15 KiB
15 KiB
1 | File | Line | Column | DefaultLevel | Level | Category | Name | Warning | Suggestion | Note | CWEs | Context | Fingerprint | ToolVersion | RuleId | HelpUri |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2 | test.c | 32 | 2 | 5 | 5 | buffer | gets | Does not check for buffer overflows (CWE-120, CWE-20). | Use fgets() instead. | CWE-120, CWE-20 | gets(f); | 6a5bb383fb44030b0d9428b17359e94ba3979bc1ce702be450427f85592c649a | 2.0.16 | FF1014 | https://cwe.mitre.org/data/definitions/120.html | |
3 | test.c | 60 | 3 | 1 | 5 | buffer | strncat | Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). | Consider strcat_s, strlcat, snprintf, or automatically resizing strings. | Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. | CWE-120 | strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */ | cbd19c308547e79af13436d8f7dbcf6c62e49e4f62ba9aee38fbef29e0772f74 | 2.0.16 | FF1010 | https://cwe.mitre.org/data/definitions/120.html |
4 | test.c | 61 | 3 | 1 | 5 | buffer | _tcsncat | Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). | Consider strcat_s, strlcat, or automatically resizing strings. | Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. | CWE-120 | _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */ | c3f6ba2c710efc878e66df4578894fd408452cb7cdec7ae6f492a3b1796f8c42 | 2.0.16 | FF1011 | https://cwe.mitre.org/data/definitions/120.html |
5 | test.c | 64 | 3 | 2 | 5 | buffer | MultiByteToWideChar | Requires maximum length in CHARACTERS, not bytes (CWE-120). | Risk is high, it appears that the size is given as bytes, but the function requires size as characters. | CWE-120 | MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)); | 4f5b73ff337a54d6e1d9a369659ca0ddb4f80e6b7e38a17e5b112f6d3e266e69 | 2.0.16 | FF1023 | https://cwe.mitre.org/data/definitions/120.html | |
6 | test.c | 66 | 3 | 2 | 5 | buffer | MultiByteToWideChar | Requires maximum length in CHARACTERS, not bytes (CWE-120). | Risk is high, it appears that the size is given as bytes, but the function requires size as characters. | CWE-120 | MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName); | 9ecdc1e903acc16a646bf7909a630ae22a7593b70952c39ce6bd9c5a23fad0fd | 2.0.16 | FF1023 | https://cwe.mitre.org/data/definitions/120.html | |
7 | test.c | 77 | 3 | 5 | 5 | misc | SetSecurityDescriptorDacl | Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732). | CWE-732 | SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE); | 5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb | 2.0.16 | FF1060 | https://cwe.mitre.org/data/definitions/732.html | ||
8 | test.c | 77 | 3 | 5 | 5 | misc | SetSecurityDescriptorDacl | Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732). | CWE-732 | SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE); | 5fed1e135b593b4c943e66e89a26ff131eba18b83a32a8af37d1c0bd7b01aadb | 2.0.16 | FF1060 | https://cwe.mitre.org/data/definitions/732.html | ||
9 | test.c | 17 | 2 | 4 | 4 | buffer | strcpy | Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). | Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). | CWE-120 | strcpy(b, a); | c01c8472bb53022e912da4da2faebc67d537855da324020c44bfd5e608a79b77 | 2.0.16 | FF1001 | https://cwe.mitre.org/data/definitions/120.html | |
10 | test.c | 20 | 2 | 4 | 4 | buffer | sprintf | Does not check for buffer overflows (CWE-120). | Use sprintf_s, snprintf, or vsnprintf. | CWE-120 | sprintf(s, "hello %s", bug); | 814237858ab012010f3355a49480dd6fa0a2cb8cf8356a98ac1c17c9febf6521 | 2.0.16 | FF1015 | https://cwe.mitre.org/data/definitions/120.html | |
