(lp0
ccopy_reg
_reconstructor
p1
(c__main__
Hit
p2
c__builtin__
object
p3
Ntp4
Rp5
(dp6
S'category'
p7
S'buffer'
p8
sS'filename'
p9
S'test.c'
p10
sS'end'
p11
I692
sS'name'
p12
S'gets'
p13
sS'parameters'
p14
(lp15
S''
p16
aS'f'
p17
asS'level'
p18
I5
sS'url'
p19
g16
sS'ruleid'
p20
S'FF1014'
p21
sS'column'
p22
I2
sS'context_text'
p23
S' gets(f);'
p24
sS'hook'
p25
c__main__
normal
p26
sS'warning'
p27
S'Does not check for buffer overflows (CWE-120, CWE-20)'
p28
sS'suggestion'
p29
S'Use fgets() instead'
p30
sS'input'
p31
I1
sS'line'
p32
I32
sS'defaultlevel'
p33
I5
sS'start'
p34
I688
sbag1
(g2
g3
Ntp35
Rp36
(dp37
g7
g8
sg9
g10
sg11
I1462
sg12
S'strncat'
p38
sg14
(lp39
g16
aS'd'
p40
aS's'
p41
aS'sizeof(d)'
p42
asg18
I5
sg19
g16
sg20
S'FF1010'
p43
sg22
I3
sg23
S'  strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */'
p44
sS'note'
p45
S'Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left.'
p46
sg25
c__main__
c_strncat
p47
sg27
S'Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120)'
p48
sg29
S'Consider strcat_s, strlcat, snprintf, or automatically resizing strings'
p49
sg32
I60
sg33
I1
sg34
I1455
sbag1
(g2
g3
Ntp50
Rp51
(dp52
g7
g8
sg9
g10
sg11
I1539
sg12
S'_tcsncat'
p53
sg14
(lp54
g16
aS'd'
p55
aS's'
p56
aS'sizeof(d)'
p57
asg18
I5
sg19
g16
sg20
S'FF1011'
p58
sg22
I3
sg23
S'  _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */'
p59
sg45
g46
sg25
g47
sg27
g48
sg29
S'Consider strcat_s, strlcat, or automatically resizing strings'
p60
sg32
I61
sg33
I1
sg34
I1531
sbag1
(g2
g3
Ntp61
Rp62
(dp63
g7
g8
sg9
g10
sg11
I1680
sg12
S'MultiByteToWideChar'
p64
sg14
(lp65
g16
aS'CP_ACP'
p66
aS'0'
p67
aS'szName'
p68
aS'-1'
p69
aS'wszUserName'
p70
aS'sizeof(wszUserName)'
p71
asg18
I5
sg19
g16
sg20
S'FF1023'
p72
sg22
I3
sg23
S'  MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));'
p73
sg45
S'Risk is high, it appears that the size is given as bytes, but the function requires size as characters.'
