c,51,3,2,buffer,CopyMemory,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," CopyMemory(d,s);",977f8c805ddd76ff32e0f7aea08701ba97d9ce6955136e98b308ed4f70eb2e11 test.c,53,3,2,buffer,memcpy,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," memcpy(&n,s,sizeof(s)); // fail - sizeof not of destination",01bcc2c8ba2d928ac3315b4dcc6593042ea05e62888a10a6d2cf16797a65ed32
test.c,97,7,2,misc,fopen,"Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)",,,CWE-362," f = fopen(""/etc/passwd"", ""r""); ",2ec6928c77a8b54caa61d0459f367c4394ee1f5e6f488753f587bfa9c780bad8 test.c,54,3,2,buffer,memcpy,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," memcpy(d,s,n); // fail - size unguessable",2517a2fb5981193a6017cca660d16e85aab133706cbec302df97aaa623fc77ef
test.c,55,3,2,buffer,CopyMemory,Does not check for buffer overflows when copying to destination (CWE-120),Make sure destination can always hold the source data,,CWE-120," CopyMemory(d,s);",977f8c805ddd76ff32e0f7aea08701ba97d9ce6955136e98b308ed4f70eb2e11
test.c,101,7,2,misc,fopen,"Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)",,,CWE-362," f = fopen(""/etc/passwd"", ""r""); ",2ec6928c77a8b54caa61d0459f367c4394ee1f5e6f488753f587bfa9c780bad8
test.c,15,2,1,buffer,strcpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),"Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",Risk is low because the source is a constant character.,CWE-120," strcpy(a, ""\n""); // Did this work?",0badc5f4c500d17b42794feaca54ee0f49e607a32510af3ed749579001017edb test.c,15,2,1,buffer,strcpy,Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120),"Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)",Risk is low because the source is a constant character.,CWE-120," strcpy(a, ""\n""); // Did this work?",0badc5f4c500d17b42794feaca54ee0f49e607a32510af3ed749579001017edb
test.c,18,2,1,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",Risk is low because the source is a constant character.,CWE-120," sprintf(s, ""\n"");",c65fbd60851f3c8ace22332805966606488c0d242c1823493c582e267609b1a7 test.c,18,2,1,buffer,sprintf,Does not check for buffer overflows (CWE-120),"Use sprintf_s, snprintf, or vsnprintf",Risk is low because the source is a constant character.,CWE-120," sprintf(s, ""\n"");",c65fbd60851f3c8ace22332805966606488c0d242c1823493c582e267609b1a7
test.c,26,2,1,buffer,scanf,It's unclear if the %s limit in the format string is small enough (CWE-120),"Check that the limit is sufficiently small, or use a different input function",,CWE-120," scanf(""%10s"", s);",e24c4c801f10acfa93098b2bef58524efe4f88237f2dd8b58be9afa838616afe test.c,26,2,1,buffer,scanf,It's unclear if the %s limit in the format string is small enough (CWE-120),"Check that the limit is sufficiently small, or use a different input function",,CWE-120," scanf(""%10s"", s);",e24c4c801f10acfa93098b2bef58524efe4f88237f2dd8b58be9afa838616afe
test.c,53,3,1,buffer,strncpy,Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120),,,CWE-120," strncpy(d,s);",8fa14bf72393a00f667ffcc06b7b7e5f0b6d2f16d8d67444db06b0deb35b5f5e test.c,57,3,1,buffer,strncpy,Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120),,,CWE-120," strncpy(d,s);",8fa14bf72393a00f667ffcc06b7b7e5f0b6d2f16d8d67444db06b0deb35b5f5e
test.c,54,3,1,buffer,_tcsncpy,Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120),,,CWE-120," _tcsncpy(d,s);",691fabd4ca960a00e4c538eee0187ee0fdf59bd43dd71e792c14175150369b8b test.c,58,3,1,buffer,_tcsncpy,Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120),,,CWE-120," _tcsncpy(d,s);",691fabd4ca960a00e4c538eee0187ee0fdf59bd43dd71e792c14175150369b8b
test.c,55,3,1,buffer,strncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, snprintf, or automatically resizing strings",,CWE-120," strncat(d,s,10);",dd92f996a554bfbc038bea27640ba25dcf298383140a8330dca7cdacf493a701 test.c,59,3,1,buffer,strncat,"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)","Consider strcat_s, strlcat, snprintf, or automatically resizing strings",,CWE-120," strncat(d,s,10);",dd92f996a554bfbc038bea27640ba25dcf298383140a8330dca7cdacf493a701
test.c,58,7,1,buffer,strlen,Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126),,,CWE-126, n = strlen(d);,db7201c7df7f543ea76febb060bda167e414e71e3d18095fe1def69f8c47a4f6 test.c,62,7,1,buffer,strlen,Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126),,,CWE-126, n = strlen(d);,db7201c7df7f543ea76febb060bda167e414e71e3d18095fe1def69f8c47a4f6
