mirror of
https://github.com/kuhyx/testsAndMisc.git
synced 2026-07-04 12:03:11 +02:00
628 lines
38 KiB
Plaintext
628 lines
38 KiB
Plaintext
Flawfinder version 2.0.19, (C) 2001-2019 David A. Wheeler.
|
|
Number of rules (primarily dangerous function names) in C/C++ ruleset: 222
|
|
./1dvelocitysimulator/main.c:16:5: [4] (shell) system:
|
|
This causes a new program to execute and is difficult to use safely
|
|
(CWE-78). try using a library call that implements the same functionality
|
|
if available.
|
|
./1dvelocitysimulator/main.c:22:5: [4] (shell) system:
|
|
This causes a new program to execute and is difficult to use safely
|
|
(CWE-78). try using a library call that implements the same functionality
|
|
if available.
|
|
./1dvelocitysimulator/main.c:27:5: [4] (shell) system:
|
|
This causes a new program to execute and is difficult to use safely
|
|
(CWE-78). try using a library call that implements the same functionality
|
|
if available.
|
|
./lichess_random_engine/movegen.c:35:20: [4] (buffer) strcpy:
|
|
Does not check for buffer overflows when copying to destination [MS-banned]
|
|
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
|
|
easily misused).
|
|
./opening_learner/engine.c:21:9: [4] (shell) execlp:
|
|
This causes a new program to execute and is difficult to use safely
|
|
(CWE-78). try using a library call that implements the same functionality
|
|
if available.
|
|
./scrapeWebsite/scrape.c:49:8: [4] (race) access:
|
|
This usually indicates a security flaw. If an attacker can change anything
|
|
along the path between the call to access() and the file's actual use
|
|
(e.g., by moving files), the attacker can exploit the race condition
|
|
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
|
|
and try to open the file directly.
|
|
./fps/main.c:521:2: [3] (random) srand:
|
|
This function is not sufficiently random for security-related functions
|
|
such as key and nonce creation (CWE-327). Use a more secure technique for
|
|
acquiring random values.
|
|
./lichess_random_engine/main.c:112:2: [3] (random) srand:
|
|
This function is not sufficiently random for security-related functions
|
|
such as key and nonce creation (CWE-327). Use a more secure technique for
|
|
acquiring random values.
|
|
./lichess_random_engine/micro_max.c:228:52: [3] (random) srand:
|
|
This function is not sufficiently random for security-related functions
|
|
such as key and nonce creation (CWE-327). Use a more secure technique for
|
|
acquiring random values.
|
|
./misc/randomJPG/generate_images.c:257:5: [3] (random) srand:
|
|
This function is not sufficiently random for security-related functions
|
|
such as key and nonce creation (CWE-327). Use a more secure technique for
|
|
acquiring random values.
|
|
./misc/randomJPG/generate_jpg.c:208:5: [3] (random) srand:
|
|
This function is not sufficiently random for security-related functions
|
|
such as key and nonce creation (CWE-327). Use a more secure technique for
|
|
acquiring random values.
|
|
./opening_learner/main.c:49:2: [3] (random) srand:
|
|
This function is not sufficiently random for security-related functions
|
|
such as key and nonce creation (CWE-327). Use a more secure technique for
|
|
acquiring random values.
|
|
./fps/main.c:338:3: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:26:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:34:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:87:5: [2] (buffer) memcpy:
|
|
Does not check for buffer overflows when copying to destination (CWE-120).
|
|
Make sure destination can always hold the source data.
|
|
./imageViewer/main.c:416:17: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:447:17: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:475:17: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:553:17: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:585:17: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:614:17: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:689:12: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:1137:9: [2] (buffer) memcpy:
|
|
Does not check for buffer overflows when copying to destination (CWE-120).
|
|
Make sure destination can always hold the source data.
|
|
./imageViewer/main.c:1181:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:1188:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:1200:9: [2] (buffer) strcpy:
|
|
Does not check for buffer overflows when copying to destination [MS-banned]
|
|
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
|
|
easily misused). Risk is low because the source is a constant string.
|
|
./imageViewer/main.c:1207:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./imageViewer/main.c:1208:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./lichess_random_engine/micro_max.c:15:6: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./lichess_random_engine/micro_max.c:179:6: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./lichess_random_engine/movegen.c:35:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./lichess_random_engine/movegen.c:36:5: [2] (buffer) strcat:
|
|
Does not check for buffer overflows when concatenating to destination
|
|
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
|
|
snprintf (warning: strncat is easily misused). Risk is low because the
|
|
source is a constant string.