p74
sg25
c__main__
c_multi_byte_to_wide_char
p75
sg27
S'Requires maximum length in CHARACTERS, not bytes (CWE-120)'
p76
sg29
g16
sg32
I64
sg33
I2
sg34
I1661
sbag1
(g2
g3
Ntp77
Rp78
(dp79
g7
g8
sg9
g10
sg11
I1815
sg12
S'MultiByteToWideChar'
p80
sg14
(lp81
g16
aS'CP_ACP'
p82
aS'0'
p83
aS'szName'
p84
aS'-1'
p85
aS'wszUserName'
p86
aS'sizeof wszUserName'
p87
asg18
I5
sg19
g16
sg20
g72
sg22
I3
sg23
S'  MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName);'
p88
sg45
g74
sg25
g75
sg27
g76
sg29
g16
sg32
I66
sg33
I2
sg34
I1796
sbag1
(g2
g3
Ntp89
Rp90
(dp91
g7
S'misc'
p92
sg9
g10
sg11
I2533
sg12
S'SetSecurityDescriptorDacl'
p93
sg14
(lp94
g16
aS'&sd'
p95
aS'TRUE'
p96
aS'NULL'
p97
aS'FALSE'
p98
asg18
I5
sg19
g16
sg20
S'FF1060'
p99
sg22
I3
sg34
I2508
sg23
S'  SetSecurityDescriptorDacl(&sd,TRUE,NULL,FALSE);'
p100
sg25
c__main__
c_hit_if_null
p101
sg27
S'Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732)'
p102
sg29
g16
sg32
I77
sg33
I5
sS'check_for_null'
p103
I3
sbag90
ag1
(g2
g3
Ntp104
Rp105
(dp106
g7
g8
sg9
g10
sg11
I372
sg12
S'strcpy'
p107
sg14
(lp108
g16
aS'b'
p109
aS'a'
p110
asg18
I4
sg19
g16
sg20
S'FF1001'
p111
sg22
I2
sg23
S' strcpy(b, a);'
p112
sg25
c__main__
c_buffer
p113
sg27
S'Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120)'
p114
sg29
S'Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)'
p115
sg32
I17
sg33
I4
sg34
I366
sbag1
(g2
g3
Ntp116
Rp117
(dp118
g7
g8
sg9
g10
sg11
I429
sg12
S'sprintf'
p119
sg14
(lp120
g16
aS's'
p121
aS'"hello %s"'
p122
aS'bug'
p123
asg18
I4
sg19
g16
sg20
S'FF1015'
p124
sg22
I2
sg23
S' sprintf(s, "hello %s", bug);'
p125
sg25
c__main__
c_sprintf
p126
sg27
S'Does not check for buffer overflows (CWE-120)'
p127
sg29
S'Use sprintf_s, snprintf, or vsnprintf'
p128
sg32
I20
sg33
I4
sg34
I422
sbag1
(g2
g3
Ntp129
Rp130
(dp131
g7
g8
sg9
g10
sg11
I459
sg12
S'sprintf'
p132
sg14
(lp133
g16
aS's'
p134
aS'gettext("hello %s")'
p135
aS'bug'
p136
asg18
I4
sg19
g16
sg20
g124
sg22
I2
sg23
S' sprintf(s, gettext("hello %s"), bug);'
p137
sg25
g126
sg27
g127
sg29
g128
sg32
I21
sg33
I4
sg34
I452
sbag1
(g2
g3
Ntp138
Rp139
(dp140
g7
S'format'
p141
sg9
g10
sg11
I498
sg12
S'sprintf'
p142
sg14
(lp143
g16
aS's'
p144
aS'unknown'
p145
aS'bug'
p146
asg18
I4
sg19
g16
sg20
g124
sg22
I2
sg23
S' sprintf(s, unknown, bug);'
p147
sg25
g126
sg27
S'Potential format string problem (CWE-134)'
p148
sg29
S'Make format string constant'
p149
sg32
I22
sg33
I4
sg34
I491
sbag1
(g2
g3
Ntp150
Rp151
(dp152
g7
g141
sg9
g10
sg11
I524
sg12
S'printf'
p153
sg14
(lp154
g16
aS'bf'
p155
aS'x'
p156
asg18
I4
sg19
g16
sg20
S'FF1016'
p157
sg22
I2
sg23
S' printf(bf, x);'
p158
sg25
c__main__
c_printf
p159
sg27
S'If format strings can be influenced by an attacker, they can be exploited (CWE-134)'
p160
sg29
S'Use a constant for the format specification'
p161
sg32
I23
sg33
I4
sg34
I518
sbag1
(g2
g3
Ntp162
Rp163
(dp164
g7
g8
sg9
g10
sg11
I557
sg12
S'scanf'
p165
sg14
(lp166
g16
aS'"%s"'
p167
aS's'
p168
asg18
I4
sg19
g16
sg20
S'FF1020'
p169
sg22
I2
sg23
S' scanf("%s", s);'
p170
sg25
c__main__
c_scanf
p171
sg27
S"The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20)"
p172
sg29
S'Specify a limit to %s, or use a different input function'
p173
sg31
I1
sg32
I25
sg33
I4
sg34
I552
sbag1
(g2
g3
