sample_jsons/sarif_mapper/sarif_output.json

{"platform":{"name":"Heimdall Tools","release":"0.0.0.1.ENOTAG","target_id":"Static Analysis Results Interchange Format"},"version":"0.0.0.1.ENOTAG","statistics":{"duration":null},"profiles":[{"name":"Sarif","version":"2.1.0","title":"Static Analysis Results Interchange Format","maintainer":null,"summary":"","license":null,"copyright":null,"copyright_email":null,"supports":[],"attributes":[],"depends":[],"groups":[],"status":"loaded","controls":[{"tags":{"cwe":["CWE-20","CWE-120"],"nist":["PE-10","SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":36},"title":"buffer/gets","id":"FF1014","desc":"Does not check for buffer overflows (CWE-120, CWE-20).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 36 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":60},"title":"buffer/strncat","id":"FF1010","desc":"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 60 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":61},"title":"buffer/_tcsncat","id":"FF1011","desc":"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 61 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":64},"title":"buffer/MultiByteToWideChar","id":"FF1023","desc":"Requires maximum length in CHARACTERS, not bytes (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 64 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":66},"title":"buffer/MultiByteToWideChar","id":"FF1023","desc":"Requires maximum length in CHARACTERS, not bytes (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 66 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-732"],"nist":["AC-3"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":77},"title":"misc/SetSecurityDescriptorDacl","id":"FF1060","desc":"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 77 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-732"],"nist":["AC-3"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":77},"title":"misc/SetSecurityDescriptorDacl","id":"FF1060","desc":"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 77 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-20","CWE-120"],"nist":["PE-10","SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":32},"title":"buffer/gets","id":"FF1014","desc":"Does not check for buffer overflows (CWE-120, CWE-20).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 32 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":60},"title":"buffer/strncat","id":"FF1010","desc":"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 60 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":61},"title":"buffer/_tcsncat","id":"FF1011","desc":"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 61 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":64},"title":"buffer/MultiByteToWideChar","id":"FF1023","desc":"Requires maximum length in CHARACTERS, not bytes (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 64 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":66},"title":"buffer/MultiByteToWideChar","id":"FF1023","desc":"Requires maximum length in CHARACTERS, not bytes (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 66 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-732"],"nist":["AC-3"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":77},"title":"misc/SetSecurityDescriptorDacl","id":"FF1060","desc":"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 77 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-732"],"nist":["AC-3"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":77},"title":"misc/SetSecurityDescriptorDacl","id":"FF1060","desc":"Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 77 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":13},"title":"buffer/strcpy","id":"FF1001","desc":"Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 13 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":21},"title":"buffer/strcpy","id":"FF1001","desc":"Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 21 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":24},"title":"buffer/sprintf","id":"FF1015","desc":"Does not check for buffer overflows (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 24 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":25},"title":"buffer/sprintf","id":"FF1015","desc":"Does not check for buffer overflows (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 25 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":26},"title":"buffer/sprintf","id":"FF1015","desc":"Does not check for buffer overflows (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 26 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-134"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":27},"title":"format/printf","id":"FF1016","desc":"If format strings can be influenced by an attacker, they can be exploited (CWE-134).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 27 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-20","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":29},"title":"buffer/scanf","id":"FF1020","desc":"The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 29 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-20","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":31},"title":"buffer/scanf","id":"FF1020","desc":"The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 31 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-134"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":42},"title":"format/syslog","id":"FF1018","desc":"If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 42 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":53},"title":"buffer/_mbscpy","id":"FF1003","desc":"Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 53 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":56},"title":"buffer/lstrcat","id":"FF1006","desc":"Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 56 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":17},"title":"buffer/strcpy","id":"FF1001","desc":"Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 17 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":20},"title":"buffer/sprintf","id":"FF1015","desc":"Does not check for buffer overflows (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 20 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":21},"title":"buffer/sprintf","id":"FF1015","desc":"Does not check for buffer overflows (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 21 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":22},"title":"buffer/sprintf","id":"FF1015","desc":"Does not check for buffer overflows (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 22 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-134"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":23},"title":"format/printf","id":"FF1016","desc":"If format strings can be influenced by an attacker, they can be exploited (CWE-134).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 23 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-20","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":25},"title":"buffer/scanf","id":"FF1020","desc":"The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 25 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-20","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":27},"title":"buffer/scanf","id":"FF1020","desc":"The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 27 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-134"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":38},"title":"format/syslog","id":"FF1018","desc":"If syslog's format strings can be influenced by an attacker, they can be exploited (CWE-134).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 38 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":49},"title":"buffer/_mbscpy","id":"FF1003","desc":"Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 49 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":56},"title":"buffer/lstrcat","id":"FF1006","desc":"Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120).","impact":0.7,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 56 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-78"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":79},"title":"shell/CreateProcess","id":"FF1046","desc":"This causes a new process to execute and is difficult to use safely (CWE-78).","impact":0.0,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 79 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-78"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":79},"title":"shell/CreateProcess","id":"FF1046","desc":"This causes a new process to execute and is difficult to use safely (CWE-78).","impact":0.0,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 79 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-20","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":95},"title":"buffer/getopt_long","id":"FF1027","desc":"Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20).","impact":0.0,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 95 COLUMN : 20","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-78"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":79},"title":"shell/CreateProcess","id":"FF1046","desc":"This