8.8 KiB
8.8 KiB
| 1 | File | Line | Column | Level | Category | Name | Warning | Suggestion | Note | CWEs | Context |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | test.c | 32 | 2 | 5 | buffer | gets | Does not check for buffer overflows (CWE-120, CWE-20) | Use fgets() instead | CWE-120, CWE-20 | gets(f); | |
| 3 | test.c | 56 | 3 | 5 | buffer | strncat | Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120) | Consider strcat_s, strlcat, snprintf, or automatically resizing strings | Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. | CWE-120 | strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */ |
| 4 | test.c | 57 | 3 | 5 | buffer | _tcsncat | Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120) | Consider strcat_s, strlcat, or automatically resizing strings | Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. | CWE-120 | _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */ |
| 5 | test.c | 60 | 3 | 5 | buffer | MultiByteToWideChar | Requires maximum length in CHARACTERS, not bytes (CWE-120) | Risk is high, it appears that the size is given as bytes, but the function requires size as characters. | CWE-120 | MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)); | |
| 6 | test.c | 62 | 3 | 5 | buffer | MultiByteToWideChar | Requires maximum length in CHARACTERS, not bytes (CWE-120) | Risk is high, it appears that the size is given as bytes, but the function requires size as characters. | CWE-120 | MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName); | |
| 7 | test.c | 73 | 3 | 5 | misc | SetSecurityDescriptorDacl | Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732) | CWE-732 | SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE); | ||
| 8 | test.c | 73 | 3 | 5 | misc | SetSecurityDescriptorDacl | Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732) | CWE-732 | SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE); | ||
| 9 | test.c | 17 | 2 | 4 | buffer | strcpy | Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) | Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) | CWE-120 | strcpy(b, a); | |
| 10 | test.c | 20 | 2 | 4 | buffer | sprintf | Does not check for buffer overflows (CWE-120) | Use sprintf_s, snprintf, or vsnprintf | CWE-120 | sprintf(s, "hello %s", bug); | |
| 11 | test.c | 21 | 2 | 4 | buffer | sprintf | Does not check for buffer overflows (CWE-120) | Use sprintf_s, snprintf, or vsnprintf | CWE-120 | sprintf(s, gettext("hello %s"), bug); | |
| 12 | test.c | 22 | 2 | 4 | format | sprintf | Potential format string problem (CWE-134) | Make format string constant | CWE-134 | sprintf(s, unknown, bug); | |
| 13 | test.c | 23 | 2 | 4 | format | printf | If format strings can be influenced by an attacker, they can be exploited (CWE-134) | Use a constant for the format specification | CWE-134 | printf(bf, x); | |
| 14 | test.c | 25 | 2 | 4 | buffer | scanf | The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20) | Specify a limit to %s, or use a different input function | CWE-120, CWE-20 | scanf("%s", s); | |
| 15 | test.c | 27 | 2 | 4 | buffer | scanf | The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20) | Specify a limit to %s, or use a different input function | CWE-120, CWE-20 | scanf("%s", s); | |
| 16 | test.c | 38 | 2 | 4 | format | syslog | If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134) | Use a constant format string for syslog | CWE-134 | syslog(LOG_ERR, attacker_string); | |
| 17 | test.c | 49 | 3 | 4 | buffer | _mbscpy | Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) | Consider using a function version that stops copying at the end of the buffer | CWE-120 | _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */ | |
| 18 | test.c | 52 | 3 | 4 | buffer | lstrcat | Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120) | CWE-120 | lstrcat(d,s); | ||
| 19 | test.c | 75 | 3 | 3 | shell | CreateProcess | This causes a new process to execute and is difficult to use safely (CWE-78) | Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run | CWE-78 | CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); | |
| 20 | test.c | 75 | 3 | 3 | shell | CreateProcess | This causes a new process to execute and is difficult to use safely (CWE-78) | Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run | CWE-78 | CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); | |
| 21 | test.c | 91 | 20 | 3 | buffer | getopt_long | Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20) | Check implementation on installation, or limit the size of all string inputs | CWE-120, CWE-20 | while ((optc = getopt_long (argc, argv, "a",longopts, NULL )) != EOF) { | |
| 22 | test.c | 16 | 2 | 2 | buffer | strcpy | Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) | Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) | Risk is low because the source is a constant string. | CWE-120 | strcpy(a, gettext("Hello there")); // Did this work? |
| 23 | test.c | 19 | 2 | 2 | buffer | sprintf | Does not check for buffer overflows (CWE-120) | Use sprintf_s, snprintf, or vsnprintf | Risk is low because the source has a constant maximum length. | CWE-120 | sprintf(s, "hello"); |
| 24 | test.c | 45 | 3 | 2 | buffer | char | Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120) | Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length | CWE-119!/CWE-120 | char d[20]; | |
| 25 | test.c | 46 | 3 | 2 | buffer | char | Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120) | Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length | CWE-119!/CWE-120 | char s[20]; | |
| 26 | test.c | 50 | 3 | 2 | buffer | memcpy | Does not check for buffer overflows when copying to destination (CWE-120) | Make sure destination can always hold the source data | CWE-120 | memcpy(d,s); | |
| 27 | test.c | 51 | 3 | 2 | buffer | CopyMemory | Does not check for buffer overflows when copying to destination (CWE-120) | Make sure destination can always hold the source data | CWE-120 | CopyMemory(d,s); | |
| 28 | test.c | 97 | 7 | 2 | misc | fopen | Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362) | CWE-362 | f = fopen("/etc/passwd", "r"); | ||
| 29 | test.c | 15 | 2 | 1 | buffer | strcpy | Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120) | Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) | Risk is low because the source is a constant character. | CWE-120 | strcpy(a, "\n"); // Did this work? |
| 30 | test.c | 18 | 2 | 1 | buffer | sprintf | Does not check for buffer overflows (CWE-120) | Use sprintf_s, snprintf, or vsnprintf | Risk is low because the source is a constant character. | CWE-120 | sprintf(s, "\n"); |
| 31 | test.c | 26 | 2 | 1 | buffer | scanf | It's unclear if the %s limit in the format string is small enough (CWE-120) | Check that the limit is sufficiently small, or use a different input function | CWE-120 | scanf("%10s", s); | |
| 32 | test.c | 53 | 3 | 1 | buffer | strncpy | Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120) | CWE-120 | strncpy(d,s); | ||
| 33 | test.c | 54 | 3 | 1 | buffer | _tcsncpy | Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120) | CWE-120 | _tcsncpy(d,s); | ||
| 34 | test.c | 55 | 3 | 1 | buffer | strncat | Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120) | Consider strcat_s, strlcat, snprintf, or automatically resizing strings | CWE-120 | strncat(d,s,10); | |
| 35 | test.c | 58 | 7 | 1 | buffer | strlen | Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126) | CWE-126 | n = strlen(d); | ||
| 36 | test.c | 64 | 3 | 1 | buffer | MultiByteToWideChar | Requires maximum length in CHARACTERS, not bytes (CWE-120) | Risk is very low, the length appears to be in characters not bytes. | CWE-120 | MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0])); | |
| 37 | test.c | 66 | 3 | 1 | buffer | MultiByteToWideChar | Requires maximum length in CHARACTERS, not bytes (CWE-120) | Risk is very low, the length appears to be in characters not bytes. | CWE-120 | MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0])); |