Ntp174
Rp175
(dp176
g7
g8
sg9
g10
sg11
I593
sg12
S'scanf'
p177
sg14
(lp178
g16
aS'"%s"'
p179
ag168
asg18
I4
sg19
g16
sg20
g169
sg22
I2
sg23
S' scanf("%s", s);'
p180
sg25
g171
sg27
g172
sg29
g173
sg31
I1
sg32
I27
sg33
I4
sg34
I588
sbag1
(g2
g3
Ntp181
Rp182
(dp183
g7
g141
sg9
g10
sg11
I997
sg12
S'syslog'
p184
sg14
(lp185
g16
aS'LOG_ERR'
p186
aS'attacker_string'
p187
asg18
I4
sg19
g16
sg20
S'FF1018'
p188
sg22
I2
sg23
S' syslog(LOG_ERR, attacker_string);'
p189
sg25
g159
sS'format_position'
p190
I2
sg27
S"If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134)"
p191
sg29
S'Use a constant format string for syslog'
p192
sg32
I38
sg33
I4
sg34
I991
sbag1
(g2
g3
Ntp193
Rp194
(dp195
g7
g8
sg9
g10
sg11
I1088
sg12
S'_mbscpy'
p196
sg14
(lp197
g16
aS'd'
p198
aS's'
p199
asg18
I4
sg19
g16
sg20
S'FF1003'
p200
sg22
I3
sg23
S"  _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */"
p201
sg25
g113
sg27
g114
sg29
S'Consider using a function version that stops copying at the end of the buffer'
p202
sg32
I49
sg33
I4
sg34
I1081
sbag1
(g2
g3
Ntp203
Rp204
(dp205
g7
g8
sg9
g10
sg11
I1394
sg12
S'lstrcat'
p206
sg14
(lp207
g16
aS'd'
p208
aS's'
p209
asg18
I4
sg19
g16
sg20
S'FF1006'
p210
sg22
I3
sg23
S'  lstrcat(d,s);'
p211
sg25
g113
sg27
S'Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120)'
p212
sg29
g16
sg32
I56
sg33
I4
sg34
I1387
sbag1
(g2
g3
Ntp213
Rp214
(dp215
g7
S'shell'
p216
sg9
g10
sg11
I2634
sg12
S'CreateProcess'
p217
sg14
(lp218
g16
aS'NULL'
p219
aS'"C:\\\\Program Files\\\\GoodGuy\\\\GoodGuy.exe -x"'
p220
aS'""'
p221
asg18
I3
sg19
g16
sg20
S'FF1046'
p222
sg22
I3
sg34
I2621
sg23
S'  CreateProcess(NULL, "C:\\\\Program Files\\\\GoodGuy\\\\GoodGuy.exe -x", "");'
p223
sg25
g101
sg27
S'This causes a new process to execute and is difficult to use safely (CWE-78)'
p224
sg29
S'Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run'
p225
sg32
I79
sg33
I3
sg103
I1
sbag214
ag1
(g2
g3
Ntp226
Rp227
(dp228
g7
g92
sg9
g10
sg11
I2759
sg12
S'LoadLibraryEx'
p229
sg14
(lp230
g16
aS'L"user32.dll"'
p231
aS'nullptr'
p232
aS'LOAD_LIBRARY_AS_DATAFILE'
p233
asg18
I3
sg19
g16
sg20
S'FF1059'
p234
sg22
I10
sg23
S'  (void) LoadLibraryEx(L"user32.dll", nullptr, LOAD_LIBRARY_AS_DATAFILE);'
p235
sg25
c__main__
load_library_ex
p236
sg27
S'Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20)'
p237
sg29
S'Use a flag like LOAD_LIBRARY_SEARCH_SYSTEM32 or LOAD_LIBRARY_SEARCH_APPLICATION_DIR to search only desired folders'
p238
sg31
I1
sg32
I81
sg33
I3
sg34
I2746
sbag1
(g2
g3
Ntp239
Rp240
(dp241
g7
g8
sg9
g10
sg11
I3361
sg12
S'getopt_long'
p242
sg14
(lp243
g16
aS'argc'
p244
aS'argv'
p245
aS'"a"'
p246
aS'longopts'
p247
aS'NULL'
p248
asg18
I3
sg19
S'dangers-c'
p249
sg20
S'FF1027'
p250
sg22
I20
sg23
S'    while ((optc = getopt_long (argc, argv, "a",longopts, NULL )) != EOF) {'
p251
sg25
g26
sg27
S'Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20)'
p252
sg29
S'Check implementation on installation, or limit the size of all string inputs'
p253
sg31
I1
sg32
I99
sg33
I3
sg34
I3350
sbag1
(g2
g3
Ntp254
Rp255
(dp256
g7
g8
sg9
g10
sg11
I318
sg12
S'strcpy'
p257
sg14
(lp258
g16
aS'a'
p259
aS'gettext("Hello there")'
p260
asg18
I2
sg19
g16
sg20
g111
sg22
I2
sg23
S' strcpy(a, gettext("Hello there")); // Did this work?'