causes a new process to execute and is difficult to use safely (CWE-78).","impact":0.0,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 79 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-78"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":79},"title":"shell/CreateProcess","id":"FF1046","desc":"This causes a new process to execute and is difficult to use safely (CWE-78).","impact":0.0,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 79 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-20","CWE-829"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":81},"title":"misc/LoadLibraryEx","id":"FF1059","desc":"Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20).","impact":0.0,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 81 COLUMN : 10","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-20","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":99},"title":"buffer/getopt_long","id":"FF1027","desc":"Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20).","impact":0.0,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 99 COLUMN : 20","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-119","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/no-ending-newline.c","line":10},"title":"buffer/char","id":"FF1013","desc":"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/no-ending-newline.c LINE : 10 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":20},"title":"buffer/strcpy","id":"FF1001","desc":"Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 20 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":23},"title":"buffer/sprintf","id":"FF1015","desc":"Does not check for buffer overflows (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 23 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-119","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":49},"title":"buffer/char","id":"FF1013","desc":"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 49 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-119","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":50},"title":"buffer/char","id":"FF1013","desc":"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 50 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":54},"title":"buffer/memcpy","id":"FF1004","desc":"Does not check for buffer overflows when copying to destination (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 54 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":55},"title":"buffer/memcpy","id":"FF1004","desc":"Does not check for buffer overflows when copying to destination (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 55 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-362"],"nist":["SC-4"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":101},"title":"misc/fopen","id":"FF1040","desc":"Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 101 COLUMN : 7","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":16},"title":"buffer/strcpy","id":"FF1001","desc":"Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 16 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":19},"title":"buffer/sprintf","id":"FF1015","desc":"Does not check for buffer overflows (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 19 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-119","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":45},"title":"buffer/char","id":"FF1013","desc":"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 45 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-119","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":46},"title":"buffer/char","id":"FF1013","desc":"Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 46 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":50},"title":"buffer/memcpy","id":"FF1004","desc":"Does not check for buffer overflows when copying to destination (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 50 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":53},"title":"buffer/memcpy","id":"FF1004","desc":"Does not check for buffer overflows when copying to destination (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 53 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":54},"title":"buffer/memcpy","id":"FF1004","desc":"Does not check for buffer overflows when copying to destination (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 54 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":55},"title":"buffer/memcpy","id":"FF1004","desc":"Does not check for buffer overflows when copying to destination (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 55 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-362"],"nist":["SC-4"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":105},"title":"misc/fopen","id":"FF1040","desc":"Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 105 COLUMN : 7","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":19},"title":"buffer/strcpy","id":"FF1001","desc":"Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 19 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":22},"title":"buffer/sprintf","id":"FF1015","desc":"Does not check for buffer overflows (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 22 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-20","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":30},"title":"buffer/scanf","id":"FF1020","desc":"The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 30 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":57},"title":"buffer/strncpy","id":"FF1008","desc":"Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers [MS-banned] (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 57 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":58},"title":"buffer/_tcsncpy","id":"FF1009","desc":"Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers [MS-banned] (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 58 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":59},"title":"buffer/strncat","id":"FF1010","desc":"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 59 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-126"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":62},"title":"buffer/strlen","id":"FF1022","desc":"Does not handle strings that are not \\0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 62 COLUMN : 7","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":68},"title":"buffer/MultiByteToWideChar","id":"FF1023","desc":"Requires maximum length in CHARACTERS, not bytes (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 68 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test-patched.c","line":70},"title":"buffer/MultiByteToWideChar","id":"FF1023","desc":"Requires maximum length in CHARACTERS, not bytes (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test-patched.c LINE : 70 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":15},"title":"buffer/strcpy","id":"FF1001","desc":"Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 15 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":18},"title":"buffer/sprintf","id":"FF1015","desc":"Does not check for buffer overflows (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 18 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-20","CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":26},"title":"buffer/scanf","id":"FF1020","desc":"The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 26 COLUMN : 2","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":57},"title":"buffer/strncpy","id":"FF1008","desc":"Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers [MS-banned] (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 57 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":58},"title":"buffer/_tcsncpy","id":"FF1009","desc":"Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers [MS-banned] (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 58 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":59},"title":"buffer/strncat","id":"FF1010","desc":"Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 59 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-126"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":62},"title":"buffer/strlen","id":"FF1022","desc":"Does not handle strings that are not \\0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 62 COLUMN : 7","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":68},"title":"buffer/MultiByteToWideChar","id":"FF1023","desc":"Requires maximum length in CHARACTERS, not bytes (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 68 COLUMN : 3","run_time":0.0,"start_time":""}]},{"tags":{"cwe":["CWE-120"],"nist":["SI-10"]},"descriptions":[],"refs":[],"source_location":{"ref":"test/test.c","line":70},"title":"buffer/MultiByteToWideChar","id":"FF1023","desc":"Requires maximum length in CHARACTERS, not bytes (CWE-120).","impact":0.3,"code":"","results":[{"status":"failed","code_desc":"URL : test/test.c LINE : 70 COLUMN : 3","run_time":0.0,"start_time":""}]}],"sha256":"f5c1a3b05110e336e5ddd452f4a3d0c69ea51e2805cbdb6a41564d9c2205ae82"}]}