Skip to content

Instantly share code, notes, and snippets.

@flatcap

flatcap/README.txt

Last active February 22, 2025 23:33
Download ZIP

Revisions

  1. flatcap revised this gist Feb 22, 2025. 2 changed files with 1 addition and 9 deletions.
    3 changes: 1 addition & 2 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -22,14 +22,13 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 113 Issues
    # 107 Issues

    27 Poorly documented large function
    27 For loop variable changed in body
    21 Local variable address stored in non-local memory
    9 Year field changed using an arithmetic operation without checking for leap year
    8 Long switch case
    6 Unsigned comparison to zero
    3 Uncontrolled data used in path expression
    3 Nested loops with same variable
    3 Futile conditional
    7 changes: 0 additions & 7 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -107,13 +107,6 @@ send/sendlib.c:114:26 913 Uncontrolled data used in path expression

    send/sendmail.c:174:14 384 Uncontrolled process operation

    copy.c:79:35 1083 Unsigned comparison to zero
    gui/msgwin.c:144:51 1085 Unsigned comparison to zero
    imap/msg_set.c:84:41 1086 Unsigned comparison to zero
    imap/msg_set.c:89:41 1087 Unsigned comparison to zero
    imap/msn.c:85:38 1090 Unsigned comparison to zero
    imap/msn.c:118:38 1088 Unsigned comparison to zero

    expando/node_conddate.c:88:10 1099 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9 486 Year field changed using an arithmetic operation without checking for leap year
  2. flatcap revised this gist Feb 22, 2025. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    Last update: 2025-02-16
    Last update: 2025-02-22

    - Commit https://github.com/neomutt/neomutt/commit/e4b57e076df382a02f1e0125b8e08da9340bcc1a

  3. flatcap revised this gist Feb 16, 2025. 2 changed files with 22 additions and 22 deletions.
    2 changes: 1 addition & 1 deletion README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    Last update: 2025-02-03
    Last update: 2025-02-16

    - Commit https://github.com/neomutt/neomutt/commit/e4b57e076df382a02f1e0125b8e08da9340bcc1a

    42 changes: 21 additions & 21 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -18,9 +18,9 @@ imap/util.c:725:11 1183 For loop variable changed in body
    mutt/buffer.c:446:20 932 For loop variable changed in body
    mutt/file.c:1381:28 508 For loop variable changed in body
    mutt/file.c:1386:11 509 For loop variable changed in body
    mutt_header.c:332:13 510 For loop variable changed in body
    mutt/path.c:80:13 217 For loop variable changed in body
    mutt/slist.c:201:7 218 For loop variable changed in body
    mutt_header.c:332:13 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13 225 For loop variable changed in body
    @@ -32,47 +32,47 @@ ncrypt/smime.c:301:20 231 For loop variable changed in body
    nntp/complete.c:66:9 230 For loop variable changed in body
    pattern/pattern.c:120:7 483 For loop variable changed in body

    mutt/signal.c:118:3 1188 Futile conditional
    mutt/signal.c:85:3 1190 Futile conditional
    mutt/signal.c:99:5 1189 Futile conditional
    mutt/signal.c:118:3 1188 Futile conditional

    alias/dlg_alias.c:241:3 325 Local variable address stored in non-local memory
    alias/dlg_query.c:313:3 326 Local variable address stored in non-local memory
    alias/dlg_alias.c:240:3 325 Local variable address stored in non-local memory
    alias/dlg_query.c:312:3 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:859:3 1130 Local variable address stored in non-local memory
    browser/dlg_browser.c:860:3 1131 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3 331 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:193:3 331 Local variable address stored in non-local memory
    editor/window.c:298:3 1187 Local variable address stored in non-local memory
    email/parse.c:258:9 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5 336 Local variable address stored in non-local memory
    email/thread.c:112:3 527 Local variable address stored in non-local memory
    history/dlg_history.c:133:3 1132 Local variable address stored in non-local memory
    history/dlg_history.c:132:3 1132 Local variable address stored in non-local memory
    imap/browse.c:165:3 341 Local variable address stored in non-local memory
    imap/browse.c:277:5 1100 Local variable address stored in non-local memory
    imap/command.c:686:3 343 Local variable address stored in non-local memory
    imap/imap.c:1303:3 344 Local variable address stored in non-local memory
    imap/imap.c:1307:3 344 Local variable address stored in non-local memory
    mutt/notify.c:210:3 1110 Local variable address stored in non-local memory
    mutt_thread.c:1064:5 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:235:3 1135 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:235:3 1133 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:234:3 1135 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:234:3 1133 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:210:3 1134 Local variable address stored in non-local memory
    pager/dlg_pager.c:351:3 353 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:223:3 1136 Local variable address stored in non-local memory

    email/parse.c:687:3 521 Long switch case
    flags.c:72:3 575 Long switch case
    muttlib.c:138:5 513 Long switch case
    muttlib.c:138:5 1193 Long switch case
    ncrypt/gnupgparse.c:174:5 19 Long switch case
    ncrypt/smime.c:2047:5 20 Long switch case
    notmuch/notmuch.c:1386:3 21 Long switch case
    pattern/compile.c:373:5 23 Long switch case
    pattern/compile.c:937:5 692 Long switch case
    notmuch/notmuch.c:1387:3 21 Long switch case
    pattern/compile.c:372:5 23 Long switch case
    pattern/compile.c:936:5 692 Long switch case

    postpone/postpone.c:225:24 356 Nested loops with same variable
    postpone/postpone.c:260:22 357 Nested loops with same variable
    postpone/postpone.c:297:16 358 Nested loops with same variable

    address/address.c:480:5 577 Poorly documented large function
    attach/recvattach.c:432:6 693 Poorly documented large function
    attach/recvattach.c:431:6 693 Poorly documented large function
    browser/dlg_browser.c:392:5 602 Poorly documented large function
    convert/content_info.c:49:6 285 Poorly documented large function
    enriched.c:121:13 478 Poorly documented large function
    @@ -88,30 +88,31 @@ ncrypt/crypt.c:1117:5 1104 Poorly documented large function
    ncrypt/crypt.c:1243:5 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3535:14 296 Poorly documented large function
    ncrypt/pgp.c:1463:7 295 Poorly documented large function
    notmuch/notmuch.c:2250:22 298 Poorly documented large function
    notmuch/notmuch.c:2251:22 298 Poorly documented large function
    pager/pager.c:132:12 526 Poorly documented large function
    pattern/exec.c:845:13 299 Poorly documented large function
    pattern/pattern.c:191:5 1128 Poorly documented large function
    pop/auth.c:523:5 300 Poorly documented large function
    recvcmd.c:949:6 694 Poorly documented large function
    send/send.c:1155:12 574 Poorly documented large function
    send/send.c:235:12 301 Poorly documented large function
    send/send.c:1155:12 574 Poorly documented large function
    send/sendlib.c:454:14 284 Poorly documented large function
    send/smtp.c:622:12 303 Poorly documented large function