test.c,64,3,1,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is very low, the length appears to be in characters not bytes.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));",1813fc329227b38abae867d8023a9e29c7517d679fe55c86f8300dde681b6470 test.c,68,3,1,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is very low, the length appears to be in characters not bytes.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));",1813fc329227b38abae867d8023a9e29c7517d679fe55c86f8300dde681b6470
test.c,66,3,1,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is very low, the length appears to be in characters not bytes.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0]));",7c6cdcb10ad3a16b8bfd56e3dac84829f9bc3e39d4dde74a2be9bbe000102fc5 test.c,70,3,1,buffer,MultiByteToWideChar,"Requires maximum length in CHARACTERS, not bytes (CWE-120)",,"Risk is very low, the length appears to be in characters not bytes.",CWE-120," MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0]));",7c6cdcb10ad3a16b8bfd56e3dac84829f9bc3e39d4dde74a2be9bbe000102fc5

1 File Line Column Level Category Name Warning Suggestion Note CWEs Context Fingerprint
2 test.c 32 2 5 buffer gets Does not check for buffer overflows (CWE-120, CWE-20) Use fgets() instead CWE-120, CWE-20 gets(f); 6a5bb383fb44030b0d9428b17359e94ba3979bc1ce702be450427f85592c649a
3 test.c 56 60 3 5 buffer strncat Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120) Consider strcat_s, strlcat, snprintf, or automatically resizing strings Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. CWE-120 strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */ cbd19c308547e79af13436d8f7dbcf6c62e49e4f62ba9aee38fbef29e0772f74
4 test.c 57 61 3 5 buffer _tcsncat Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120) Consider strcat_s, strlcat, or automatically resizing strings Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. CWE-120 _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */ c3f6ba2c710efc878e66df4578894fd408452cb7cdec7ae6f492a3b1796f8c42
5 test.c 60 64 3 5 buffer MultiByteToWideChar Requires maximum length in CHARACTERS, not bytes (CWE-120) Risk is high, it appears that the size is given as bytes, but the function requires size as characters. CWE-120 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)); 4f5b73ff337a54d6e1d9a369659ca0ddb4f80e6b7e38a17e5b112f6d3e266e69
6 test.c 62 66 3 5 buffer MultiByteToWideChar Requires maximum length in CHARACTERS, not bytes (CWE-120) Risk is high, it appears that the size is given as bytes, but the function requires size as characters. CWE-120 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName); 9ecdc1e903acc16a646bf7909a630ae22a7593b70952c39ce6bd9c5a23fad0fd
7 test.c 73 77 3 5 misc SetSecurityDescriptorDacl Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732) CWE-732 SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE); 5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb
8 test.c 73 77 3 5 misc SetSecurityDescriptorDacl Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732) CWE-732 SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE); 5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb
9 test.c 17 2 4 buffer strcpy Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) CWE-120 strcpy(b, a); c01c8472bb53022e912da4da2faebc67d537855da324020c44bfd5e608a79b77
10 test.c 20 2 4 buffer sprintf Does not check for buffer overflows (CWE-120) Use sprintf_s, snprintf, or vsnprintf CWE-120 sprintf(s, "hello %s", bug); 814237858ab012010f3355a49480dd6fa0a2cb8cf8356a98ac1c17c9febf6521
11 test.c 21 2 4 buffer sprintf Does not check for buffer overflows (CWE-120) Use sprintf_s, snprintf, or vsnprintf CWE-120 sprintf(s, gettext("hello %s"), bug); b793f18f143fb2297c49e0639384ad73db86eb01a44377aa4d5d09b44b03d747
15 test.c 27 2 4 buffer scanf The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20) Specify a limit to %s, or use a different input function CWE-120, CWE-20 scanf("%s", s); 3f169dd9fe508f70438f818770a3cb8b0f228e4245ea11a929a5fb0a7839fd5f
16 test.c 38 2 4 format syslog If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134) Use a constant format string for syslog CWE-134 syslog(LOG_ERR, attacker_string); 22e98963d5af7b197a090bd522d2d39b8d8ee7bdf08453fd2008939c92cd9677
17 test.c 49 3 4 buffer _mbscpy Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) Consider using a function version that stops copying at the end of the buffer CWE-120 _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */ e00a4a1a0a3603db98a23fcff3c9cdfd9012f5a81826814d9508e0f22089b993
18 test.c 52 56 3 4 buffer lstrcat Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120) CWE-120 lstrcat(d,s); 364b4c512862fdccbca27d2fa7737995b5d24b637a760976c940ae636218d340
