$ bashate --ignore E002
$ find -type f \( -iname '*.png' -o -iname '*.gif' -o -iname '*.jpg' -o -iname '*.jpeg' \) -exec grep -iF gimp {} +
$ find -type f \( -iname '*.png' -o -iname '*.gif' -o -iname '*.jpg' -o -iname '*.jpeg' \) -exec grep -iF inkscape {} +
$ codespell --quiet-level=3
./core/version.h:14: guarenteed ==> guaranteed
./languages/ada/test/postgresql_test.adb:568: occured ==> occurred
./backends/postgresql/blob.cpp:84: writen ==> written
./backends/postgresql/blob.cpp:86: writen ==> written
./backends/postgresql/blob.cpp:91: writen ==> written
./backends/postgresql/blob.cpp:103: writen ==> written
./backends/postgresql/blob.cpp:105: writen ==> written
./backends/postgresql/blob.cpp:110: writen ==> written
./backends/postgresql/statement.cpp:152: immediatelly ==> immediately
./backends/odbc/statement.cpp:169: immediatelly ==> immediately
./backends/firebird/blob.cpp:215: occured ==> occurred
./backends/firebird/session.cpp:259: commited ==> committed
./backends/firebird/session.cpp:333: commited ==> committed
./backends/firebird/test/test-firebird.cpp:48: commited ==> committed
./backends/firebird/test/test-firebird.cpp:58: commited ==> committed
./backends/sqlite3/statement.cpp:74: statment ==> statement
./backends/sqlite3/statement.cpp:391: statment ==> statement
./backends/sqlite3/vector-use-type.cpp:86: accomodate ==> accommodate
./doc/index.html:33: purposedly ==> purposely
./doc/statements.html:358: commited ==> committed
./doc/installation.html:345: dependant ==> dependent
./doc/languages/ada/concepts.html:39: repeteadly ==> repeatedly
./doc/backends/firebird.html:168: commited ==> committed
./doc/backends/oracle.html:157: consistant ==> consistent
$ cppcheck -j1 --quiet -f . | grep -vF 'cppcheck: error: could not find or open any of the paths given.'
$ grep -rF /proc/cpuinfo .
$ duck
$ fdupes -q -r .
./.git/logs/refs/heads/master
./.git/logs/refs/remotes/origin/HEAD
./.git/refs/heads/master
./.git/ORIG_HEAD
./core/.gitignore
./backends/.gitignore
$ grep -Er '/(home|srv|opt)(\W|$)' .
./core/test/common-tests.h: // /home/travis/build/SOCI/soci/src/core/test/common-tests.h:3505:
./cmake/modules/FindDB2.cmake: /opt/ibm/db2/V10.1
./cmake/modules/FindDB2.cmake: /opt/ibm/db2/V9.7
./cmake/modules/FindDB2.cmake: /opt/ibm/db2/V9.5
./cmake/modules/FindDB2.cmake: /opt/ibm/db2/V9.1)
./cmake/modules/FindMySQL.cmake: /opt/mysql/mysql/include
./cmake/modules/FindMySQL.cmake: /opt/mysql/mysql/lib
./cmake/modules/FindMySQL.cmake: $ENV{MYSQL_DIR}/lib/opt
./cmake/modules/FindMySQL.cmake: $ENV{ProgramFiles}/MySQL/*/lib/opt
./cmake/modules/FindMySQL.cmake: $ENV{SystemDrive}/MySQL/*/lib/opt
./cmake/modules/FindMySQL.cmake: /opt/mysql/mysql/lib
./doc/installation.html: ODBC Data Source Name (DSN) or ODBC File Data Source Name (FILEDSN) to test database: Microsoft Access (.mdb), Microsoft SQL Server, MySQL, PostgreSQL or any other ODBC SQL data source. {database} is placeholder for name of database driver ACCESS, MYSQL, POSTGRESQL, etc. See ODBC backend refernece for details. Example: -DSOCI_ODBC_TEST_POSTGRESQL_CONNSTR="FILEDSN=/home/mloskot/dev/soci/_git/build/test-postgresql.dsn" |
./doc/installation.html: Connection string is simply a file path where SQLite3 test database will be created (e.g. /home/john/soci_test.db). Check SQLite3 backend refernece for details. Example: -DSOCI_SQLITE3_TEST_CONNSTR="my.db" |
$ flawfinder -Q -c .
