Original code: #include <stdio.h> #define hello(x) goodbye(x) #define WOKKA "stuff" main() { printf("hello\n"); } /* This is a strcpy test. */ int demo(char *a, char *b) { strcpy(a, "\n"); // Did this work? strcpy(a, gettext("Hello there")); // Did this work? strcpy(b, a); sprintf(s, "\n"); sprintf(s, "hello"); sprintf(s, "hello %s", bug); sprintf(s, gettext("hello %s"), bug); sprintf(s, unknown, bug); printf(bf, x); scanf("%d", &x); scanf("%s", s); scanf("%10s", s); scanf("%s", s); gets(f); // Flawfinder: ignore gets(f); } ========================================================================= Flawfinder results: Flawfinder version 0.12, (C) 2001 David A. Wheeler. Number of dangerous functions in C ruleset: 40 Processing test.c test.c:25 [5] (buffer) gets: does not check for buffer overflows. Use fgets() instead. test.c:26 [5] (buffer) gets: does not check for buffer overflows. Use fgets() instead. test.c:14 [4] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. test.c:17 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. test.c:18 [4] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. test.c:19 [4] (format) sprintf: Potential format string problem. Make Format string constant. test.c:20 [4] (format) printf: if format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. test.c:22 [4] (buffer) scanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. test.c:24 [4] (buffer) scanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. test.c:13 [2] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant string. test.c:16 [2] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. test.c:12 [1] (buffer) strcpy: does not check for buffer overflows. Consider using strncpy or strlcpy. Risk is low because the source is a constant character. test.c:15 [1] (buffer) sprintf: does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source is a constant character. test.c:23 [1] (buffer) scanf: the scanf() family's %s operation, without a limit specification, permits buffer overflows. Specify a limit to %s, or use a different input function. Only low-risk scanf formats detected. There are probably other security vulnerabilities as well; review your code! ========================================================================= Its4 results: test.c:25:(Urgent) gets test.c:26:(Urgent) gets The input buffer can almost always be overflowed. Use fgets(buf,size,stdin) instead. ---------------- test.c:6:(Urgent) printf test.c:20:(Urgent) printf Non-constant format strings can often be attacked. Use a constant format string. ---------------- test.c:18:(Urgent) sprintf test.c:19:(Urgent) sprintf Non-constant format strings can often be attacked. Use a constant format string. ---------------- test.c:22:(Very Risky) scanf test.c:24:(Very Risky) scanf This function is high risk for buffer overflows Use precision specifiers, or do your own parsing. ---------------- test.c:17:(Very Risky) sprintf This function is high risk for buffer overflows Use snprintf if available, or precision specifiers, if available. ---------------- test.c:13:(Very Risky) strcpy test.c:14:(Very Risky) strcpy This function is high risk for buffer overflows Use strncpy instead. ----------------