19 test.c 75 79 3 3 shell CreateProcess This causes a new process to execute and is difficult to use safely (CWE-78) Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run CWE-78 CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); 3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf
20 test.c 75 79 3 3 shell CreateProcess This causes a new process to execute and is difficult to use safely (CWE-78) Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run CWE-78 CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); 3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf
21 test.c 91 95 20 3 buffer getopt_long Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20) Check implementation on installation, or limit the size of all string inputs CWE-120, CWE-20 while ((optc = getopt_long (argc, argv, "a",longopts, NULL )) != EOF) { 5bedf6e5bccf596008ef191ec4c5d4cc51a32cff0c05ef62d5f10fab93d0cc24
22 test.c 16 2 2 buffer strcpy Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) Risk is low because the source is a constant string. CWE-120 strcpy(a, gettext("Hello there")); // Did this work? d64070fb93ff0bb797fb926f4dddc7212d42f77e288d5ceb0cd30ed2979fa28d
23 test.c 19 2 2 buffer sprintf Does not check for buffer overflows (CWE-120) Use sprintf_s, snprintf, or vsnprintf Risk is low because the source has a constant maximum length. CWE-120 sprintf(s, "hello"); 907b46be1c3ea7b38f90a4d1b0f43b7751cd8cbe38fae840930ff006b702157d
24 test.c 45 3 2 buffer char Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120) Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length CWE-119!/CWE-120 char d[20]; 36c87517700337a59cc3ad3218cfdde56cad37d69cdeccee5a55ab232d5c7946
25 test.c 46 3 2 buffer char Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120) Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length CWE-119!/CWE-120 char s[20]; 213de8e8815fc84c423b55fd845fea541f25744718e486234364bb457863b597
26 test.c 50 3 2 buffer memcpy Does not check for buffer overflows when copying to destination (CWE-120) Make sure destination can always hold the source data CWE-120 memcpy(d,s); memcpy(d,s); // fail - no size 92c755cad0dde2a75803f34005c0412e084d89ce35f2fe16264702c9bcc3af95 e667b352fb0748c67b607b11577b11bad87545779c39923e61839dd04056055f
27 test.c 51 53 3 2 buffer CopyMemory memcpy Does not check for buffer overflows when copying to destination (CWE-120) Make sure destination can always hold the source data CWE-120 CopyMemory(d,s); memcpy(&n,s,sizeof(s)); // fail - sizeof not of destination 977f8c805ddd76ff32e0f7aea08701ba97d9ce6955136e98b308ed4f70eb2e11 01bcc2c8ba2d928ac3315b4dcc6593042ea05e62888a10a6d2cf16797a65ed32
28 test.c 97 54 7 3 2 misc buffer fopen memcpy Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362) Does not check for buffer overflows when copying to destination (CWE-120) Make sure destination can always hold the source data CWE-362 CWE-120 f = fopen("/etc/passwd", "r"); memcpy(d,s,n); // fail - size unguessable 2ec6928c77a8b54caa61d0459f367c4394ee1f5e6f488753f587bfa9c780bad8 2517a2fb5981193a6017cca660d16e85aab133706cbec302df97aaa623fc77ef
29 test.c 55 3 2 buffer CopyMemory Does not check for buffer overflows when copying to destination (CWE-120) Make sure destination can always hold the source data CWE-120 CopyMemory(d,s); 977f8c805ddd76ff32e0f7aea08701ba97d9ce6955136e98b308ed4f70eb2e11
30 test.c 101 7 2 misc fopen Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362) CWE-362 f = fopen("/etc/passwd", "r"); 2ec6928c77a8b54caa61d0459f367c4394ee1f5e6f488753f587bfa9c780bad8
31 test.c 15 2 1 buffer strcpy Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) Risk is low because the source is a constant character. CWE-120 strcpy(a, "\n"); // Did this work? 0badc5f4c500d17b42794feaca54ee0f49e607a32510af3ed749579001017edb
32 test.c 18 2 1 buffer sprintf Does not check for buffer overflows (CWE-120) Use sprintf_s, snprintf, or vsnprintf Risk is low because the source is a constant character. CWE-120 sprintf(s, "\n"); c65fbd60851f3c8ace22332805966606488c0d242c1823493c582e267609b1a7
33 test.c 26 2 1 buffer scanf It's unclear if the %s limit in the format string is small enough (CWE-120) Check that the limit is sufficiently small, or use a different input function CWE-120 scanf("%10s", s); e24c4c801f10acfa93098b2bef58524efe4f88237f2dd8b58be9afa838616afe
34 test.c 53 57 3 1 buffer strncpy Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120) CWE-120 strncpy(d,s); 8fa14bf72393a00f667ffcc06b7b7e5f0b6d2f16d8d67444db06b0deb35b5f5e
35 test.c 54 58 3 1 buffer _tcsncpy Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120) CWE-120 _tcsncpy(d,s); 691fabd4ca960a00e4c538eee0187ee0fdf59bd43dd71e792c14175150369b8b