p261
sg45
S'Risk is low because the source is a constant string.'
p262
sg25
g113
sg27
g114
sg29
g115
sg32
I16
sg33
I4
sg34
I312
sbag1
(g2
g3
Ntp263
Rp264
(dp265
g7
g8
sg9
g10
sg11
I407
sg12
S'sprintf'
p266
sg14
(lp267
g16
aS's'
p268
aS'"hello"'
p269
asg18
I2
sg19
g16
sg20
g124
sg22
I2
sg23
S' sprintf(s, "hello");'
p270
sg45
S'Risk is low because the source has a constant maximum length.'
p271
sg25
g126
sg27
g127
sg29
g128
sg32
I19
sg33
I4
sg34
I400
sbag1
(g2
g3
Ntp272
Rp273
(dp274
g7
g8
sg9
g10
sg11
I1047
sg12
S'char'
p275
sg14
(lp276
sg18
I2
sg19
g16
sS'lookahead'
p277
S"char d[20];\n  char s[20];\n  int n;\n\n  _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */\n  memcpy(d,s); // fail - no size\n  memcpy(d, s, sizeof(d)); // pass\n  memcpy(& n, s, sizeof( n )); // pass\n  memcpy(&n,s,sizeof(s)); // fail - sizeof not of destination\n  memcpy(d,s,n); // fail - size unguessable\n  CopyMemory(d,s);\n  lstrcat(d,s);\n  strncpy(d,s);\n  _tcsncpy(d,s);\n  strncat(d,s,10);\n  strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */\n  _tcsncat(d,s"
p278
sg20
S'FF1013'
p279
sg22
I3
sg23
S'  char d[20];'
p280
sg25
c__main__
c_static_array
p281
sg27
S'Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120)'
p282
sg29
S'Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length'
p283
sg32
I45
sg33
I2
sg34
I1043
sS'extract_lookahead'
p284
I1
sbag1
(g2
g3
Ntp285
Rp286
(dp287
g7
g8
sg9
g10
sg11
I1061
sg12
S'char'
p288
sg14
(lp289
sg18
I2
sg19
g16
sg277
S"char s[20];\n  int n;\n\n  _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */\n  memcpy(d,s); // fail - no size\n  memcpy(d, s, sizeof(d)); // pass\n  memcpy(& n, s, sizeof( n )); // pass\n  memcpy(&n,s,sizeof(s)); // fail - sizeof not of destination\n  memcpy(d,s,n); // fail - size unguessable\n  CopyMemory(d,s);\n  lstrcat(d,s);\n  strncpy(d,s);\n  _tcsncpy(d,s);\n  strncat(d,s,10);\n  strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */\n  _tcsncat(d,s,sizeof(d)); /"
p290
sg20
g279
sg22
I3
sg23
S'  char s[20];'
p291
sg25
g281
sg27
g282
sg29
g283
sg32
I46
sg33
I2
sg34
I1057
sg284
I1
sbag1
(g2
g3
Ntp292
Rp293
(dp294
g7
g8
sg9
g10