Flawfinder version 1.31, (C) 2001-2014 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 169
./backends/firebird/test/test-firebird.cpp:98: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused).
strcpy(b1, msg);
./backends/firebird/test/test-firebird.cpp:111: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused).
strcpy(buf1, msg);
./backends/firebird/test/test-firebird.cpp:143: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused).
std::strcpy(buf, buf_str.c_str());
./backends/odbc/soci-odbc.h:385: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused).
strcpy(reinterpret_cast(message_), socierror);
./backends/odbc/standard-use-type.cpp:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./backends/odbc/standard-use-type.cpp:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./backends/oracle/standard-use-type.cpp:24: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./backends/oracle/standard-use-type.cpp:24: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./backends/oracle/vector-use-type.cpp:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./backends/oracle/vector-use-type.cpp:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./backends/postgresql/standard-use-type.cpp:29: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./backends/postgresql/standard-use-type.cpp:29: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./backends/postgresql/standard-use-type.cpp:79: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused).
std::strcpy(buf_, s->c_str());
./backends/postgresql/vector-use-type.cpp:28: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./backends/postgresql/vector-use-type.cpp:28: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./backends/postgresql/vector-use-type.cpp:87: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused).
std::strcpy(buf, v[i].c_str());
./backends/sqlite3/standard-use-type.cpp:23: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf // TODO: use soci-platform.h
./backends/sqlite3/standard-use-type.cpp:23: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf // TODO: use soci-platform.h
./backends/sqlite3/standard-use-type.cpp:103: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused).
std::strcpy(buf_, s->c_str());
./backends/sqlite3/vector-use-type.cpp:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf // TODO: use soci-platform.h
./backends/sqlite3/vector-use-type.cpp:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf // TODO: use soci-platform.h
./backends/sqlite3/vector-use-type.cpp:123: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused).
std::strcpy(buf, v[i].c_str());
./core/soci-platform.h:23: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
./core/soci-platform.h:27: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./core/soci-platform.h:27: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
./core/backend-loader.cpp:32: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
#define LOCK(x) EnterCriticalSection(x)
./core/backend-loader.cpp:34: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
#define MUTEX_INIT(x) InitializeCriticalSection(x)
./core/backend-loader.cpp:39: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define DLOPEN(x) LoadLibrary(x)
./core/backend-loader.cpp:103: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char const* const penv = std::getenv("SOCI_BACKENDS_PATH");
./core/connection-pool.cpp:233: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&(pimpl_->mtx_));
./core/connection-pool.cpp:292: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(pimpl_->mtx_));
./core/connection-pool.cpp:324: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(pimpl_->mtx_));
./backends/firebird/blob.cpp:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
./backends/firebird/blob.cpp:132: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void firebird_blob_backend::open()
./backends/firebird/blob.cpp:179: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
./backends/firebird/blob.cpp:266: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res_buffer[20], *p, item;
./backends/firebird/common.cpp:106: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_, &sz, sizeof(short));
./backends/firebird/common.cpp:107: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_ + sizeof(short), s, sz);
./backends/firebird/common.cpp:111: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_, s, sz);
./backends/firebird/common.cpp:154: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_, &t, sizeof(t));
./backends/firebird/common.cpp:169: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_, &t, sizeof(t));
./backends/firebird/common.h:109: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(var->sqldata, &tmp, sizeof(short));
./backends/firebird/common.h:115: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(var->sqldata, &tmp, sizeof(int));
./backends/firebird/common.h:121: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(var->sqldata, &tmp, sizeof(long long));
./backends/firebird/common.h:127: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(var->sqldata, &sql_value, sizeof(float));