36 test.c 55 59 3 1 buffer strncat Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120) Consider strcat_s, strlcat, snprintf, or automatically resizing strings CWE-120 strncat(d,s,10); dd92f996a554bfbc038bea27640ba25dcf298383140a8330dca7cdacf493a701
37 test.c 58 62 7 1 buffer strlen Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126) CWE-126 n = strlen(d); db7201c7df7f543ea76febb060bda167e414e71e3d18095fe1def69f8c47a4f6
38 test.c 64 68 3 1 buffer MultiByteToWideChar Requires maximum length in CHARACTERS, not bytes (CWE-120) Risk is very low, the length appears to be in characters not bytes. CWE-120 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0])); 1813fc329227b38abae867d8023a9e29c7517d679fe55c86f8300dde681b6470
39 test.c 66 70 3 1 buffer MultiByteToWideChar Requires maximum length in CHARACTERS, not bytes (CWE-120) Risk is very low, the length appears to be in characters not bytes. CWE-120 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0])); 7c6cdcb10ad3a16b8bfd56e3dac84829f9bc3e39d4dde74a2be9bbe000102fc5

64
correct-results.html Normal file → Executable file
View File

@ -26,7 +26,7 @@ Examining test2.c <br>
<pre> <pre>
gets(f); gets(f);
</pre> </pre>
<li>test.c:56: <b> [5] </b> (buffer) <i> strncat: <li>test.c:60: <b> [5] </b> (buffer) <i> strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (<a size to add) [MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
@ -36,7 +36,7 @@ Examining test2.c <br>
<pre> <pre>
strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */ strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */
</pre> </pre>
<li>test.c:57: <b> [5] </b> (buffer) <i> _tcsncat: <li>test.c:61: <b> [5] </b> (buffer) <i> _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (<a size to add) [MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
@ -46,7 +46,7 @@ Examining test2.c <br>
<pre> <pre>
_tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */ _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */
</pre> </pre>
<li>test.c:60: <b> [5] </b> (buffer) <i> MultiByteToWideChar: <li>test.c:64: <b> [5] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (<a Requires maximum length in CHARACTERS, not bytes (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk
is high, it appears that the size is given as bytes, but the function is high, it appears that the size is given as bytes, but the function
@ -54,7 +54,7 @@ Examining test2.c <br>
<pre> <pre>
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)); MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));
</pre> </pre>
<li>test.c:62: <b> [5] </b> (buffer) <i> MultiByteToWideChar: <li>test.c:66: <b> [5] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (<a Requires maximum length in CHARACTERS, not bytes (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk
is high, it appears that the size is given as bytes, but the function is high, it appears that the size is given as bytes, but the function
@ -62,14 +62,14 @@ Examining test2.c <br>
<pre> <pre>
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName); MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);
</pre> </pre>
<li>test.c:73: <b> [5] </b> (misc) <i> SetSecurityDescriptorDacl: <li>test.c:77: <b> [5] </b> (misc) <i> SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (<a Access), which would even forbid administrator access (<a
href="https://cwe.mitre.org/data/definitions/732.html">CWE-732</a>). </i> href="https://cwe.mitre.org/data/definitions/732.html">CWE-732</a>). </i>
<pre> <pre>
SetSecurityDescriptorDacl(&amp;sd,TRUE,NULL,FALSE); SetSecurityDescriptorDacl(&amp;sd,TRUE,NULL,FALSE);
</pre> </pre>
<li>test.c:73: <b> [5] </b> (misc) <i> SetSecurityDescriptorDacl: <li>test.c:77: <b> [5] </b> (misc) <i> SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (<a Access), which would even forbid administrator access (<a
href="https://cwe.mitre.org/data/definitions/732.html">CWE-732</a>). </i> href="https://cwe.mitre.org/data/definitions/732.html">CWE-732</a>). </i>
@ -146,14 +146,14 @@ Examining test2.c <br>
<pre> <pre>
_mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */ _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */
</pre> </pre>
<li>test.c:52: <b> [4] </b> (buffer) <i> lstrcat: <li>test.c:56: <b> [4] </b> (buffer) <i> lstrcat:
Does not check for buffer overflows when concatenating to destination Does not check for buffer overflows when concatenating to destination
[MS-banned] (<a [MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i> href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i>