sg11
I1161
sg12
S'memcpy'
p295
sg14
(lp296
g16
aS'd'
p297
aS's'
p298
asg18
I2
sg19
g16
sg20
S'FF1004'
p299
sg22
I3
sg23
S'  memcpy(d,s); // fail - no size'
p300
sg25
c__main__
c_memcpy
p301
sg27
S'Does not check for buffer overflows when copying to destination (CWE-120)'
p302
sg29
S'Make sure destination can always hold the source data'
p303
sg32
I50
sg33
I2
sg34
I1155
sbag1
(g2
g3
Ntp304
Rp305
(dp306
g7
g8
sg9
g10
sg11
I1268
sg12
S'memcpy'
p307
sg14
(lp308
g16
aS'&n'
p309
aS's'
p310
aS'sizeof(s)'
p311
asg18
I2
sg19
g16
sg20
g299
sg22
I3
sg23
S'  memcpy(&n,s,sizeof(s)); // fail - sizeof not of destination'
p312
sg25
g301
sg27
g302
sg29
g303
sg32
I53
sg33
I2
sg34
I1262
sbag1
(g2
g3
Ntp313
Rp314
(dp315
g7
g8
sg9
g10
sg11
I1330
sg12
S'memcpy'
p316
sg14
(lp317
g16
aS'd'
p318
aS's'
p319
aS'n'
p320
asg18
I2
sg19
g16
sg20
g299
sg22
I3
sg23
S'  memcpy(d,s,n); // fail - size unguessable'
p321
sg25
g301
sg27
g302
sg29
g303
sg32
I54
sg33
I2
sg34
I1324
sbag1
(g2
g3
Ntp322
Rp323
(dp324
g7
g8
sg9
g10
sg11
I1378
sg12
S'CopyMemory'
p325
sg14
(lp326
g16
aS'd'
p327
aS's'
p328
asg18
I2
sg19
g16
sg20
g299
sg22
I3
sg23
S'  CopyMemory(d,s);'
p329
sg25
g301
sg27
g302
sg29
g303
sg32
I55
sg33
I2
sg34
I1368
sbag1
(g2
g3
Ntp330
Rp331
(dp332
g7
g92
sg9
g10
sg11
I3455
sg12
S'fopen'
p333
sg14
(lp334
g16
aS'"/etc/passwd"'
p335
aS'"r"'
p336
asg18
I2
sg19
g16
sg20
S'FF1040'
p337
sg22
I7
sg23
S'  f = fopen("/etc/passwd", "r"); '
p338
sg25
g26
sg27
S'Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362)'
p339
sg29
g16
sg32
I105
sg33
I2
sg34
I3450
sbag1
(g2
g3
Ntp340
Rp341
(dp342
g7
g8
sg9
g10
sg11
I282
sg12
S'strcpy'
p343
sg14
(lp344
g16
aS'a'
p345
aS'"\\n"'
p346
asg18
I1
sg19
g16
sg20
g111
sg22
I2
sg23
S' strcpy(a, "\\n"); // Did this work?'
p347
sg45
S'Risk is low because the source is a constant character.'
p348
sg25
g113
sg27
g114
sg29
g115
sg32
I15
sg33
I4
sg34
I276
sbag1
(g2
g3
Ntp349
Rp350
(dp351
g7
g8
sg9
g10
sg11
I388
sg12
S'sprintf'
p352
sg14
(lp353
g16
aS's'
p354
aS'"\\n"'
p355
asg18
I1
sg19
g16
sg20
g124
sg22
I2
sg23
S' sprintf(s, "\\n");'
p356
sg45
S'Risk is low because the source is a constant character.'