    mutt/file.c:183:3 6 Time-of-check time-of-use filesystem race condition

    help.c:196:30 1191 Uncontrolled data used in path expression
    key/dump.c:200:24 1192 Uncontrolled data used in path expression
    key/dump.c:197:24 1192 Uncontrolled data used in path expression
    send/sendlib.c:114:26 913 Uncontrolled data used in path expression

    send/sendmail.c:174:14 384 Uncontrolled process operation

    copy.c:79:35 1083 Unsigned comparison to zero
    gui/msgwin.c:144:51 1085 Unsigned comparison to zero
    imap/msg_set.c:84:41 1086 Unsigned comparison to zero
    imap/msg_set.c:89:41 1087 Unsigned comparison to zero
    imap/msn.c:118:38 1088 Unsigned comparison to zero
    imap/msn.c:85:38 1090 Unsigned comparison to zero
    imap/msn.c:118:38 1088 Unsigned comparison to zero

    expando/node_conddate.c:88:10 1099 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9 319 Year field changed using an arithmetic operation without checking for leap year
    @@ -120,6 +121,5 @@ mutt/date.c:370:11 321 Year field changed using an arithmetic oper
    mutt/date.c:384:11 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:592:8 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:757:8 1114 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:234:11 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:348:8 323 Year field changed using an arithmetic operation without checking for leap year

    pattern/compile.c:233:11 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:347:8 323 Year field changed using an arithmetic operation without checking for leap year
  4. flatcap revised this gist Feb 3, 2025. 2 changed files with 30 additions and 16 deletions.
    8 changes: 5 additions & 3 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    Last update: 2025-01-21
    Last update: 2025-02-03

    - Commit https://github.com/neomutt/neomutt/commit/e4b57e076df382a02f1e0125b8e08da9340bcc1a

    @@ -22,17 +22,19 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 102 Issues
    # 113 Issues

    27 Poorly documented large function
    27 For loop variable changed in body
    21 Local variable address stored in non-local memory
    9 Year field changed using an arithmetic operation without checking for leap year
    8 Long switch case
    6 Unsigned comparison to zero
    3 Uncontrolled data used in path expression
    3 Nested loops with same variable
    3 Futile conditional
    2 File created without restricting permissions
    2 Cleartext transmission of sensitive information
    1 Uncontrolled process operation
    1 Uncontrolled data used in path expression
    1 Time-of-check time-of-use filesystem race condition

    38 changes: 25 additions & 13 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -18,9 +18,9 @@ imap/util.c:725:11 1183 For loop variable changed in body
    mutt/buffer.c:446:20 932 For loop variable changed in body
    mutt/file.c:1381:28 508 For loop variable changed in body
    mutt/file.c:1386:11 509 For loop variable changed in body
    mutt_header.c:332:13 510 For loop variable changed in body
    mutt/path.c:80:13 217 For loop variable changed in body
    mutt/slist.c:201:7 218 For loop variable changed in body
    mutt_header.c:332:13 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13 225 For loop variable changed in body
    @@ -32,7 +32,11 @@ ncrypt/smime.c:301:20 231 For loop variable changed in body
    nntp/complete.c:66:9 230 For loop variable changed in body
    pattern/pattern.c:120:7 483 For loop variable changed in body

    alias/dlg_alias.c:240:3 325 Local variable address stored in non-local memory
    mutt/signal.c:118:3 1188 Futile conditional
    mutt/signal.c:85:3 1190 Futile conditional
    mutt/signal.c:99:5 1189 Futile conditional

    alias/dlg_alias.c:241:3 325 Local variable address stored in non-local memory
    alias/dlg_query.c:313:3 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:859:3 1130 Local variable address stored in non-local memory
    browser/dlg_browser.c:860:3 1131 Local variable address stored in non-local memory
    @@ -41,17 +45,17 @@ editor/window.c:298:3 1187 Local variable address stored in non-local
    email/parse.c:258:9 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5 336 Local variable address stored in non-local memory
    email/thread.c:112:3 527 Local variable address stored in non-local memory
    history/dlg_history.c:132:3 1132 Local variable address stored in non-local memory
    history/dlg_history.c:133:3 1132 Local variable address stored in non-local memory
    imap/browse.c:165:3 341 Local variable address stored in non-local memory
    imap/browse.c:277:5 1100 Local variable address stored in non-local memory
    imap/command.c:686:3 343 Local variable address stored in non-local memory
    imap/imap.c:1303:3 344 Local variable address stored in non-local memory
    mutt/notify.c:210:3 1110 Local variable address stored in non-local memory
    mutt_thread.c:1065:5 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:234:3 1135 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:234:3 1133 Local variable address stored in non-local memory
    mutt_thread.c:1064:5 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:235:3 1135 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:235:3 1133 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:210:3 1134 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3 353 Local variable address stored in non-local memory
    pager/dlg_pager.c:351:3 353 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:223:3 1136 Local variable address stored in non-local memory

    email/parse.c:687:3 521 Long switch case
    @@ -61,7 +65,7 @@ ncrypt/gnupgparse.c:174:5 19 Long switch case
    ncrypt/smime.c:2047:5 20 Long switch case
    notmuch/notmuch.c:1386:3 21 Long switch case
    pattern/compile.c:373:5 23 Long switch case
    pattern/compile.c:936:5 692 Long switch case
    pattern/compile.c:937:5 692 Long switch case