11 | test.c | 21 | 2 | 4 | 4 | buffer | sprintf | Does not check for buffer overflows (CWE-120). | Use sprintf_s, snprintf, or vsnprintf. | CWE-120 | sprintf(s, gettext("hello %s"), bug); | b793f18f143fb2297c49e0639384ad73db86eb01a44377aa4d5d09b44b03d747 | 2.0.16 | FF1015 | https://cwe.mitre.org/data/definitions/120.html | |
12 | test.c | 22 | 2 | 4 | 4 | format | sprintf | Potential format string problem (CWE-134). | Make format string constant. | CWE-134 | sprintf(s, unknown, bug); | 16ebc2ff96ee4bab2695783709e97b597ca9c8b8cc149e33aed859f0fafd3431 | 2.0.16 | FF1015 | https://cwe.mitre.org/data/definitions/134.html | |
13 | test.c | 23 | 2 | 4 | 4 | format | printf | If format strings can be influenced by an attacker, they can be exploited (CWE-134). | Use a constant for the format specification. | CWE-134 | printf(bf, x); | 46f42896019245d2dffc4caf4fe018b073ce2a58203676eaa28b6374558a5b5d | 2.0.16 | FF1016 | https://cwe.mitre.org/data/definitions/134.html | |
14 | test.c | 25 | 2 | 4 | 4 | buffer | scanf | The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). | Specify a limit to %s, or use a different input function. | CWE-120, CWE-20 | scanf("%s", s); | 3f169dd9fe508f70438f818770a3cb8b0f228e4245ea11a929a5fb0a7839fd5f | 2.0.16 | FF1020 | https://cwe.mitre.org/data/definitions/120.html | |
15 | test.c | 27 | 2 | 4 | 4 | buffer | scanf | The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). | Specify a limit to %s, or use a different input function. | CWE-120, CWE-20 | scanf("%s", s); | 3f169dd9fe508f70438f818770a3cb8b0f228e4245ea11a929a5fb0a7839fd5f | 2.0.16 | FF1020 | https://cwe.mitre.org/data/definitions/120.html | |
16 | test.c | 38 | 2 | 4 | 4 | format | syslog | If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134). | Use a constant format string for syslog. | CWE-134 | syslog(LOG_ERR, attacker_string); | 22e98963d5af7b197a090bd522d2d39b8d8ee7bdf08453fd2008939c92cd9677 | 2.0.16 | FF1018 | https://cwe.mitre.org/data/definitions/134.html | |
17 | test.c | 49 | 3 | 4 | 4 | buffer | _mbscpy | Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). | Consider using a function version that stops copying at the end of the buffer. | CWE-120 | _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */ | e00a4a1a0a3603db98a23fcff3c9cdfd9012f5a81826814d9508e0f22089b993 | 2.0.16 | FF1003 | https://cwe.mitre.org/data/definitions/120.html | |
18 | test.c | 56 | 3 | 4 | 4 | buffer | lstrcat | Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). | CWE-120 | lstrcat(d,s); | 364b4c512862fdccbca27d2fa7737995b5d24b637a760976c940ae636218d340 | 2.0.16 | FF1006 | https://cwe.mitre.org/data/definitions/120.html | ||
19 | test.c | 79 | 3 | 3 | 3 | shell | CreateProcess | This causes a new process to execute and is difficult to use safely (CWE-78). | Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. | CWE-78 | CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); | 3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf | 2.0.16 | FF1046 | https://cwe.mitre.org/data/definitions/78.html | |
20 | test.c | 79 | 3 | 3 | 3 | shell | CreateProcess | This causes a new process to execute and is difficult to use safely (CWE-78). | Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. | CWE-78 | CreateProcess(NULL, "C:\\Program Files\\GoodGuy\\GoodGuy.exe -x", ""); | 3c712b38d0857bde3832d85ad35ac9859be55c5f5f1c20af659a577dd4d0acbf | 2.0.16 | FF1046 | https://cwe.mitre.org/data/definitions/78.html | |