p357
sg25
g126
sg27
g127
sg29
g128
sg32
I18
sg33
I4
sg34
I381
sbag1
(g2
g3
Ntp358
Rp359
(dp360
g7
g8
sg9
g10
sg11
I574
sg12
S'scanf'
p361
sg14
(lp362
g16
aS'"%10s"'
p363
ag168
asg18
I1
sg19
g16
sg20
g169
sg22
I2
sg23
S' scanf("%10s", s);'
p364
sg25
g171
sg27
S"It's unclear if the %s limit in the format string is small enough (CWE-120)"
p365
sg29
S'Check that the limit is sufficiently small, or use a different input function'
p366
sg31
I1
sg32
I26
sg33
I4
sg34
I569
sbag1
(g2
g3
Ntp367
Rp368
(dp369
g7
g8
sg9
g10
sg11
I1410
sg12
S'strncpy'
p370
sg14
(lp371
g16
aS'd'
p372
aS's'
p373
asg18
I1
sg19
g16
sg20
S'FF1008'
p374
sg22
I3
sg23
S'  strncpy(d,s);'
p375
sg25
g113
sg27
S"Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers [MS-banned] (CWE-120)"
p376
sg29
g16
sg32
I57
sg33
I1
sg34
I1403
sbag1
(g2
g3
Ntp377
Rp378
(dp379
g7
g8
sg9
g10
sg11
I1427
sg12
S'_tcsncpy'
p380
sg14
(lp381
g16
aS'd'
p382
aS's'
p383
asg18
I1
sg19
g16
sg20
S'FF1009'
p384
sg22
I3
sg23
S'  _tcsncpy(d,s);'
p385
sg25
g113
sg27
g376
sg29
g16
sg32
I58
sg33
I1
sg34
I1419
sbag1
(g2
g3
Ntp386
Rp387
(dp388
g7
g8
sg9
g10
sg11
I1443
sg12
S'strncat'
p389
sg14
(lp390
g16
aS'd'
p391
aS's'
p392
aS'10'
p393
asg18
I1
sg19
g16
sg20
g43
sg22
I3
sg23
S'  strncat(d,s,10);'
p394
sg25
g47
sg27
g48
sg29
g49
sg32
I59
sg33
I1
sg34
I1436
sbag1
(g2
g3
Ntp395
Rp396
(dp397
g7
g8
sg9
g10
sg11
I1599
sg12
S'strlen'
p398
sg14
(lp399
g16
aS'd'
p400
asg18
I1
sg19
g16
sg20
S'FF1022'
p401
sg22
I7
sg23
S'  n = strlen(d);'
p402
sg25
g26
sg27
S'Does not handle strings that are not \\0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126)'
p403
sg29
g16
sg32
I62
sg33
I1
sg34
I1593
sbag1
(g2
g3
Ntp404
Rp405
(dp406
g7
g8
sg9
g10
sg11
I1918
sg12
S'MultiByteToWideChar'
p407
sg14
(lp408
g16
aS'CP_ACP'
p409
aS'0'
p410
aS'szName'
p411
aS'-1'
p412
aS'wszUserName'
p413
aS'sizeof(wszUserName)/sizeof(wszUserName[0])'
p414
asg18
I1
sg19
g16
sg20
g72
sg22
I3
sg23
S'  MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));'
p415
sg45
S'Risk is very low, the length appears to be in characters not bytes.'
p416
sg25
g75
sg27
g76
sg29
g16
sg32
I68
sg33
I2
sg34
I1899
sbag1
(g2
g3
Ntp417
Rp418
(dp419
g7
g8
sg9
g10
sg11
I2045
sg12
S'MultiByteToWideChar'
p420
sg14
(lp421
g16
aS'CP_ACP'
p422
aS'0'
p423
aS'szName'
p424
aS'-1'
p425
aS'wszUserName'
p426
aS'sizeof wszUserName /sizeof(wszUserName[0])'
p427
asg18
I1
sg19
g16
sg20
g72
sg22
I3
sg23
S'  MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof wszUserName /sizeof(wszUserName[0]));'
p428
sg45
g416
sg25
g75
sg27
g76
sg29
g16
sg32
I70
sg33
I2
sg34
I2026
sbag1
(g2
g3
Ntp429
Rp430
(dp431
g7
g141
sg9
g10
sg11
I200
sg12
S'printf'
p432
sg14
(lp433
g16
aS'"hello\\n"'
p434
asg18
I0
sg19
g16
sg20
g157
sg22
I2
sg23
S' printf("hello\\n");'
p435
sg45
S'Constant format string, so not considered risky.'