    postpone/postpone.c:225:24 356 Nested loops with same variable
    postpone/postpone.c:260:22 357 Nested loops with same variable
    @@ -73,34 +77,42 @@ browser/dlg_browser.c:392:5 602 Poorly documented large function
    convert/content_info.c:49:6 285 Poorly documented large function
    enriched.c:121:13 478 Poorly documented large function
    envelope/window.c:502:12 427 Poorly documented large function
    handler.c:1130:12 697 Poorly documented large function
    handler.c:1131:12 697 Poorly documented large function
    history/history.c:204:13 1115 Poorly documented large function
    index/functions.c:1343:12 292 Poorly documented large function
    index/functions.c:1461:12 291 Poorly documented large function
    mbox/mbox.c:183:27 293 Poorly documented large function
    mutt/filter.c:62:7 659 Poorly documented large function
    mutt_thread.c:235:13 294 Poorly documented large function
    mutt_thread.c:234:13 294 Poorly documented large function
    ncrypt/crypt.c:1117:5 1104 Poorly documented large function
    ncrypt/crypt.c:1243:5 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3535:14 296 Poorly documented large function
    ncrypt/pgp.c:1463:7 295 Poorly documented large function
    notmuch/notmuch.c:2250:22 298 Poorly documented large function
    pager/pager.c:131:12 526 Poorly documented large function
    pager/pager.c:132:12 526 Poorly documented large function
    pattern/exec.c:845:13 299 Poorly documented large function
    pattern/pattern.c:191:5 1128 Poorly documented large function
    pop/auth.c:523:5 300 Poorly documented large function
    recvcmd.c:949:6 694 Poorly documented large function
    send/send.c:1155:12 574 Poorly documented large function
    send/send.c:235:12 301 Poorly documented large function
    send/send.c:1154:12 574 Poorly documented large function
    send/sendlib.c:454:14 284 Poorly documented large function
    send/smtp.c:622:12 303 Poorly documented large function

    mutt/file.c:183:3 6 Time-of-check time-of-use filesystem race condition

    help.c:196:30 1191 Uncontrolled data used in path expression
    key/dump.c:200:24 1192 Uncontrolled data used in path expression
    send/sendlib.c:114:26 913 Uncontrolled data used in path expression

    send/sendmail.c:174:14 384 Uncontrolled process operation

    copy.c:79:35 1083 Unsigned comparison to zero
    gui/msgwin.c:144:51 1085 Unsigned comparison to zero
    imap/msg_set.c:84:41 1086 Unsigned comparison to zero
    imap/msg_set.c:89:41 1087 Unsigned comparison to zero
    imap/msn.c:118:38 1088 Unsigned comparison to zero
    imap/msn.c:85:38 1090 Unsigned comparison to zero

    expando/node_conddate.c:88:10 1099 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9 486 Year field changed using an arithmetic operation without checking for leap year
  5. flatcap revised this gist Jan 21, 2025. 2 changed files with 7 additions and 15 deletions.
    8 changes: 3 additions & 5 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    Last update: 2025-01-05
    Last update: 2025-01-21

    - Commit https://github.com/neomutt/neomutt/commit/e4b57e076df382a02f1e0125b8e08da9340bcc1a

    @@ -22,19 +22,17 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 106 Issues
    # 102 Issues

    27 Poorly documented large function
    27 For loop variable changed in body
    21 Local variable address stored in non-local memory
    9 Year field changed using an arithmetic operation without checking for leap year
    8 Long switch case
    3 Uncontrolled data used in path expression
    3 Nested loops with same variable
    2 File created without restricting permissions
    2 Cleartext transmission of sensitive information
    1 Unused static variable
    1 Uncontrolled process operation
    1 Uncontrolled data used in OS command
    1 Uncontrolled data used in path expression
    1 Time-of-check time-of-use filesystem race condition

    14 changes: 4 additions & 10 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -19,7 +19,7 @@ mutt/buffer.c:446:20 932 For loop variable changed in body
    mutt/file.c:1381:28 508 For loop variable changed in body
    mutt/file.c:1386:11 509 For loop variable changed in body
    mutt/path.c:80:13 217 For loop variable changed in body
    mutt/slist.c:199:7 218 For loop variable changed in body
    mutt/slist.c:201:7 218 For loop variable changed in body
    mutt_header.c:332:13 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13 224 For loop variable changed in body
    @@ -37,7 +37,7 @@ alias/dlg_query.c:313:3 326 Local variable address stored in non-local
    browser/dlg_browser.c:859:3 1130 Local variable address stored in non-local memory
    browser/dlg_browser.c:860:3 1131 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3 331 Local variable address stored in non-local memory
    editor/window.c:298:3 667 Local variable address stored in non-local memory
    editor/window.c:298:3 1187 Local variable address stored in non-local memory
    email/parse.c:258:9 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5 336 Local variable address stored in non-local memory
    email/thread.c:112:3 527 Local variable address stored in non-local memory
    @@ -82,11 +82,11 @@ mutt/filter.c:62:7 659 Poorly documented large function
    mutt_thread.c:235:13 294 Poorly documented large function
    ncrypt/crypt.c:1117:5 1104 Poorly documented large function
    ncrypt/crypt.c:1243:5 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14 296 Poorly documented large function
    ncrypt/crypt_gpgme.c:3535:14 296 Poorly documented large function
    ncrypt/pgp.c:1463:7 295 Poorly documented large function
    notmuch/notmuch.c:2250:22 298 Poorly documented large function
    pager/pager.c:131:12 526 Poorly documented large function
    pattern/exec.c:844:13 299 Poorly documented large function
    pattern/exec.c:845:13 299 Poorly documented large function
    pattern/pattern.c:191:5 1128 Poorly documented large function
    pop/auth.c:523:5 300 Poorly documented large function
    recvcmd.c:949:6 694 Poorly documented large function
    @@ -97,16 +97,10 @@ send/smtp.c:622:12 303 Poorly documented large function

    mutt/file.c:183:3 6 Time-of-check time-of-use filesystem race condition

    mutt/filter.c:151:36 1098 Uncontrolled data used in OS command

    help.c:483:24 1184 Uncontrolled data used in path expression
    notmuch/notmuch.c:842:21 1182 Uncontrolled data used in path expression
    send/sendlib.c:114:26 913 Uncontrolled data used in path expression

    send/sendmail.c:174:14 384 Uncontrolled process operation

    mutt_config.c:375:46 1138 Unused static variable

    expando/node_conddate.c:88:10 1099 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9 486 Year field changed using an arithmetic operation without checking for leap year
  6. flatcap revised this gist Jan 14, 2025. 2 changed files with 16 additions and 13 deletions.
    6 changes: 3 additions & 3 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -22,19 +22,19 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 103 Issues
    # 106 Issues

    27 Poorly documented large function
    26 For loop variable changed in body
    27 For loop variable changed in body
    21 Local variable address stored in non-local memory
    9 Year field changed using an arithmetic operation without checking for leap year
    8 Long switch case
    3 Uncontrolled data used in path expression
    3 Nested loops with same variable
    2 File created without restricting permissions
    2 Cleartext transmission of sensitive information
    1 Unused static variable
    1 Uncontrolled process operation
    1 Uncontrolled data used in path expression
    1 Uncontrolled data used in OS command
    1 Time-of-check time-of-use filesystem race condition