21 | test.c | 81 | 10 | 3 | 3 | misc | LoadLibraryEx | Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). | Use a flag like LOAD_LIBRARY_SEARCH_SYSTEM32 or LOAD_LIBRARY_SEARCH_APPLICATION_DIR to search only desired folders. | CWE-829, CWE-20 | (void) LoadLibraryEx(L"user32.dll", nullptr, LOAD_LIBRARY_AS_DATAFILE); | b1f99ecaa31e682487d795afbf03282fd56ad9f2aa630d0196219b277d2a68c9 | 2.0.16 | FF1059 | https://cwe.mitre.org/data/definitions/829.html | |
22 | test.c | 99 | 20 | 3 | 3 | buffer | getopt_long | Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). | Check implementation on installation, or limit the size of all string inputs. | CWE-120, CWE-20 | while ((optc = getopt_long (argc, argv, "a",longopts, NULL )) != EOF) { | 5bedf6e5bccf596008ef191ec4c5d4cc51a32cff0c05ef62d5f10fab93d0cc24 | 2.0.16 | FF1027 | https://cwe.mitre.org/data/definitions/120.html | |
23 | test.c | 16 | 2 | 4 | 2 | buffer | strcpy | Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). | Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). | Risk is low because the source is a constant string. | CWE-120 | strcpy(a, gettext("Hello there")); // Did this work? | d64070fb93ff0bb797fb926f4dddc7212d42f77e288d5ceb0cd30ed2979fa28d | 2.0.16 | FF1001 | https://cwe.mitre.org/data/definitions/120.html |
24 | test.c | 19 | 2 | 4 | 2 | buffer | sprintf | Does not check for buffer overflows (CWE-120). | Use sprintf_s, snprintf, or vsnprintf. | Risk is low because the source has a constant maximum length. | CWE-120 | sprintf(s, "hello"); | 907b46be1c3ea7b38f90a4d1b0f43b7751cd8cbe38fae840930ff006b702157d | 2.0.16 | FF1015 | https://cwe.mitre.org/data/definitions/120.html |
25 | test.c | 45 | 3 | 2 | 2 | buffer | char | Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). | Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. | CWE-119!/CWE-120 | char d[20]; | 36c87517700337a59cc3ad3218cfdde56cad37d69cdeccee5a55ab232d5c7946 | 2.0.16 | FF1013 | https://cwe.mitre.org/data/definitions/119.html | |
26 | test.c | 46 | 3 | 2 | 2 | buffer | char | Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). | Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. | CWE-119!/CWE-120 | char s[20]; | 213de8e8815fc84c423b55fd845fea541f25744718e486234364bb457863b597 | 2.0.16 | FF1013 | https://cwe.mitre.org/data/definitions/119.html | |
27 | test.c | 50 | 3 | 2 | 2 | buffer | memcpy | Does not check for buffer overflows when copying to destination (CWE-120). | Make sure destination can always hold the source data. | CWE-120 | memcpy(d,s); // fail - no size | e667b352fb0748c67b607b11577b11bad87545779c39923e61839dd04056055f | 2.0.16 | FF1004 | https://cwe.mitre.org/data/definitions/120.html | |
28 | test.c | 53 | 3 | 2 | 2 | buffer | memcpy | Does not check for buffer overflows when copying to destination (CWE-120). | Make sure destination can always hold the source data. | CWE-120 | memcpy(&n,s,sizeof(s)); // fail - sizeof not of destination | 01bcc2c8ba2d928ac3315b4dcc6593042ea05e62888a10a6d2cf16797a65ed32 | 2.0.16 | FF1004 | https://cwe.mitre.org/data/definitions/120.html | |
29 | test.c | 54 | 3 | 2 | 2 | buffer | memcpy | Does not check for buffer overflows when copying to destination (CWE-120). | Make sure destination can always hold the source data. | CWE-120 | memcpy(d,s,n); // fail - size unguessable | 2517a2fb5981193a6017cca660d16e85aab133706cbec302df97aaa623fc77ef | 2.0.16 | FF1004 | https://cwe.mitre.org/data/definitions/120.html | |
30 | test.c | 55 | 3 | 2 | 2 | buffer | CopyMemory | Does not check for buffer overflows when copying to destination (CWE-120). | Make sure destination can always hold the source data. | CWE-120 | CopyMemory(d,s); | 977f8c805ddd76ff32e0f7aea08701ba97d9ce6955136e98b308ed4f70eb2e11 | 2.0.16 | FF1004 | https://cwe.mitre.org/data/definitions/120.html | |