<pre> <pre>
lstrcat(d,s); lstrcat(d,s);
</pre> </pre>
<li>test.c:75: <b> [3] </b> (shell) <i> CreateProcess: <li>test.c:79: <b> [3] </b> (shell) <i> CreateProcess:
This causes a new process to execute and is difficult to use safely (<a This causes a new process to execute and is difficult to use safely (<a
href="https://cwe.mitre.org/data/definitions/78.html">CWE-78</a>). Specify href="https://cwe.mitre.org/data/definitions/78.html">CWE-78</a>). Specify
the application path in the first argument, NOT as part of the second, or the application path in the first argument, NOT as part of the second, or
@ -162,7 +162,7 @@ Examining test2.c <br>
<pre> <pre>
CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", "");
</pre> </pre>
<li>test.c:75: <b> [3] </b> (shell) <i> CreateProcess: <li>test.c:79: <b> [3] </b> (shell) <i> CreateProcess:
This causes a new process to execute and is difficult to use safely (<a This causes a new process to execute and is difficult to use safely (<a
href="https://cwe.mitre.org/data/definitions/78.html">CWE-78</a>). Specify href="https://cwe.mitre.org/data/definitions/78.html">CWE-78</a>). Specify
the application path in the first argument, NOT as part of the second, or the application path in the first argument, NOT as part of the second, or
@ -171,7 +171,7 @@ Examining test2.c <br>
<pre> <pre>
CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", "");
</pre> </pre>
<li>test.c:91: <b> [3] </b> (buffer) <i> getopt_long: <li>test.c:95: <b> [3] </b> (buffer) <i> getopt_long:
Some older implementations do not protect against internal buffer overflows Some older implementations do not protect against internal buffer overflows
(<a href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>, <a (<a href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>, <a
href="https://cwe.mitre.org/data/definitions/20.html">CWE-20</a>). Check href="https://cwe.mitre.org/data/definitions/20.html">CWE-20</a>). Check
@ -220,16 +220,30 @@ Examining test2.c <br>
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make
sure destination can always hold the source data. </i> sure destination can always hold the source data. </i>
<pre> <pre>
memcpy(d,s); memcpy(d,s); // fail - no size
</pre> </pre>
<li>test.c:51: <b> [2] </b> (buffer) <i> CopyMemory: <li>test.c:53: <b> [2] </b> (buffer) <i> memcpy:
Does not check for buffer overflows when copying to destination (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make
sure destination can always hold the source data. </i>
<pre>
memcpy(&amp;n,s,sizeof(s)); // fail - sizeof not of destination
</pre>
<li>test.c:54: <b> [2] </b> (buffer) <i> memcpy:
Does not check for buffer overflows when copying to destination (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make
sure destination can always hold the source data. </i>
<pre>
memcpy(d,s,n); // fail - size unguessable
</pre>
<li>test.c:55: <b> [2] </b> (buffer) <i> CopyMemory:
Does not check for buffer overflows when copying to destination (<a Does not check for buffer overflows when copying to destination (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Make
sure destination can always hold the source data. </i> sure destination can always hold the source data. </i>
<pre> <pre>
CopyMemory(d,s); CopyMemory(d,s);
</pre> </pre>
<li>test.c:97: <b> [2] </b> (misc) <i> fopen: <li>test.c:101: <b> [2] </b> (misc) <i> fopen:
Check when opening files - can an attacker redirect it (via symlinks), Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its around to create a race condition, control its ancestors, or change its
@ -261,21 +275,21 @@ Examining test2.c <br>
<pre> <pre>
scanf("%10s", s); scanf("%10s", s);
</pre> </pre>
<li>test.c:53: <b> [1] </b> (buffer) <i> strncpy: <li>test.c:57: <b> [1] </b> (buffer) <i> strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (<a pointers [MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i> href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i>
<pre> <pre>
strncpy(d,s); strncpy(d,s);
</pre> </pre>
<li>test.c:54: <b> [1] </b> (buffer) <i> _tcsncpy: <li>test.c:58: <b> [1] </b> (buffer) <i> _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (<a pointers [MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i> href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </i>
<pre> <pre>
_tcsncpy(d,s); _tcsncpy(d,s);
</pre> </pre>
<li>test.c:55: <b> [1] </b> (buffer) <i> strncat: <li>test.c:59: <b> [1] </b> (buffer) <i> strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (<a size to add) [MS-banned] (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>).