    23 changes: 13 additions & 10 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -14,12 +14,13 @@ email/rfc2231.c:119:7 571 For loop variable changed in body
    email/url.c:205:9 572 For loop variable changed in body
    imap/utf7.c:119:7 213 For loop variable changed in body
    imap/utf7.c:129:27 214 For loop variable changed in body
    imap/util.c:725:11 1183 For loop variable changed in body
    mutt/buffer.c:446:20 932 For loop variable changed in body
    mutt/file.c:1382:28 508 For loop variable changed in body
    mutt/file.c:1387:11 509 For loop variable changed in body
    mutt_header.c:332:13 510 For loop variable changed in body
    mutt/file.c:1381:28 508 For loop variable changed in body
    mutt/file.c:1386:11 509 For loop variable changed in body
    mutt/path.c:80:13 217 For loop variable changed in body
    mutt/slist.c:199:7 218 For loop variable changed in body
    mutt_header.c:332:13 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13 225 For loop variable changed in body
    @@ -36,7 +37,7 @@ alias/dlg_query.c:313:3 326 Local variable address stored in non-local
    browser/dlg_browser.c:859:3 1130 Local variable address stored in non-local memory
    browser/dlg_browser.c:860:3 1131 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3 331 Local variable address stored in non-local memory
    editor/window.c:299:3 667 Local variable address stored in non-local memory
    editor/window.c:298:3 667 Local variable address stored in non-local memory
    email/parse.c:258:9 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5 336 Local variable address stored in non-local memory
    email/thread.c:112:3 527 Local variable address stored in non-local memory
    @@ -58,7 +59,7 @@ flags.c:72:3 575 Long switch case
    muttlib.c:138:5 513 Long switch case
    ncrypt/gnupgparse.c:174:5 19 Long switch case
    ncrypt/smime.c:2047:5 20 Long switch case
    notmuch/notmuch.c:1367:3 21 Long switch case
    notmuch/notmuch.c:1386:3 21 Long switch case
    pattern/compile.c:373:5 23 Long switch case
    pattern/compile.c:936:5 692 Long switch case

    @@ -71,9 +72,9 @@ attach/recvattach.c:432:6 693 Poorly documented large function
    browser/dlg_browser.c:392:5 602 Poorly documented large function
    convert/content_info.c:49:6 285 Poorly documented large function
    enriched.c:121:13 478 Poorly documented large function
    envelope/window.c:500:12 427 Poorly documented large function
    envelope/window.c:502:12 427 Poorly documented large function
    handler.c:1130:12 697 Poorly documented large function
    history/history.c:206:13 1115 Poorly documented large function
    history/history.c:204:13 1115 Poorly documented large function
    index/functions.c:1343:12 292 Poorly documented large function
    index/functions.c:1461:12 291 Poorly documented large function
    mbox/mbox.c:183:27 293 Poorly documented large function
    @@ -83,21 +84,23 @@ ncrypt/crypt.c:1117:5 1104 Poorly documented large function
    ncrypt/crypt.c:1243:5 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14 296 Poorly documented large function
    ncrypt/pgp.c:1463:7 295 Poorly documented large function
    notmuch/notmuch.c:2231:22 298 Poorly documented large function
    notmuch/notmuch.c:2250:22 298 Poorly documented large function
    pager/pager.c:131:12 526 Poorly documented large function
    pattern/exec.c:844:13 299 Poorly documented large function
    pattern/pattern.c:191:5 1128 Poorly documented large function
    pop/auth.c:523:5 300 Poorly documented large function
    recvcmd.c:949:6 694 Poorly documented large function
    send/send.c:1154:12 574 Poorly documented large function
    send/send.c:235:12 301 Poorly documented large function
    send/send.c:1154:12 574 Poorly documented large function
    send/sendlib.c:454:14 284 Poorly documented large function
    send/smtp.c:622:12 303 Poorly documented large function

    mutt/file.c:184:3 6 Time-of-check time-of-use filesystem race condition
    mutt/file.c:183:3 6 Time-of-check time-of-use filesystem race condition

    mutt/filter.c:151:36 1098 Uncontrolled data used in OS command

    help.c:483:24 1184 Uncontrolled data used in path expression
    notmuch/notmuch.c:842:21 1182 Uncontrolled data used in path expression
    send/sendlib.c:114:26 913 Uncontrolled data used in path expression

    send/sendmail.c:174:14 384 Uncontrolled process operation
  7. flatcap revised this gist Jan 5, 2025. 2 changed files with 10 additions and 48 deletions.
    6 changes: 3 additions & 3 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    Last update: 2024-12-22
    Last update: 2025-01-05

    - Commit https://github.com/neomutt/neomutt/commit/e4b57e076df382a02f1e0125b8e08da9340bcc1a

    @@ -22,9 +22,8 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 142 Issues
    # 103 Issues

    40 Uncontrolled data used in path expression
    27 Poorly documented large function
    26 For loop variable changed in body
    21 Local variable address stored in non-local memory
    @@ -35,6 +34,7 @@ v1
    2 Cleartext transmission of sensitive information
    1 Unused static variable
    1 Uncontrolled process operation
    1 Uncontrolled data used in path expression
    1 Uncontrolled data used in OS command
    1 Time-of-check time-of-use filesystem race condition

    52 changes: 7 additions & 45 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -15,11 +15,11 @@ email/url.c:205:9 572 For loop variable changed in body
    imap/utf7.c:119:7 213 For loop variable changed in body
    imap/utf7.c:129:27 214 For loop variable changed in body
    mutt/buffer.c:446:20 932 For loop variable changed in body
    mutt/file.c:1488:28 508 For loop variable changed in body
    mutt/file.c:1493:11 509 For loop variable changed in body
    mutt/file.c:1382:28 508 For loop variable changed in body
    mutt/file.c:1387:11 509 For loop variable changed in body
    mutt_header.c:332:13 510 For loop variable changed in body
    mutt/path.c:80:13 217 For loop variable changed in body
    mutt/slist.c:199:7 218 For loop variable changed in body
    mutt_header.c:332:13 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13 225 For loop variable changed in body
    @@ -67,7 +67,7 @@ postpone/postpone.c:260:22 357 Nested loops with same variable
    postpone/postpone.c:297:16 358 Nested loops with same variable