|
|
./lichess_random_engine/perft.c:38:21: [2] (integer) atoi:
|
|
Unless checked, the resulting number can exceed the expected range
|
|
(CWE-190). If source untrusted, check both minimum and maximum, even if the
|
|
input had no minus sign (large numbers can roll over into negative number;
|
|
consider saving to an unsigned value if that is intended).
|
|
./lichess_random_engine/perft.c:46:17: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./lichess_random_engine/perft.c:53:36: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./misc/randomJPG/generate_images.c:106:21: [2] (misc) fopen:
|
|
Check when opening files - can an attacker redirect it (via symlinks),
|
|
force the opening of special file type (e.g., device files), move things
|
|
around to create a race condition, control its ancestors, or change its
|
|
contents? (CWE-362).
|
|
./misc/randomJPG/generate_images.c:117:21: [2] (misc) fopen:
|
|
Check when opening files - can an attacker redirect it (via symlinks),
|
|
force the opening of special file type (e.g., device files), move things
|
|
around to create a race condition, control its ancestors, or change its
|
|
contents? (CWE-362).
|
|
./misc/randomJPG/generate_images.c:121:14: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./misc/randomJPG/generate_images.c:124:14: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./misc/randomJPG/generate_images.c:163:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./misc/randomJPG/generate_images.c:234:33: [2] (integer) atoi:
|
|
Unless checked, the resulting number can exceed the expected range
|
|
(CWE-190). If source untrusted, check both minimum and maximum, even if the
|
|
input had no minus sign (large numbers can roll over into negative number;
|
|
consider saving to an unsigned value if that is intended).
|
|
./misc/randomJPG/generate_images.c:235:27: [2] (integer) atoi:
|
|
Unless checked, the resulting number can exceed the expected range
|
|
(CWE-190). If source untrusted, check both minimum and maximum, even if the
|
|
input had no minus sign (large numbers can roll over into negative number;
|
|
consider saving to an unsigned value if that is intended).
|
|
./misc/randomJPG/generate_images.c:236:33: [2] (integer) atoi:
|
|
Unless checked, the resulting number can exceed the expected range
|
|
(CWE-190). If source untrusted, check both minimum and maximum, even if the
|
|
input had no minus sign (large numbers can roll over into negative number;
|
|
consider saving to an unsigned value if that is intended).
|
|
./misc/randomJPG/generate_images.c:237:30: [2] (integer) atoi:
|
|
Unless checked, the resulting number can exceed the expected range
|
|
(CWE-190). If source untrusted, check both minimum and maximum, even if the
|
|
input had no minus sign (large numbers can roll over into negative number;
|
|
consider saving to an unsigned value if that is intended).
|
|
./misc/randomJPG/generate_images.c:273:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./misc/randomJPG/generate_jpg.c:106:21: [2] (misc) fopen:
|
|
Check when opening files - can an attacker redirect it (via symlinks),
|
|
force the opening of special file type (e.g., device files), move things
|
|
around to create a race condition, control its ancestors, or change its
|
|
contents? (CWE-362).
|
|
./misc/randomJPG/generate_jpg.c:124:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./misc/randomJPG/generate_jpg.c:186:33: [2] (integer) atoi:
|
|
Unless checked, the resulting number can exceed the expected range
|
|
(CWE-190). If source untrusted, check both minimum and maximum, even if the
|
|
input had no minus sign (large numbers can roll over into negative number;
|
|
consider saving to an unsigned value if that is intended).
|
|
./misc/randomJPG/generate_jpg.c:187:27: [2] (integer) atoi:
|
|
Unless checked, the resulting number can exceed the expected range
|
|
(CWE-190). If source untrusted, check both minimum and maximum, even if the
|
|
input had no minus sign (large numbers can roll over into negative number;
|
|
consider saving to an unsigned value if that is intended).
|
|
./misc/randomJPG/generate_jpg.c:188:33: [2] (integer) atoi:
|
|
Unless checked, the resulting number can exceed the expected range
|
|
(CWE-190). If source untrusted, check both minimum and maximum, even if the
|
|
input had no minus sign (large numbers can roll over into negative number;
|
|
consider saving to an unsigned value if that is intended).
|
|
./misc/randomJPG/generate_jpg.c:189:30: [2] (integer) atoi:
|
|
Unless checked, the resulting number can exceed the expected range
|
|
(CWE-190). If source untrusted, check both minimum and maximum, even if the
|
|
input had no minus sign (large numbers can roll over into negative number;
|
|
consider saving to an unsigned value if that is intended).
|
|
./misc/randomJPG/generate_jpg.c:224:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/chess.c:253:33: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/chess.c:270:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/chess.h:11:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/chess.h:48:33: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/engine.c:36:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/engine.c:82:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/engine.c:88:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/engine.c:90:41: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/engine.c:92:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/engine.c:104:31: [2] (integer) atoi:
|
|
Unless checked, the resulting number can exceed the expected range
|
|
(CWE-190). If source untrusted, check both minimum and maximum, even if the
|
|
input had no minus sign (large numbers can roll over into negative number;
|
|
consider saving to an unsigned value if that is intended).
