$ flawfinder -m0 *
back_end_src/encryption_pipeline.cpp:26: 2 char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
back_end_src/file_helper.cpp:32: 2 fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
back_end_src/file_helper.cpp:54: 2 fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
back_end_src/packet_composer.cpp:1075: 2 memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
back_end_src/win_file_reader.cpp:34: 2 MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
back_end_src/win_file_reader.cpp:40: 2 MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
back_end_src/win_file_reader.cpp:68: 2 wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
qt_ui/application.cpp:57: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/main.cpp:49: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.cpp:111: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.cpp:145: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.cpp:406: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.cpp:439: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.cpp:441: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.cpp:626: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.h:70: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qt_ui/mainwindow.h:74: 2 open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tests/key_generation_tests.cpp:30: 2 char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
back_end_src/encryption_pipeline.cpp:29: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
back_end_src/encryption_pipeline.cpp:62: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
back_end_src/encryptor.cpp:63: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
back_end_src/encryptor.cpp:234: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
back_end_src/encryptor.cpp:355: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
back_end_src/encryptor.cpp:487: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
back_end_src/packet_composer.cpp:428: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
back_end_src/packet_composer.cpp:813: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
back_end_src/packet_composer.cpp:824: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
back_end_src/packet_composer.cpp:923: 1 read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
back_end_src/packet_stream.h:304: 1 fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cli/get_password.cpp:83: 1 getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tests/packet_stream_tests.cpp:42: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests/packet_stream_tests.cpp:85: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests/packet_stream_tests.cpp:123: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests/packet_stream_tests.cpp:185: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests/packet_stream_tests.cpp:205: 1 strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
back_end_src/packet_stream.h:309: 0 fread:
Function accepts input from outside program (CWE-20). Make sure input data
is filtered, especially if an attacker could manipulate it.
Not every hit is necessarily a security vulnerability.