./backends/firebird/common.h:133: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(var->sqldata, &sql_value, sizeof(double));
./backends/firebird/common.h:148: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(val, &t1, sizeof(t1));
./backends/firebird/common.h:150: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(val, &t2, sizeof(t2));
./backends/firebird/error-firebird.cpp:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_buffer[SOCI_FIREBIRD_ERRMSG];
./backends/firebird/soci-firebird.h:284: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open();
./backends/firebird/standard-use-type.cpp:147: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_, &blob->bid_, var->sqllen);
./backends/firebird/statement.cpp:155: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res_buffer[8];
./backends/firebird/statement.cpp:573: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res_buffer[256];
./backends/firebird/test/test-firebird.cpp:95: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100], buf3[100];
./backends/firebird/test/test-firebird.cpp:110: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[100], buf2[100], buf3[100];
./backends/firebird/test/test-firebird.cpp:140: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
./backends/firebird/test/test-firebird.cpp:335: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
./backends/firebird/test/test-firebird.cpp:547: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[20];
./backends/firebird/test/test-firebird.cpp:969: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cnt_req[2], cnt_info[128];
./backends/mysql/session.cpp:201: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*port = std::atoi(val.c_str());
./backends/mysql/session.cpp:255: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*local_infile = std::atoi(val.c_str());
./backends/mysql/standard-use-type.cpp:49: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused). Risk is low because the source is a constant string.
std::strcpy(buf_, "NULL");
./backends/mysql/vector-use-type.cpp:60: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused). Risk is low because the source is a constant string.
std::strcpy(buf, "NULL");
./backends/odbc/session.cpp:271: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product_name[1024];
./backends/odbc/soci-odbc.h:388: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused). Risk is low because the source is a constant string.
strcpy(reinterpret_cast(sqlstate_), "01000");
./backends/odbc/standard-use-type.cpp:98: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_, s->c_str(), size);
./backends/oracle/test/test-oracle.cpp:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[25];
./backends/oracle/test/test-oracle.cpp:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[25];
./backends/oracle/test/test-oracle.cpp:165: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[100];
./backends/postgresql/error.cpp:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(sqlstate_, sqlst, 5);
./backends/postgresql/session.cpp:112: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameBuf[20] = { 0 }; // arbitrary length
./backends/postgresql/session.cpp:113: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nameBuf, "st_%d", ++statementCount_);
./backends/postgresql/soci-postgresql.h:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sqlstate_[ 5 ]; // not std::string to keep copy-constructor no-throw
./backends/postgresql/test/test-postgresql.cpp:233: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[100];
./backends/sqlite3/blob.cpp:46: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, buf_ + offset, r);
./backends/sqlite3/blob.cpp:67: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_, oldBuf, oldLen);
./backends/sqlite3/blob.cpp:70: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_ + offset, buf, toWrite);
./backends/sqlite3/blob.cpp:83: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_, oldBuf, len_);
./backends/sqlite3/blob.cpp:85: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_ + len_, buf, toWrite);
./backends/sqlite3/blob.cpp:102: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_, oldBuf, len_);
./backends/sqlite3/test/test-sqlite3.cpp:104: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[100];
./core/session.cpp:48: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(lastConnectParameters_);
./core/session.cpp:58: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(lastConnectParameters_);
./core/session.cpp:68: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(lastConnectParameters_);
./core/session.cpp:77: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(lastConnectParameters_);
./core/session.cpp:104: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void session::open(connection_parameters const & parameters)
./core/session.cpp:108: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pool_->at(poolPosition_).open(parameters);