    address/address.c:480:5 577 Poorly documented large function
    attach/recvattach.c:433:6 693 Poorly documented large function
    attach/recvattach.c:432:6 693 Poorly documented large function
    browser/dlg_browser.c:392:5 602 Poorly documented large function
    convert/content_info.c:49:6 285 Poorly documented large function
    enriched.c:121:13 478 Poorly documented large function
    @@ -89,55 +89,16 @@ pattern/exec.c:844:13 299 Poorly documented large function
    pattern/pattern.c:191:5 1128 Poorly documented large function
    pop/auth.c:523:5 300 Poorly documented large function
    recvcmd.c:949:6 694 Poorly documented large function
    send/send.c:235:12 301 Poorly documented large function
    send/send.c:1154:12 574 Poorly documented large function
    send/send.c:235:12 301 Poorly documented large function
    send/sendlib.c:454:14 284 Poorly documented large function
    send/smtp.c:622:12 303 Poorly documented large function

    mutt/file.c:245:3 6 Time-of-check time-of-use filesystem race condition
    mutt/file.c:184:3 6 Time-of-check time-of-use filesystem race condition

    mutt/filter.c:151:36 1098 Uncontrolled data used in OS command

    attach/cid.c:127:35 1142 Uncontrolled data used in path expression
    attach/cid.c:186:33 1140 Uncontrolled data used in path expression
    attach/cid.c:197:28 1141 Uncontrolled data used in path expression
    attach/mutt_attach.c:89:33 1151 Uncontrolled data used in path expression
    attach/mutt_attach.c:209:44 1147 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:33 1148 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:34 1149 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:59 1150 Uncontrolled data used in path expression
    attach/mutt_attach.c:490:37 1143 Uncontrolled data used in path expression
    attach/mutt_attach.c:494:46 1144 Uncontrolled data used in path expression
    attach/mutt_attach.c:555:40 1145 Uncontrolled data used in path expression
    attach/mutt_attach.c:720:22 1146 Uncontrolled data used in path expression
    color/dump.c:456:30 1152 Uncontrolled data used in path expression
    help.c:489:26 1153 Uncontrolled data used in path expression
    imap/imap.c:2171:29 1154 Uncontrolled data used in path expression
    imap/message.c:2016:31 1155 Uncontrolled data used in path expression
    ncrypt/crypt.c:865:34 1156 Uncontrolled data used in path expression
    ncrypt/crypt.c:938:20 1157 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:571:30 1158 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32 1164 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24 1165 Uncontrolled data used in path expression
    ncrypt/pgp.c:776:22 1166 Uncontrolled data used in path expression
    ncrypt/pgp.c:977:34 1162 Uncontrolled data used in path expression
    ncrypt/pgp.c:994:20 1163 Uncontrolled data used in path expression
    ncrypt/pgp.c:1047:32 1160 Uncontrolled data used in path expression
    ncrypt/pgp.c:1104:20 1161 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:279:34 1159 Uncontrolled data used in path expression
    nntp/newsrc.c:402:26 1167 Uncontrolled data used in path expression
    recvcmd.c:510:34 1173 Uncontrolled data used in path expression
    recvcmd.c:629:43 1174 Uncontrolled data used in path expression
    recvcmd.c:640:22 1175 Uncontrolled data used in path expression
    recvcmd.c:701:30 1171 Uncontrolled data used in path expression
    recvcmd.c:775:35 1172 Uncontrolled data used in path expression
    recvcmd.c:1012:28 1168 Uncontrolled data used in path expression
    recvcmd.c:1104:39 1169 Uncontrolled data used in path expression
    recvcmd.c:1114:22 1170 Uncontrolled data used in path expression
    send/sendlib.c:114:26 913 Uncontrolled data used in path expression
    send/sendlib.c:289:28 1177 Uncontrolled data used in path expression
    send/sendlib.c:339:22 1178 Uncontrolled data used in path expression
    send/sendlib.c:475:31 1176 Uncontrolled data used in path expression

    send/sendmail.c:174:14 384 Uncontrolled process operation

    @@ -152,3 +113,4 @@ mutt/date.c:592:8 522 Year field changed using an arithmetic oper
    mutt/date.c:757:8 1114 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:234:11 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:348:8 323 Year field changed using an arithmetic operation without checking for leap year

  8. flatcap revised this gist Dec 22, 2024. 2 changed files with 46 additions and 3 deletions.
    8 changes: 6 additions & 2 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -1,3 +1,7 @@
    Last update: 2024-12-22

    - Commit https://github.com/neomutt/neomutt/commit/e4b57e076df382a02f1e0125b8e08da9340bcc1a

    Issues:
    https://github.com/neomutt/neomutt/security/code-scanning

    @@ -18,8 +22,9 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 103 Issues
    # 142 Issues

    40 Uncontrolled data used in path expression
    27 Poorly documented large function
    26 For loop variable changed in body
    21 Local variable address stored in non-local memory
    @@ -30,7 +35,6 @@ v1
    2 Cleartext transmission of sensitive information
    1 Unused static variable
    1 Uncontrolled process operation
    1 Uncontrolled data used in path expression
    1 Uncontrolled data used in OS command
    1 Time-of-check time-of-use filesystem race condition

    41 changes: 40 additions & 1 deletion v1
    View file
    Original file line number Diff line number Diff line change
    @@ -19,7 +19,7 @@ mutt/file.c:1488:28 508 For loop variable changed in body
    mutt/file.c:1493:11 509 For loop variable changed in body
    mutt/path.c:80:13 217 For loop variable changed in body
    mutt/slist.c:199:7 218 For loop variable changed in body
    mutt_header.c:330:13 510 For loop variable changed in body
    mutt_header.c:332:13 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13 225 For loop variable changed in body
    @@ -98,7 +98,46 @@ mutt/file.c:245:3 6 Time-of-check time-of-use filesystem race c