@ -283,21 +297,21 @@ Examining test2.c <br>
<pre> <pre>
strncat(d,s,10); strncat(d,s,10);
</pre> </pre>
<li>test.c:58: <b> [1] </b> (buffer) <i> strlen: <li>test.c:62: <b> [1] </b> (buffer) <i> strlen:
Does not handle strings that are not \0-terminated; if given one it may Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (<a perform an over-read (it could cause a crash if unprotected) (<a
href="https://cwe.mitre.org/data/definitions/126.html">CWE-126</a>). </i> href="https://cwe.mitre.org/data/definitions/126.html">CWE-126</a>). </i>
<pre> <pre>
n = strlen(d); n = strlen(d);
</pre> </pre>
<li>test.c:64: <b> [1] </b> (buffer) <i> MultiByteToWideChar: <li>test.c:68: <b> [1] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (<a Requires maximum length in CHARACTERS, not bytes (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk
is very low, the length appears to be in characters not bytes. </i> is very low, the length appears to be in characters not bytes. </i>
<pre> <pre>
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0])); MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));
</pre> </pre>
<li>test.c:66: <b> [1] </b> (buffer) <i> MultiByteToWideChar: <li>test.c:70: <b> [1] </b> (buffer) <i> MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (<a Requires maximum length in CHARACTERS, not bytes (<a
href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Risk
is very low, the length appears to be in characters not bytes. </i> is very low, the length appears to be in characters not bytes. </i>
@ -307,15 +321,15 @@ Examining test2.c <br>
</ul> </ul>
<h2>Analysis Summary</h2> <h2>Analysis Summary</h2>
<p> <p>
Hits = 36 Hits = 38
<br> <br>
Lines analyzed = 118 Lines analyzed = 122
<br> <br>
Physical Source Lines of Code (SLOC) = 80 Physical Source Lines of Code (SLOC) = 84
<br> <br>
Hits@level = [0] 16 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7 <br> Hits@level = [0] 16 [1] 9 [2] 9 [3] 3 [4] 10 [5] 7 <br>
Hits@level+ = [0+] 52 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7 <br> Hits@level+ = [0+] 54 [1+] 38 [2+] 29 [3+] 20 [4+] 17 [5+] 7 <br>
Hits/KSLOC@level+ = [0+] 650 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5 <br> Hits/KSLOC@level+ = [0+] 642.857 [1+] 452.381 [2+] 345.238 [3+] 238.095 [4+] 202.381 [5+] 83.3333 <br>
Suppressed hits = 2 (use --neverignore to show them) Suppressed hits = 2 (use --neverignore to show them)
<br> <br>
Minimum risk level = 1 Minimum risk level = 1

54
correct-results.txt Normal file → Executable file
View File

@ -7,29 +7,29 @@ FINAL RESULTS:
test.c:32: [5] (buffer) gets: test.c:32: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
test.c:56: [5] (buffer) strncat: test.c:60: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters appears to be a constant, instead of computing the number of characters
left. left.
test.c:57: [5] (buffer) _tcsncat: test.c:61: [5] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings. Risk is high; the length parameter appears automatically resizing strings. Risk is high; the length parameter appears
to be a constant, instead of computing the number of characters left. to be a constant, instead of computing the number of characters left.