p436
sg25
g159
sg27
g160
sg29
g161
sg32
I9
sg33
I4
sg34
I194
sbag1
(g2
g3
Ntp437
Rp438
(dp439
g7
g8
sg9
g10
sg11
I539
sg12
S'scanf'
p440
sg14
(lp441
g16
aS'"%d"'
p442
aS'&x'
p443
asg18
I0
sg19
g16
sg20
g169
sg22
I2
sg23
S' scanf("%d", &x);'
p444
sg45
S'No risky scanf format detected.'
p445
sg25
g171
sg27
g172
sg29
g173
sg31
I1
sg32
I24
sg33
I4
sg34
I534
sbag1
(g2
g3
Ntp446
Rp447
(dp448
g7
g141
sg9
g10
sg11
I643
sg12
S'printf'
p449
sg14
(lp450
g16
aS'"\\\\"'
p451
asg18
I0
sg19
g16
sg20
g157
sg22
I2
sg23
S' printf("\\\\");'
p452
sg45
g436
sg25
g159
sg27
g160
sg29
g161
sg32
I29
sg33
I4
sg34
I637
sbag1
(g2
g3
Ntp453
Rp454
(dp455
g7
g141
sg9
g10
sg11
I837
sg12
S'syslog'
p456
sg14
(lp457
g16
aS'LOG_ERR'
p458
aS'"cannot open config file (%s): %s"'
p459
aS'filename'
p460
aS'strerror(errno)'
p461
asg18
I0
sg19
g16
sg20
g188
sg22
I2
sg23
S' syslog(LOG_ERR,"cannot open config file (%s): %s",filename,strerror(errno))'
p462
sg45
g436
sg25
g159
sg190
I2
sg27
g191
sg29
g192
sg32
I35
sg33
I4
sg34
I831
sbag1
(g2
g3
Ntp463
Rp464
(dp465
g7
g141
sg9
g10
sg11
I914
sg12
S'syslog'
p466
sg14
(lp467
g16
aS'LOG_CRIT'
p468
aS'"malloc() failed"'
p469
asg18
I0
sg19
g16
sg20
g188
sg22
I2
sg23
S' syslog(LOG_CRIT,"malloc() failed");'
p470
sg45
g436
sg25
g159
sg190
I2
sg27
g191
sg29
g192
sg32
I36
sg33
I4
sg34
I908
sbag1
(g2
g3
Ntp471
Rp472
(dp473
g7
g141
sg9
g10
sg11
I3049
sg12
S'printf'
p474
sg14
(lp475
g16
aS'"%c\\n"'
p476
aS"'x'"
p477
asg18
I0
sg19
g16
sg20
g157
sg22
I3
sg23
S'  printf("%c\\n", \'x\');'
p478
sg45
g436
sg25
g159
sg27
g160
sg29
g161
sg32
I85
sg33
I4
sg34
I3043
sbag1
(g2
g3
Ntp479
Rp480
(dp481
g7
g141
sg9
g10
sg11
I3072
sg12
S'printf'
p482
sg14
(lp483
g16
aS'"%c\\n"'
p484
aS'\'"\''
p485
asg18
I0
sg19
g16
sg20
g157
sg22
I3
sg23
S'  printf("%c\\n", \'"\');'
p486
sg45
g436
sg25
g159
sg27
g160
sg29
g161
sg32
I86
sg33
I4
sg34
I3066
sbag1
(g2
g3
Ntp487
Rp488
(dp489
g7
g141
sg9
g10
sg11
I3095
sg12
S'printf'
p490
sg14
(lp491
g16
aS'"%c\\n"'
p492
aS'\'\\"\''
p493
asg18
I0
sg19
g16
sg20
g157
sg22
I3
sg23
S'  printf("%c\\n", \'\\"\');'
p494
sg45
g436
sg25
g159
sg27
g160
sg29
g161
sg32
I87
sg33
I4
sg34
I3089
sbag1
(g2
g3
Ntp495
Rp496
(dp497
g7
g141
sg9
g10
sg11
I3119
sg12
S'printf'
p498
sg14
(lp499
g16
aS'"%c\\n"'
p500