./core/session.cpp:128: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void session::open(backend_factory const & factory,
./core/session.cpp:131: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(connection_parameters(factory, connectString));
./core/session.cpp:134: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void session::open(std::string const & backendName,
./core/session.cpp:137: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(connection_parameters(backendName, connectString));
./core/session.cpp:140: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void session::open(std::string const & connectString)
./core/session.cpp:142: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(connection_parameters(connectString));
./core/session.h:55: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(connection_parameters const & parameters);
./core/session.h:56: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(backend_factory const & factory, std::string const & connectString);
./core/session.h:57: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(std::string const & backendName, std::string const & connectString);
./core/session.h:58: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(std::string const & connectString);
./core/soci-simple.cpp:51: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wrapper->sql.open(connection_string);
./core/soci-simple.cpp:187: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_formatted[20];
./core/soci-simple.cpp:497: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(wrapper.date_formatted, "%d %d %d %d %d %d",
./core/soci-simple.cpp:1535: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(wrapper->date_formatted, "%d %d %d %d %d %d",
./core/test/common-tests.h:3210: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sql.open(backEndFactory_, connectString_);
./core/test/common-tests.h:3219: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sql.open(backEndFactory_, connectString_);
./core/test/common-tests.h:3231: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sql.open(backEndFactory_, connectString_);
./core/test/common-tests.h:3634: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sql.open(backEndFactory_, connectString_);
./core/test/common-tests.h:3802: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sql.open(backEndFactory_, connectString_);
./core/test/common-tests.h:3894: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sql.open(backEndFactory_, connectString_);
./backends/db2/blob.cpp:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t db2_blob_backend::read(
./backends/db2/soci-db2.h:223: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t read(std::size_t offset, char* buf, std::size_t toRead);
./backends/db2/standard-use-type.cpp:73: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers (CWE-120).
strncpy(buf, s->c_str(), size);
./backends/db2/statement.cpp:248: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
columnName.assign(name, std::strlen(name));
./backends/db2/vector-into-type.cpp:198: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v[i].assign(pos, strlen(pos));
./backends/db2/vector-use-type.cpp:152: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers (CWE-120).
strncpy(pos, v[i].c_str(), v[i].length());
./backends/empty/blob.cpp:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t empty_blob_backend::read(
./backends/empty/soci-empty.h:147: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t read(std::size_t offset, char* buf, std::size_t toRead);
./backends/firebird/blob.cpp:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t firebird_blob_backend::read(
./backends/firebird/soci-firebird.h:254: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual std::size_t read(std::size_t offset, char *buf,
./backends/firebird/test/test-firebird.cpp:545: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b.write(0, str1, strlen(str1));
./backends/firebird/test/test-firebird.cpp:548: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t i = b.read(3, str2, 2);
./backends/firebird/test/test-firebird.cpp:553: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b.append(str3, strlen(str3));
./backends/firebird/test/test-firebird.cpp:565: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b.read(0, &text[0], b.get_len());
./backends/firebird/test/test-firebird.cpp:569: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b.write(7, str1, strlen(str1));
./backends/firebird/test/test-firebird.cpp:582: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b.read(0, &text[0], b.get_len());
./backends/firebird/test/test-firebird.cpp:585: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
b.write(0, str1, strlen(str1));
./backends/firebird/test/test-firebird.cpp:587: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b.read(0, &text[0], b.get_len());
./backends/firebird/test/test-firebird.cpp:602: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b.read(0, &text[0], b.get_len());
./backends/firebird/test/test-firebird.cpp:607: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b.read(0, &text[0], b.get_len());