test.c:60: [5] (buffer) MultiByteToWideChar: test.c:64: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size it appears that the size is given as bytes, but the function requires size
as characters. as characters.
test.c:62: [5] (buffer) MultiByteToWideChar: test.c:66: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high, Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size it appears that the size is given as bytes, but the function requires size
as characters. as characters.
test.c:73: [5] (misc) SetSecurityDescriptorDacl: test.c:77: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732). Access), which would even forbid administrator access (CWE-732).
test.c:73: [5] (misc) SetSecurityDescriptorDacl: test.c:77: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732). Access), which would even forbid administrator access (CWE-732).
test.c:17: [4] (buffer) strcpy: test.c:17: [4] (buffer) strcpy:
@ -62,20 +62,20 @@ test.c:49: [4] (buffer) _mbscpy:
Does not check for buffer overflows when copying to destination [MS-banned] Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end (CWE-120). Consider using a function version that stops copying at the end
of the buffer. of the buffer.
test.c:52: [4] (buffer) lstrcat: test.c:56: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). [MS-banned] (CWE-120).
test.c:75: [3] (shell) CreateProcess: test.c:79: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part (CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a of the second, or embedded spaces could allow an attacker to force a
different program to run. different program to run.
test.c:75: [3] (shell) CreateProcess: test.c:79: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part (CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a of the second, or embedded spaces could allow an attacker to force a
different program to run. different program to run.
test.c:91: [3] (buffer) getopt_long: test.c:95: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size (CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs. of all string inputs.
@ -99,10 +99,16 @@ test.c:46: [2] (buffer) char:
test.c:50: [2] (buffer) memcpy: test.c:50: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120). Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data. Make sure destination can always hold the source data.
test.c:51: [2] (buffer) CopyMemory: test.c:53: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120). Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data. Make sure destination can always hold the source data.
test.c:97: [2] (misc) fopen: test.c:54: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
test.c:55: [2] (buffer) CopyMemory:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
test.c:101: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks), Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its around to create a race condition, control its ancestors, or change its
@ -118,34 +124,34 @@ test.c:26: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different (CWE-120). Check that the limit is sufficiently small, or use a different
input function. input function.
test.c:53: [1] (buffer) strncpy: test.c:57: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). pointers [MS-banned] (CWE-120).
test.c:54: [1] (buffer) _tcsncpy: test.c:58: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). pointers [MS-banned] (CWE-120).
test.c:55: [1] (buffer) strncat: test.c:59: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. or automatically resizing strings.
test.c:58: [1] (buffer) strlen: test.c:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126). perform an over-read (it could cause a crash if unprotected) (CWE-126).
test.c:64: [1] (buffer) MultiByteToWideChar: test.c:68: [1] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is very Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is very
low, the length appears to be in characters not bytes. low, the length appears to be in characters not bytes.
test.c:66: [1] (buffer) MultiByteToWideChar: test.c:70: [1] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is very Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is very
low, the length appears to be in characters not bytes. low, the length appears to be in characters not bytes.
ANALYSIS SUMMARY: ANALYSIS SUMMARY:
Hits = 36 Hits = 38
Lines analyzed = 118 Lines analyzed = 122
Physical Source Lines of Code (SLOC) = 80 Physical Source Lines of Code (SLOC) = 84
Hits@level = [0] 16 [1] 9 [2] 7 [3] 3 [4] 10 [5] 7 Hits@level = [0] 16 [1] 9 [2] 9 [3] 3 [4] 10 [5] 7
Hits@level+ = [0+] 52 [1+] 36 [2+] 27 [3+] 20 [4+] 17 [5+] 7 Hits@level+ = [0+] 54 [1+] 38 [2+] 29 [3+] 20 [4+] 17 [5+] 7
Hits/KSLOC@level+ = [0+] 650 [1+] 450 [2+] 337.5 [3+] 250 [4+] 212.5 [5+] 87.5 Hits/KSLOC@level+ = [0+] 642.857 [1+] 452.381 [2+] 345.238 [3+] 238.095 [4+] 202.381 [5+] 83.3333
Suppressed hits = 2 (use --neverignore to show them) Suppressed hits = 2 (use --neverignore to show them)
Minimum risk level = 1 Minimum risk level = 1
Not every hit is necessarily a security vulnerability. Not every hit is necessarily a security vulnerability.