    mutt/filter.c:151:36 1098 Uncontrolled data used in OS command

    attach/cid.c:127:35 1142 Uncontrolled data used in path expression
    attach/cid.c:186:33 1140 Uncontrolled data used in path expression
    attach/cid.c:197:28 1141 Uncontrolled data used in path expression
    attach/mutt_attach.c:89:33 1151 Uncontrolled data used in path expression
    attach/mutt_attach.c:209:44 1147 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:33 1148 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:34 1149 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:59 1150 Uncontrolled data used in path expression
    attach/mutt_attach.c:490:37 1143 Uncontrolled data used in path expression
    attach/mutt_attach.c:494:46 1144 Uncontrolled data used in path expression
    attach/mutt_attach.c:555:40 1145 Uncontrolled data used in path expression
    attach/mutt_attach.c:720:22 1146 Uncontrolled data used in path expression
    color/dump.c:456:30 1152 Uncontrolled data used in path expression
    help.c:489:26 1153 Uncontrolled data used in path expression
    imap/imap.c:2171:29 1154 Uncontrolled data used in path expression
    imap/message.c:2016:31 1155 Uncontrolled data used in path expression
    ncrypt/crypt.c:865:34 1156 Uncontrolled data used in path expression
    ncrypt/crypt.c:938:20 1157 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:571:30 1158 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32 1164 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24 1165 Uncontrolled data used in path expression
    ncrypt/pgp.c:776:22 1166 Uncontrolled data used in path expression
    ncrypt/pgp.c:977:34 1162 Uncontrolled data used in path expression
    ncrypt/pgp.c:994:20 1163 Uncontrolled data used in path expression
    ncrypt/pgp.c:1047:32 1160 Uncontrolled data used in path expression
    ncrypt/pgp.c:1104:20 1161 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:279:34 1159 Uncontrolled data used in path expression
    nntp/newsrc.c:402:26 1167 Uncontrolled data used in path expression
    recvcmd.c:510:34 1173 Uncontrolled data used in path expression
    recvcmd.c:629:43 1174 Uncontrolled data used in path expression
    recvcmd.c:640:22 1175 Uncontrolled data used in path expression
    recvcmd.c:701:30 1171 Uncontrolled data used in path expression
    recvcmd.c:775:35 1172 Uncontrolled data used in path expression
    recvcmd.c:1012:28 1168 Uncontrolled data used in path expression
    recvcmd.c:1104:39 1169 Uncontrolled data used in path expression
    recvcmd.c:1114:22 1170 Uncontrolled data used in path expression
    send/sendlib.c:114:26 913 Uncontrolled data used in path expression
    send/sendlib.c:289:28 1177 Uncontrolled data used in path expression
    send/sendlib.c:339:22 1178 Uncontrolled data used in path expression
    send/sendlib.c:475:31 1176 Uncontrolled data used in path expression

    send/sendmail.c:174:14 384 Uncontrolled process operation

  9. flatcap revised this gist Dec 7, 2024. 2 changed files with 23 additions and 19 deletions.
    4 changes: 3 additions & 1 deletion README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -18,7 +18,7 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 102 Issues
    # 103 Issues

    27 Poorly documented large function
    26 For loop variable changed in body
    @@ -28,7 +28,9 @@ v1
    3 Nested loops with same variable
    2 File created without restricting permissions
    2 Cleartext transmission of sensitive information
    1 Unused static variable
    1 Uncontrolled process operation
    1 Uncontrolled data used in path expression
    1 Uncontrolled data used in OS command
    1 Time-of-check time-of-use filesystem race condition

    38 changes: 20 additions & 18 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -1,11 +1,11 @@
    ncrypt/smime.c:888:11 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:923:13 3 Cleartext transmission of sensitive information
    ncrypt/smime.c:745:11 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:780:13 3 Cleartext transmission of sensitive information

    maildir/message.c:567:10 1103 File created without restricting permissions
    mh/shared.c:86:10 691 File created without restricting permissions

    compose/functions.c:645:9 187 For loop variable changed in body
    compose/functions.c:657:9 188 For loop variable changed in body
    compose/functions.c:649:9 187 For loop variable changed in body
    compose/functions.c:661:9 188 For loop variable changed in body
    email/parse.c:227:17 507 For loop variable changed in body
    email/parse.c:640:5 208 For loop variable changed in body
    email/parse.c:645:5 209 For loop variable changed in body
    @@ -27,37 +27,37 @@ ncrypt/gnupgparse.c:361:20 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:199:7 1109 For loop variable changed in body
    ncrypt/gpgme_functions.c:216:9 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:224:11 573 For loop variable changed in body
    ncrypt/smime.c:444:20 231 For loop variable changed in body
    ncrypt/smime.c:301:20 231 For loop variable changed in body
    nntp/complete.c:66:9 230 For loop variable changed in body
    pattern/pattern.c:120:7 483 For loop variable changed in body

    alias/dlg_alias.c:240:3 325 Local variable address stored in non-local memory
    alias/dlg_query.c:313:3 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1295:3 1130 Local variable address stored in non-local memory
    browser/dlg_browser.c:1296:3 1131 Local variable address stored in non-local memory
    browser/dlg_browser.c:859:3 1130 Local variable address stored in non-local memory
    browser/dlg_browser.c:860:3 1131 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3 331 Local variable address stored in non-local memory
    editor/window.c:299:3 667 Local variable address stored in non-local memory
    email/parse.c:258:9 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5 336 Local variable address stored in non-local memory
    email/thread.c:112:3 527 Local variable address stored in non-local memory
    history/dlg_history.c:155:3 1132 Local variable address stored in non-local memory
    history/dlg_history.c:132:3 1132 Local variable address stored in non-local memory
    imap/browse.c:165:3 341 Local variable address stored in non-local memory
    imap/browse.c:277:5 1100 Local variable address stored in non-local memory
    imap/command.c:687:3 343 Local variable address stored in non-local memory
    imap/command.c:686:3 343 Local variable address stored in non-local memory
    imap/imap.c:1303:3 344 Local variable address stored in non-local memory
    mutt/notify.c:210:3 1110 Local variable address stored in non-local memory
    mutt_thread.c:1066:5 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:531:3 1135 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:559:3 1133 Local variable address stored in non-local memory
    mutt_thread.c:1065:5 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:234:3 1135 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:234:3 1133 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:210:3 1134 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3 353 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:224:3 1136 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:223:3 1136 Local variable address stored in non-local memory

    email/parse.c:687:3 521 Long switch case
    flags.c:72:3 575 Long switch case
    muttlib.c:138:5 513 Long switch case
    ncrypt/gnupgparse.c:174:5 19 Long switch case
    ncrypt/smime.c:2190:5 20 Long switch case
    ncrypt/smime.c:2047:5 20 Long switch case
    notmuch/notmuch.c:1367:3 21 Long switch case
    pattern/compile.c:373:5 23 Long switch case
    pattern/compile.c:936:5 692 Long switch case
    @@ -68,7 +68,7 @@ postpone/postpone.c:297:16 358 Nested loops with same variable