aS"'\\''"
p501
asg18
I0
sg19
g16
sg20
g157
sg22
I3
sg23
S'  printf("%c\\n", \'\\\'\');'
p502
sg45
g436
sg25
g159
sg27
g160
sg29
g161
sg32
I88
sg33
I4
sg34
I3113
sbag1
(g2
g3
Ntp503
Rp504
(dp505
g7
g141
sg9
g10
sg11
I3143
sg12
S'printf'
p506
sg14
(lp507
g16
aS'"%c\\n"'
p508
aS"'\\177'"
p509
asg18
I0
sg19
g16
sg20
g157
sg22
I3
sg23
S'  printf("%c\\n", \'\\177\');'
p510
sg45
g436
sg25
g159
sg27
g160
sg29
g161
sg32
I89
sg33
I4
sg34
I3137
sbag1
(g2
g3
Ntp511
Rp512
(dp513
g7
g141
sg9
g10
sg11
I3169
sg12
S'printf'
p514
sg14
(lp515
g16
aS'"%c\\n"'
p516
aS"'\\xfe'"
p517
asg18
I0
sg19
g16
sg20
g157
sg22
I3
sg23
S'  printf("%c\\n", \'\\xfe\');'
p518
sg45
g436
sg25
g159
sg27
g160
sg29
g161
sg32
I90
sg33
I4
sg34
I3163
sbag1
(g2
g3
Ntp519
Rp520
(dp521
g7
g141
sg9
g10
sg11
I3195
sg12
S'printf'
p522
sg14
(lp523
g16
aS'"%c\\n"'
p524
aS"'\\xd'"
p525
asg18
I0
sg19
g16
sg20
g157
sg22
I3
sg23
S'  printf("%c\\n", \'\\xd\');'
p526
sg45
g436
sg25
g159
sg27
g160
sg29
g161
sg32
I91
sg33
I4
sg34
I3189
sbag1
(g2
g3
Ntp527
Rp528
(dp529
g7
g141
sg9
g10
sg11
I3220
sg12
S'printf'
p530
sg14
(lp531
g16
aS'"%c\\n"'
p532
aS"'\\n'"
p533
asg18
I0
sg19
g16
sg20
g157
sg22
I3
sg23
S'  printf("%c\\n", \'\\n\');'
p534
sg45
g436
sg25
g159
sg27
g160
sg29
g161
sg32
I92
sg33
I4
sg34
I3214
sbag1
(g2
g3
Ntp535
Rp536
(dp537
g7
g141
sg9
g10
sg11
I3244
sg12
S'printf'
p538
sg14
(lp539
g16
aS'"%c\\n"'
p540
aS"'\\\\'"
p541
asg18
I0
sg19
g16
sg20
g157
sg22
I3
sg23
S'  printf("%c\\n", \'\\\\\');'
p542
sg45
g436
sg25
g159
sg27
g160
sg29
g161
sg32
I93
sg33
I4
sg34
I3238
sbag1
(g2
g3
Ntp543
Rp544
(dp545
g7
g141
sg9
g10
sg11
I3268
sg12
S'printf'
p546
sg14
(lp547
g16
aS'"%c\\n"'
p548
aS'"\'"'
p549
asg18
I0
sg19
g16
sg20
g157
sg22
I3
sg23
S'  printf("%c\\n", "\'");'
p550
sg45
g436
sg25
g159
sg27
g160
sg29
g161
sg32
I94
sg33
I4
sg34
I3262
sbag1
(g2
g3
Ntp551
Rp552
(dp553
g7
g141
sg9
g10
sg11
I3593
sg12
S'fprintf'
p554
sg14
(lp555
g16
aS'stderr'
p556
aS'"Assertion failed.\\n"\\\n "File: %s\\nLine: %d\\n"\\\n "Assertion: %s\\n\\n"'
p557
aS'__FILE__'
p558
aS'__LINE__'
p559
aS'#x'
p560
asg18
I0
sg19
g16
sg20
S'FF1017'
p561
sg22
I2
sg23
S' fprintf(stderr,"Assertion failed.\\n"\\'
p562
sg45
g436
sg25
g159
sg190
I2
sg27
g160
sg29
g161
sg32
I113
sg33
I4
sg34
I3586
sba.