|
|
./opening_learner/engine.c:105:66: [2] (integer) atoi:
|
|
Unless checked, the resulting number can exceed the expected range
|
|
(CWE-190). If source untrusted, check both minimum and maximum, even if the
|
|
input had no minus sign (large numbers can roll over into negative number;
|
|
consider saving to an unsigned value if that is intended).
|
|
./opening_learner/engine.c:106:25: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/engine.c:124:59: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/engine.c:126:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/engine.c:128:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/engine.h:11:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/engine.h:32:59: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/gui.c:73:29: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/gui.h:24:29: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/main.c:29:2: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/main.c:36:38: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/main.c:77:2: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/main.c:79:2: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/main.c:83:2: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/main.c:95:4: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/main.c:99:4: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/main.c:103:6: [2] (buffer) memcpy:
|
|
Does not check for buffer overflows when copying to destination (CWE-120).
|
|
Make sure destination can always hold the source data.
|
|
./opening_learner/main.c:136:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/main.c:155:4: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/main.c:164:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/mistakes.c:32:15: [2] (misc) fopen:
|
|
Check when opening files - can an attacker redirect it (via symlinks),
|
|
force the opening of special file type (e.g., device files), move things
|
|
around to create a race condition, control its ancestors, or change its
|
|
contents? (CWE-362).
|
|
./opening_learner/mistakes.c:42:15: [2] (misc) fopen:
|
|
Check when opening files - can an attacker redirect it (via symlinks),
|
|
force the opening of special file type (e.g., device files), move things
|
|
around to create a race condition, control its ancestors, or change its
|
|
contents? (CWE-362).
|
|
./opening_learner/mistakes.c:44:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/mistakes.c:44:21: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/mistakes.c:44:41: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/mistakes.c:44:61: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/mistakes.c:49:13: [2] (buffer) memcpy:
|
|
Does not check for buffer overflows when copying to destination (CWE-120).
|
|
Make sure destination can always hold the source data.
|
|
./opening_learner/mistakes.c:53:13: [2] (buffer) memcpy:
|
|
Does not check for buffer overflows when copying to destination (CWE-120).
|
|
Make sure destination can always hold the source data.
|
|
./opening_learner/mistakes.c:57:13: [2] (buffer) memcpy:
|
|
Does not check for buffer overflows when copying to destination (CWE-120).
|
|
Make sure destination can always hold the source data.
|
|
./opening_learner/mistakes.h:10:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/mistakes.h:11:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./opening_learner/mistakes.h:13:5: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./scrapeWebsite/scrape.c:28:5: [2] (buffer) memcpy:
|
|
Does not check for buffer overflows when copying to destination (CWE-120).
|
|
Make sure destination can always hold the source data.
|
|
./scrapeWebsite/scrape.c:56:20: [2] (misc) fopen:
|
|
Check when opening files - can an attacker redirect it (via symlinks),
|
|
force the opening of special file type (e.g., device files), move things
|
|
around to create a race condition, control its ancestors, or change its
|
|
contents? (CWE-362).
|
|
./websocketServer/main.c:22:22: [2] (buffer) char:
|
|
Statically-sized arrays can be improperly restricted, leading to potential
|
|
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
|
|
functions that limit length, or ensure that the size is larger than the
|
|
maximum possible length.
|
|
./websocketServer/main.c:24:13: [2] (buffer) memcpy:
|
|
Does not check for buffer overflows when copying to destination (CWE-120).
|
|
Make sure destination can always hold the source data.
|
|
./fps/main.c:345:22: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./fps/main.c:346:22: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./fps/main.c:347:22: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:233:27: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:404:27: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:453:49: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:455:43: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:476:31: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:477:31: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:493:33: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:494:33: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:592:49: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:594:43: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:615:31: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:616:31: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:632:33: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:633:33: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:1182:18: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./imageViewer/main.c:1191:23: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./lichess_random_engine/micro_max.c:163:18: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./lichess_random_engine/micro_max.c:241:11: [1] (buffer) strncpy:
|
|
Easily used incorrectly; doesn't always \0-terminate or check for invalid
|
|
pointers [MS-banned] (CWE-120).