    address/address.c:480:5 577 Poorly documented large function
    attach/recvattach.c:433:6 693 Poorly documented large function
    browser/dlg_browser.c:828:5 602 Poorly documented large function
    browser/dlg_browser.c:392:5 602 Poorly documented large function
    convert/content_info.c:49:6 285 Poorly documented large function
    enriched.c:121:13 478 Poorly documented large function
    envelope/window.c:500:12 427 Poorly documented large function
    @@ -89,10 +89,10 @@ pattern/exec.c:844:13 299 Poorly documented large function
    pattern/pattern.c:191:5 1128 Poorly documented large function
    pop/auth.c:523:5 300 Poorly documented large function
    recvcmd.c:949:6 694 Poorly documented large function
    send/send.c:236:12 301 Poorly documented large function
    send/send.c:1222:12 574 Poorly documented large function
    send/send.c:235:12 301 Poorly documented large function
    send/send.c:1154:12 574 Poorly documented large function
    send/sendlib.c:454:14 284 Poorly documented large function
    send/smtp.c:623:12 303 Poorly documented large function
    send/smtp.c:622:12 303 Poorly documented large function

    mutt/file.c:245:3 6 Time-of-check time-of-use filesystem race condition

    @@ -102,6 +102,8 @@ send/sendlib.c:114:26 913 Uncontrolled data used in path expression

    send/sendmail.c:174:14 384 Uncontrolled process operation

    mutt_config.c:375:46 1138 Unused static variable

    expando/node_conddate.c:88:10 1099 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9 486 Year field changed using an arithmetic operation without checking for leap year
  10. flatcap revised this gist Nov 23, 2024. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -4,7 +4,7 @@ Issues:
    How to use gh api:
    https://docs.github.com/en/rest/code-scanning/code-scanning?apiVersion=2022-11-28#list-code-scanning-alerts-for-a-repository

    # Download 4 pages of 100 issues
    # Download 2 pages of 100 issues

    gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=1" | json_reformat > s1.json
    gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=2" | json_reformat > s2.json
  11. flatcap revised this gist Nov 23, 2024. 2 changed files with 116 additions and 347 deletions.
    35 changes: 14 additions & 21 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -8,34 +8,27 @@ How to use gh api:

    gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=1" | json_reformat > s1.json
    gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=2" | json_reformat > s2.json
    gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=3" | json_reformat > s3.json
    gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=4" | json_reformat > s4.json

    # Export some fields

    jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column' s1.json > l1
    jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column' s2.json > l2
    jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column' s3.json > l3
    jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column' s4.json > l4

    # vim quickfix list

    v1

    # 323 Issues

    194 Uncontrolled data used in path expression
    44 For loop variable changed in body
    29 Poorly documented large function
    21 Local variable address stored in non-local memory
    11 Long switch case
    9 Year field changed using an arithmetic operation without checking for leap year
    3 Unused static variable
    3 Nested loops with same variable
    2 File created without restricting permissions
    2 Cleartext transmission of sensitive information
    1 Uncontrolled process operation
    1 Uncontrolled data used in OS command
    1 Time-of-check time-of-use filesystem race condition
    1 No trivial switch statements
    1 Inconsistent nullness check
    # 102 Issues

    27 Poorly documented large function
    26 For loop variable changed in body
    21 Local variable address stored in non-local memory
    9 Year field changed using an arithmetic operation without checking for leap year
    8 Long switch case
    3 Nested loops with same variable
    2 File created without restricting permissions
    2 Cleartext transmission of sensitive information
    1 Uncontrolled process operation
    1 Uncontrolled data used in path expression
    1 Uncontrolled data used in OS command
    1 Time-of-check time-of-use filesystem race condition
    428 changes: 102 additions & 326 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -1,337 +1,113 @@
    ncrypt/smime.c:888:11 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:923:13 3 Cleartext transmission of sensitive information
    ncrypt/smime.c:888:11 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:923:13 3 Cleartext transmission of sensitive information

    maildir/message.c:567:10 1103 File created without restricting permissions
    mh/shared.c:86:10 691 File created without restricting permissions
    maildir/message.c:567:10 1103 File created without restricting permissions
    mh/shared.c:86:10 691 File created without restricting permissions

    compose/functions.c:645:9 187 For loop variable changed in body
    compose/functions.c:657:9 188 For loop variable changed in body
    docs/makedoc.c:241:24 205 For loop variable changed in body
    docs/makedoc.c:263:7 419 For loop variable changed in body
    docs/makedoc.c:572:17 415 For loop variable changed in body
    docs/makedoc.c:577:17 416 For loop variable changed in body
    docs/makedoc.c:761:19 417 For loop variable changed in body
    docs/makedoc.c:766:19 418 For loop variable changed in body
    docs/makedoc.c:917:7 189 For loop variable changed in body
    docs/makedoc.c:922:7 190 For loop variable changed in body
    docs/makedoc.c:928:7 191 For loop variable changed in body
    docs/makedoc.c:934:7 192 For loop variable changed in body
    docs/makedoc.c:940:7 193 For loop variable changed in body
    docs/makedoc.c:946:7 194 For loop variable changed in body
    docs/makedoc.c:957:7 195 For loop variable changed in body
    docs/makedoc.c:968:7 196 For loop variable changed in body
    docs/makedoc.c:975:7 197 For loop variable changed in body
    docs/makedoc.c:979:9 198 For loop variable changed in body
    docs/makedoc.c:989:11 199 For loop variable changed in body
    docs/makedoc.c:996:9 414 For loop variable changed in body
    email/parse.c:227:17 507 For loop variable changed in body
    email/parse.c:640:5 208 For loop variable changed in body
    email/parse.c:645:5 209 For loop variable changed in body
    email/rfc2047.c:385:9 1063 For loop variable changed in body
    email/rfc2231.c:119:7 571 For loop variable changed in body
    email/url.c:205:9 572 For loop variable changed in body
    imap/utf7.c:119:7 213 For loop variable changed in body
    imap/utf7.c:129:27 214 For loop variable changed in body
    mutt/buffer.c:446:20 932 For loop variable changed in body
    mutt/file.c:1488:28 508 For loop variable changed in body
    mutt/file.c:1493:11 509 For loop variable changed in body
    mutt/path.c:80:13 217 For loop variable changed in body
    mutt/slist.c:199:7 218 For loop variable changed in body
    mutt_header.c:330:13 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13 225 For loop variable changed in body
    ncrypt/gnupgparse.c:361:20 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:199:7 1109 For loop variable changed in body
    ncrypt/gpgme_functions.c:216:9 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:224:11 573 For loop variable changed in body
    ncrypt/smime.c:444:20 231 For loop variable changed in body
    nntp/complete.c:66:9 230 For loop variable changed in body
    pattern/pattern.c:120:7 483 For loop variable changed in body
    compose/functions.c:645:9 187 For loop variable changed in body
    compose/functions.c:657:9 188 For loop variable changed in body
    email/parse.c:227:17 507 For loop variable changed in body
    email/parse.c:640:5 208 For loop variable changed in body
    email/parse.c:645:5 209 For loop variable changed in body
    email/rfc2047.c:385:9 1063 For loop variable changed in body
    email/rfc2231.c:119:7 571 For loop variable changed in body
    email/url.c:205:9 572 For loop variable changed in body
    imap/utf7.c:119:7 213 For loop variable changed in body
    imap/utf7.c:129:27 214 For loop variable changed in body
    mutt/buffer.c:446:20 932 For loop variable changed in body
    mutt/file.c:1488:28 508 For loop variable changed in body
    mutt/file.c:1493:11 509 For loop variable changed in body
    mutt/path.c:80:13 217 For loop variable changed in body
    mutt/slist.c:199:7 218 For loop variable changed in body
    mutt_header.c:330:13 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13 225 For loop variable changed in body
    ncrypt/gnupgparse.c:361:20 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:199:7 1109 For loop variable changed in body
    ncrypt/gpgme_functions.c:216:9 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:224:11 573 For loop variable changed in body
    ncrypt/smime.c:444:20 231 For loop variable changed in body
    nntp/complete.c:66:9 230 For loop variable changed in body
    pattern/pattern.c:120:7 483 For loop variable changed in body