./backends/mysql/blob.cpp:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t mysql_blob_backend::read(
./backends/mysql/soci-mysql.h:221: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual std::size_t read(std::size_t offset, char *buf,
./backends/mysql/standard-use-type.cpp:74: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%d",
./backends/mysql/standard-use-type.cpp:83: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%d", *static_cast(data_));
./backends/mysql/standard-use-type.cpp:91: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%" LL_FMT_FLAGS "d", *static_cast(data_));
./backends/mysql/standard-use-type.cpp:99: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%" LL_FMT_FLAGS "u",
./backends/mysql/standard-use-type.cpp:115: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%.20g",
./backends/mysql/standard-use-type.cpp:125: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize,
./backends/mysql/vector-use-type.cpp:96: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%d", static_cast(v[i]));
./backends/mysql/vector-use-type.cpp:108: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%d", v[i]);
./backends/mysql/vector-use-type.cpp:120: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%" LL_FMT_FLAGS "d", v[i]);
./backends/mysql/vector-use-type.cpp:132: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%" LL_FMT_FLAGS "u", v[i]);
./backends/mysql/vector-use-type.cpp:150: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%.20g", v[i]);
./backends/mysql/vector-use-type.cpp:162: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "\'%d-%02d-%02d %02d:%02d:%02d\'",
./backends/odbc/blob.cpp:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t odbc_blob_backend::read(
./backends/odbc/soci-odbc.h:259: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual std::size_t read(std::size_t offset, char *buf,
./backends/odbc/standard-use-type.cpp:47: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, size, "%" LL_FMT_FLAGS "d",
./backends/odbc/standard-use-type.cpp:65: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, size, "%" LL_FMT_FLAGS "u",
./backends/odbc/statement.cpp:284: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
columnName.assign(name, std::strlen(name));
./backends/odbc/vector-into-type.cpp:227: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v[i].assign(pos, strlen(pos));
./backends/odbc/vector-use-type.cpp:179: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers (CWE-120).
strncpy(pos, v[i].c_str(), v[i].length());
./backends/odbc/vector-use-type.cpp:326: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(pos, max_bigint_length, "%" LL_FMT_FLAGS "d", v[i]);
./backends/odbc/vector-use-type.cpp:340: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(pos, max_bigint_length, "%" LL_FMT_FLAGS "u", v[i]);
./backends/oracle/blob.cpp:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t oracle_blob_backend::read(
./backends/oracle/soci-oracle.h:231: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual std::size_t read(std::size_t offset, char *buf,
./backends/oracle/standard-use-type.cpp:227: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, size, "%" LL_FMT_FLAGS "d", *static_cast(data_));
./backends/oracle/standard-use-type.cpp:233: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, size, "%" LL_FMT_FLAGS "u", *static_cast(data_));
./backends/oracle/standard-use-type.cpp:251: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers (CWE-120).
strncpy(buf_, s->c_str(), toCopy);
./backends/oracle/test/test-oracle.cpp:166: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b.read(1, buf2, 10);
./backends/oracle/vector-use-type.cpp:143: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers (CWE-120).
strncpy(pos, v[i].c_str(), v[i].length());
./backends/oracle/vector-use-type.cpp:250: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(pos, entrySize, "%" LL_FMT_FLAGS "d", v[i]);
./backends/oracle/vector-use-type.cpp:265: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(pos, entrySize, "%" LL_FMT_FLAGS "u", v[i]);
./backends/postgresql/blob.cpp:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t postgresql_blob_backend::read(
./backends/postgresql/common.cpp:100: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (converted == 1 && static_cast(n) == strlen(buf))
./backends/postgresql/common.h:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (converted == 1 && static_cast(n) == std::strlen(buf))
./backends/postgresql/common.h:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (converted == 1 && static_cast(n) == std::strlen(buf))
./backends/postgresql/error.cpp:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(std::strlen(sqlst) == 5);
./backends/postgresql/soci-postgresql.h:294: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual std::size_t read(std::size_t offset, char * buf,
./backends/postgresql/standard-use-type.cpp:87: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%d",
./backends/postgresql/standard-use-type.cpp:96: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%d",