31 | test.c | 105 | 7 | 2 | 2 | misc | fopen | Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). | CWE-362 | f = fopen("/etc/passwd", "r"); | 2ec6928c77a8b54caa61d0459f367c4394ee1f5e6f488753f587bfa9c780bad8 | 2.0.16 | FF1040 | https://cwe.mitre.org/data/definitions/362.html | ||
32 | test.c | 15 | 2 | 4 | 1 | buffer | strcpy | Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). | Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). | Risk is low because the source is a constant character. | CWE-120 | strcpy(a, "\n"); // Did this work? | 0badc5f4c500d17b42794feaca54ee0f49e607a32510af3ed749579001017edb | 2.0.16 | FF1001 | https://cwe.mitre.org/data/definitions/120.html |
33 | test.c | 18 | 2 | 4 | 1 | buffer | sprintf | Does not check for buffer overflows (CWE-120). | Use sprintf_s, snprintf, or vsnprintf. | Risk is low because the source is a constant character. | CWE-120 | sprintf(s, "\n"); | c65fbd60851f3c8ace22332805966606488c0d242c1823493c582e267609b1a7 | 2.0.16 | FF1015 | https://cwe.mitre.org/data/definitions/120.html |
34 | test.c | 26 | 2 | 4 | 1 | buffer | scanf | It's unclear if the %s limit in the format string is small enough (CWE-120). | Check that the limit is sufficiently small, or use a different input function. | CWE-120 | scanf("%10s", s); | e24c4c801f10acfa93098b2bef58524efe4f88237f2dd8b58be9afa838616afe | 2.0.16 | FF1020 | https://cwe.mitre.org/data/definitions/120.html | |
35 | test.c | 57 | 3 | 1 | 1 | buffer | strncpy | Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). | CWE-120 | strncpy(d,s); | 8fa14bf72393a00f667ffcc06b7b7e5f0b6d2f16d8d67444db06b0deb35b5f5e | 2.0.16 | FF1008 | https://cwe.mitre.org/data/definitions/120.html | ||
36 | test.c | 58 | 3 | 1 | 1 | buffer | _tcsncpy | Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). | CWE-120 | _tcsncpy(d,s); | 691fabd4ca960a00e4c538eee0187ee0fdf59bd43dd71e792c14175150369b8b | 2.0.16 | FF1009 | https://cwe.mitre.org/data/definitions/120.html | ||
37 | test.c | 59 | 3 | 1 | 1 | buffer | strncat | Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). | Consider strcat_s, strlcat, snprintf, or automatically resizing strings. | CWE-120 | strncat(d,s,10); | dd92f996a554bfbc038bea27640ba25dcf298383140a8330dca7cdacf493a701 | 2.0.16 | FF1010 | https://cwe.mitre.org/data/definitions/120.html | |
38 | test.c | 62 | 7 | 1 | 1 | buffer | strlen | Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). | CWE-126 | n = strlen(d); | db7201c7df7f543ea76febb060bda167e414e71e3d18095fe1def69f8c47a4f6 | 2.0.16 | FF1022 | https://cwe.mitre.org/data/definitions/126.html | ||
39 | test.c | 68 | 3 | 2 | 1 | buffer | MultiByteToWideChar | Requires maximum length in CHARACTERS, not bytes (CWE-120). | Risk is very low, the length appears to be in characters not bytes. | CWE-120 | MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0])); | 1813fc329227b38abae867d8023a9e29c7517d679fe55c86f8300dde681b6470 | 2.0.16 | FF1023 | https://cwe.mitre.org/data/definitions/120.html | |
40 | test.c | 70 | 3 | 2 | 1 | buffer | MultiByteToWideChar | Requires maximum length in CHARACTERS, not bytes (CWE-120). | Risk is very low, the length appears to be in characters not bytes. | CWE-120 | MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0])); | 7c6cdcb10ad3a16b8bfd56e3dac84829f9bc3e39d4dde74a2be9bbe000102fc5 | 2.0.16 | FF1023 | https://cwe.mitre.org/data/definitions/120.html |