|
|
./lichess_random_engine/movegen.c:428:18: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./lichess_random_engine/movegen.c:439:25: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./opening_learner/chess.c:261:15: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./opening_learner/engine.c:38:9: [1] (obsolete) usleep:
|
|
This C routine is considered obsolete (as opposed to the shell command by
|
|
the same name). The interaction of this function with SIGALRM and other
|
|
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
|
|
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
|
|
./opening_learner/engine.c:39:21: [1] (buffer) read:
|
|
Check buffer boundaries if used in a loop including recursive loops
|
|
(CWE-120, CWE-20).
|
|
./opening_learner/engine.c:49:9: [1] (obsolete) usleep:
|
|
This C routine is considered obsolete (as opposed to the shell command by
|
|
the same name). The interaction of this function with SIGALRM and other
|
|
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
|
|
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
|
|
./opening_learner/engine.c:50:21: [1] (buffer) read:
|
|
Check buffer boundaries if used in a loop including recursive loops
|
|
(CWE-120, CWE-20).
|
|
./opening_learner/engine.c:72:18: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
./opening_learner/engine.c:94:9: [1] (obsolete) usleep:
|
|
This C routine is considered obsolete (as opposed to the shell command by
|
|
the same name). The interaction of this function with SIGALRM and other
|
|
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
|
|
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
|
|
./opening_learner/engine.c:95:17: [1] (buffer) read:
|
|
Check buffer boundaries if used in a loop including recursive loops
|
|
(CWE-120, CWE-20).
|
|
./opening_learner/engine.c:107:25: [1] (buffer) sscanf:
|
|
It's unclear if the %s limit in the format string is small enough
|
|
(CWE-120). Check that the limit is sufficiently small, or use a different
|
|
input function.
|
|
./opening_learner/engine.c:130:9: [1] (obsolete) usleep:
|
|
This C routine is considered obsolete (as opposed to the shell command by
|
|
the same name). The interaction of this function with SIGALRM and other
|
|
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
|
|
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
|
|
./opening_learner/engine.c:131:17: [1] (buffer) read:
|
|
Check buffer boundaries if used in a loop including recursive loops
|
|
(CWE-120, CWE-20).
|
|
./opening_learner/engine.c:136:52: [1] (buffer) sscanf:
|
|
It's unclear if the %s limit in the format string is small enough
|
|
(CWE-120). Check that the limit is sufficiently small, or use a different
|
|
input function.
|
|
./opening_learner/main.c:23:15: [1] (buffer) strncat:
|
|
Easily used incorrectly (e.g., incorrectly computing the correct maximum
|
|
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
|
|
or automatically resizing strings. Risk is low because the source is a
|
|
constant character.
|
|
./opening_learner/main.c:24:2: [1] (buffer) strncat:
|
|
Easily used incorrectly (e.g., incorrectly computing the correct maximum
|
|
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
|
|
or automatically resizing strings.
|
|
./opening_learner/main.c:36:73: [1] (buffer) strncpy:
|
|
Easily used incorrectly; doesn't always \0-terminate or check for invalid
|
|
pointers [MS-banned] (CWE-120).
|
|
./opening_learner/main.c:100:30: [1] (buffer) strncpy:
|
|
Easily used incorrectly; doesn't always \0-terminate or check for invalid
|
|
pointers [MS-banned] (CWE-120).
|
|
./opening_learner/main.c:140:5: [1] (buffer) strncpy:
|
|
Easily used incorrectly; doesn't always \0-terminate or check for invalid
|
|
pointers [MS-banned] (CWE-120).
|
|
./websocketServer/main.c:23:30: [1] (buffer) strlen:
|
|
Does not handle strings that are not \0-terminated; if given one it may
|
|
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|
|
|
|
ANALYSIS SUMMARY:
|
|
|
|
Hits = 140
|
|
Lines analyzed = 5027 in approximately 0.26 seconds (19578 lines/second)
|
|
Physical Source Lines of Code (SLOC) = 4111
|
|
Hits@level = [0] 208 [1] 41 [2] 87 [3] 6 [4] 6 [5] 0
|
|
Hits@level+ = [0+] 348 [1+] 140 [2+] 99 [3+] 12 [4+] 6 [5+] 0
|
|
Hits/KSLOC@level+ = [0+] 84.6509 [1+] 34.055 [2+] 24.0817 [3+] 2.919 [4+] 1.4595 [5+] 0
|
|
Dot directories skipped = 1 (--followdotdir overrides)
|
|
Minimum risk level = 1
|
|
|
|
Not every hit is necessarily a security vulnerability.
|
|
You can inhibit a report by adding a comment in this form:
|
|
// flawfinder: ignore
|
|
Make *sure* it's a false positive!
|
|
You can use the option --neverignore to show these.
|
|
|
|
There may be other security vulnerabilities; review your code!
|
|
See 'Secure Programming HOWTO'
|
|
(https://dwheeler.com/secure-programs) for more information.
|