./backends/postgresql/standard-use-type.cpp:105: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%" LL_FMT_FLAGS "d",
./backends/postgresql/standard-use-type.cpp:114: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%" LL_FMT_FLAGS "u",
./backends/postgresql/standard-use-type.cpp:125: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%.20g",
./backends/postgresql/standard-use-type.cpp:135: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%d-%02d-%02d %02d:%02d:%02d",
./backends/postgresql/standard-use-type.cpp:153: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%lu", rbe->value_);
./backends/postgresql/standard-use-type.cpp:165: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%lu", bbe->oid_);
./backends/postgresql/test/test-postgresql.cpp:234: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b.read(0, buf2, 10);
./backends/postgresql/vector-use-type.cpp:99: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%d", static_cast(v[i]));
./backends/postgresql/vector-use-type.cpp:111: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%d", v[i]);
./backends/postgresql/vector-use-type.cpp:123: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%" LL_FMT_FLAGS "d", v[i]);
./backends/postgresql/vector-use-type.cpp:135: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%" LL_FMT_FLAGS "u", v[i]);
./backends/postgresql/vector-use-type.cpp:149: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%.20g", v[i]);
./backends/postgresql/vector-use-type.cpp:161: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%d-%02d-%02d %02d:%02d:%02d",
./backends/sqlite3/blob.cpp:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t sqlite3_blob_backend::read(
./backends/sqlite3/common.h:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (converted == 1 && static_cast(n) == std::strlen(buf))
./backends/sqlite3/common.h:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (converted == 1 && static_cast(n) == std::strlen(buf))
./backends/sqlite3/soci-sqlite3.h:233: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual std::size_t read(std::size_t offset, char *buf,
./backends/sqlite3/standard-use-type.cpp:111: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%d",
./backends/sqlite3/standard-use-type.cpp:120: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%d",
./backends/sqlite3/standard-use-type.cpp:129: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%" LL_FMT_FLAGS "d",
./backends/sqlite3/standard-use-type.cpp:138: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%" LL_FMT_FLAGS "u",
./backends/sqlite3/standard-use-type.cpp:149: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%.20g",
./backends/sqlite3/standard-use-type.cpp:159: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%d-%02d-%02d %02d:%02d:%02d",
./backends/sqlite3/standard-use-type.cpp:176: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf_, bufSize, "%lu", rbe->value_);
./backends/sqlite3/standard-use-type.cpp:187: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bbe->read(0, buf_, len);
./backends/sqlite3/test/test-sqlite3.cpp:105: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b.read(0, buf2, 10);
./backends/sqlite3/vector-use-type.cpp:135: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%d", static_cast(v[i]));
./backends/sqlite3/vector-use-type.cpp:147: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%d", v[i]);
./backends/sqlite3/vector-use-type.cpp:159: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%" LL_FMT_FLAGS "d", v[i]);
./backends/sqlite3/vector-use-type.cpp:171: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%" LL_FMT_FLAGS "u", v[i]);
./backends/sqlite3/vector-use-type.cpp:185: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%.20g", v[i]);
./backends/sqlite3/vector-use-type.cpp:197: [1] (port) snprintf:
On some very old systems, snprintf is incorrectly implemented and permits
buffer overflows; there are also incompatible standard definitions of it.
Check it during installation, or use something else.
snprintf(buf, bufSize, "%d-%02d-%02d %02d:%02d:%02d",
./core/blob.cpp:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t blob::read(std::size_t offset, char *buf, std::size_t toRead)
./core/blob.cpp:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return backEnd_->read(offset, buf, toRead);
./core/blob.h:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t read(std::size_t offset, char * buf, std::size_t toRead);
./core/soci-backend.h:207: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual std::size_t read(std::size_t offset, char* buf,
ANALYSIS SUMMARY:
Hits = 203
Lines analyzed = 37671 in approximately 1.13 seconds (33203 lines/second)
Physical Source Lines of Code (SLOC) = 28523
Hits@level = [0] 0 [1] 96 [2] 75 [3] 7 [4] 25 [5] 0
Hits@level+ = [0+] 203 [1+] 203 [2+] 107 [3+] 32 [4+] 25 [5+] 0
Hits/KSLOC@level+ = [0+] 7.11706 [1+] 7.11706 [2+] 3.75136 [3+] 1.1219 [4+] 0.876486 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming for Linux and Unix HOWTO'
(http://www.dwheeler.com/secure-programs) for more information.
$ hlint .
hlint: No files found
$ find -type f \( -iname '*.c' -o -iname '*.cc' -o -iname '*.cxx' -o -iname '*.cpp' -o -iname '*.h' -o -iname '*.hh' -o -iname '*.hxx' -o -iname '*.hpp' \) -exec include-what-you-use {} \;
In file included from ./core/statement.h:11:
In file included from ./core/bind-values.h:4:
In file included from ./core/exchange-traits.h:11:
In file included from ./core/type-conversion-traits.h:11:
In file included from ./core/soci-backend.h:12:
./core/error.h:13:10: fatal error: 'stdexcept' file not found
#include
^
core/statement.h should add these lines:
#include "core/soci-config.h" // for SOCI_DECL
core/statement.h should remove these lines:
- #include "bind-values.h" // lines 11-11
- #include "into-type.h" // lines 12-12
- #include "into.h" // lines 13-13
- #include "row.h" // lines 17-17
- #include "soci-backend.h" // lines 16-16
- #include "use-type.h" // lines 14-14
- #include "use.h" // lines 15-15
The full include-list for core/statement.h:
#include "core/soci-config.h" // for SOCI_DECL
---
In file included from ./core/soci-backend.h:12:
./core/error.h:13:10: fatal error: 'stdexcept' file not found
#include
^
core/soci-backend.h should add these lines:
core/soci-backend.h should remove these lines:
- #include "error.h" // lines 12-12
The full include-list for core/soci-backend.h:
#include "soci-config.h" // for SOCI_DECL
---
(core/blob.h has correct #includes/fwd-decls)
core/blob.cpp should add these lines:
#include "core/soci-backend.h" // for blob_backend
core/blob.cpp should remove these lines:
The full include-list for core/blob.cpp:
#include "blob.h"
#include // for size_t
#include "core/soci-backend.h" // for blob_backend
#include "session.h" // for session
---
(core/soci-platform.h has correct #includes/fwd-decls)
(core/rowid.h has correct #includes/fwd-decls)
core/rowid.cpp should add these lines:
#include "core/soci-backend.h" // for rowid_backend
core/rowid.cpp should remove these lines:
The full include-list for core/rowid.cpp:
#include "rowid.h"
#include "core/soci-backend.h" // for rowid_backend
#include "session.h" // for session
---
In file included from ./core/session.h:11:
In file included from ./core/once-temp-type.h:11:
In file included from ./core/ref-counted-statement.h:11:
In file included from ./core/statement.h:11:
In file included from ./core/bind-values.h:4:
In file included from ./core/exchange-traits.h:11:
In file included from ./core/type-conversion-traits.h:11:
In file included from ./core/soci-backend.h:12:
./core/error.h:13:10: fatal error: 'stdexcept' file not found
#include
^
core/session.h should add these lines:
#include "core/soci-config.h" // for SOCI_DECL
core/session.h should remove these lines:
- #include "connection-parameters.h" // lines 13-13
- #include "once-temp-type.h" // lines 11-11
- #include "query_transformation.h" // lines 12-12
The full include-list for core/session.h:
#include "core/soci-config.h" // for SOCI_DECL
---
In file included from ./core/boost-optional.h:11:
In file included from ./core/type-conversion-traits.h:11:
In file included from ./core/soci-backend.h:12:
./core/error.h:13:10: fatal error: 'stdexcept' file not found
#include
^
core/boost-optional.h should add these lines:
core/boost-optional.h should remove these lines:
- #include // lines 13-13
- #include "type-conversion-traits.h" // lines 11-11
The full include-list for core/boost-optional.h:
---
./core/test/common-tests.h:11:10: fatal error: 'soci.h' file not found
#include "soci.h"
^
core/test/common-tests.h should add these lines:
core/test/common-tests.h should remove these lines:
- struct PhonebookEntry2; // lines 40-40
The full include-list for core/test/common-tests.h:
---
In file included from ./core/procedure.h:11:
In file included from ./core/statement.h:11:
In file included from ./core/bind-values.h:4:
In file included from ./core/exchange-traits.h:11:
In file included from ./core/type-conversion-traits.h:11:
In file included from ./core/soci-backend.h:12:
./core/error.h:13:10: fatal error: 'stdexcept' file not found
#include
^
core/procedure.h should add these lines:
#include "core/soci-config.h" // for SOCI_DECL
core/procedure.h should remove these lines:
- #include "statement.h" // lines 11-11
The full include-list for core/procedure.h:
#include "core/soci-config.h" // for SOCI_DECL
---
In file included from ./core/boost-fusion.h:15:
In file included from ./core/values.h:11:
In file included from ./core/statement.h:11:
In file included from ./core/bind-values.h:4:
In file included from ./core/exchange-traits.h:11:
In file included from ./core/type-conversion-traits.h:11:
In file included from ./core/soci-backend.h:12:
./core/error.h:13:10: fatal error: 'stdexcept' file not found
#include
^
core/boost-fusion.h should add these lines:
core/boost-fusion.h should remove these lines:
- #include // lines 18-18
- #include // lines 21-21
- #include // lines 19-19
- #include // lines 20-20
- #include // lines 22-22
- #include // lines 23-23
- #include // lines 24-24
- #include // lines 25-25
- #include "type-conversion-traits.h" // lines 16-16
- #include "values.h" // lines 15-15
The full include-list for core/boost-fusion.h:
---
In file included from ./core/ref-counted-statement.h:11:
In file included from ./core/statement.h:11:
In file included from ./core/bind-values.h:4:
In file included from ./core/exchange-traits.h:11:
In file included from ./core/type-conversion-traits.h:11:
In file included from ./core/soci-backend.h:12:
./core/error.h:13:10: fatal error: 'stdexcept' file not found
#include
^
core/ref-counted-statement.h should add these lines:
#include "core/soci-config.h" // for SOCI_DECL
core/ref-counted-statement.h should remove these lines:
- #include "into-type.h" // lines 12-12
- #include "statement.h" // lines 11-11
- #include "use-type.h" // lines 13-13
The full include-list for core/ref-counted-statement.h:
#include "core/soci-config.h" // for SOCI_DECL
---
In file included from ./core/boost-tuple.h:11:
In file included from ./core/values.h:11:
In file included from ./core/statement.h:11:
In file included from ./core/bind-values.h:4:
In file included from ./core/exchange-traits.h:11:
In file included from ./core/type-conversion-traits.h:11:
In file included from ./core/soci-backend.h:12:
./core/error.h:13:10: fatal error: 'stdexcept' file not found
#include
^
core/boost-tuple.h should add these lines:
core/boost-tuple.h should remove these lines:
- #include // lines 16-16
- #include // lines 15-15
- #include "type-conversion-traits.h" // lines 12-12
- #include "values.h" // lines 11-11
The full include-list for core/boost-tuple.h:
---
./core/type-ptr.h:11:1: error: unknown type name 'namespace'
namespace soci { namespace details {
^
./core/type-ptr.h:11:15: error: expected ';' after top level declarator
namespace soci { namespace details {
^
;
(core/type-ptr.h has correct #includes/fwd-decls)
core/connection-parameters.h should add these lines:
#include // for pair
core/connection-parameters.h should remove these lines:
The full include-list for core/connection-parameters.h:
#include