    hdrline.c:362:15 1120 Inconsistent nullness check
    alias/dlg_alias.c:240:3 325 Local variable address stored in non-local memory
    alias/dlg_query.c:313:3 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1295:3 1130 Local variable address stored in non-local memory
    browser/dlg_browser.c:1296:3 1131 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3 331 Local variable address stored in non-local memory
    editor/window.c:299:3 667 Local variable address stored in non-local memory
    email/parse.c:258:9 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5 336 Local variable address stored in non-local memory
    email/thread.c:112:3 527 Local variable address stored in non-local memory
    history/dlg_history.c:155:3 1132 Local variable address stored in non-local memory
    imap/browse.c:165:3 341 Local variable address stored in non-local memory
    imap/browse.c:277:5 1100 Local variable address stored in non-local memory
    imap/command.c:687:3 343 Local variable address stored in non-local memory
    imap/imap.c:1303:3 344 Local variable address stored in non-local memory
    mutt/notify.c:210:3 1110 Local variable address stored in non-local memory
    mutt_thread.c:1066:5 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:531:3 1135 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:559:3 1133 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:210:3 1134 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3 353 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:224:3 1136 Local variable address stored in non-local memory

    alias/dlg_alias.c:240:3 325 Local variable address stored in non-local memory
    alias/dlg_query.c:313:3 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1295:3 1130 Local variable address stored in non-local memory
    browser/dlg_browser.c:1296:3 1131 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3 331 Local variable address stored in non-local memory
    editor/window.c:299:3 667 Local variable address stored in non-local memory
    email/parse.c:258:9 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5 336 Local variable address stored in non-local memory
    email/thread.c:112:3 527 Local variable address stored in non-local memory
    history/dlg_history.c:155:3 1132 Local variable address stored in non-local memory
    imap/browse.c:165:3 341 Local variable address stored in non-local memory
    imap/browse.c:277:5 1100 Local variable address stored in non-local memory
    imap/command.c:687:3 343 Local variable address stored in non-local memory
    imap/imap.c:1303:3 344 Local variable address stored in non-local memory
    mutt/notify.c:210:3 1110 Local variable address stored in non-local memory
    mutt_thread.c:1066:5 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:531:3 1135 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:559:3 1133 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:210:3 1134 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3 353 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:224:3 1136 Local variable address stored in non-local memory
    email/parse.c:687:3 521 Long switch case
    flags.c:72:3 575 Long switch case
    muttlib.c:138:5 513 Long switch case
    ncrypt/gnupgparse.c:174:5 19 Long switch case
    ncrypt/smime.c:2190:5 20 Long switch case
    notmuch/notmuch.c:1367:3 21 Long switch case
    pattern/compile.c:373:5 23 Long switch case
    pattern/compile.c:936:5 692 Long switch case

    docs/makedoc.c:324:3 12 Long switch case
    docs/makedoc.c:446:7 413 Long switch case
    docs/makedoc.c:1209:3 412 Long switch case
    email/parse.c:687:3 521 Long switch case
    flags.c:72:3 575 Long switch case
    muttlib.c:138:5 513 Long switch case
    ncrypt/gnupgparse.c:174:5 19 Long switch case
    ncrypt/smime.c:2190:5 20 Long switch case
    notmuch/notmuch.c:1367:3 21 Long switch case
    pattern/compile.c:373:5 23 Long switch case
    pattern/compile.c:936:5 692 Long switch case
    postpone/postpone.c:225:24 356 Nested loops with same variable
    postpone/postpone.c:260:22 357 Nested loops with same variable
    postpone/postpone.c:297:16 358 Nested loops with same variable

    postpone/postpone.c:225:24 356 Nested loops with same variable
    postpone/postpone.c:260:22 357 Nested loops with same variable
    postpone/postpone.c:297:16 358 Nested loops with same variable
    address/address.c:480:5 577 Poorly documented large function
    attach/recvattach.c:433:6 693 Poorly documented large function
    browser/dlg_browser.c:828:5 602 Poorly documented large function
    convert/content_info.c:49:6 285 Poorly documented large function
    enriched.c:121:13 478 Poorly documented large function
    envelope/window.c:500:12 427 Poorly documented large function
    handler.c:1130:12 697 Poorly documented large function
    history/history.c:206:13 1115 Poorly documented large function
    index/functions.c:1343:12 292 Poorly documented large function
    index/functions.c:1461:12 291 Poorly documented large function
    mbox/mbox.c:183:27 293 Poorly documented large function
    mutt/filter.c:62:7 659 Poorly documented large function
    mutt_thread.c:235:13 294 Poorly documented large function
    ncrypt/crypt.c:1117:5 1104 Poorly documented large function
    ncrypt/crypt.c:1243:5 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14 296 Poorly documented large function
    ncrypt/pgp.c:1463:7 295 Poorly documented large function
    notmuch/notmuch.c:2231:22 298 Poorly documented large function
    pager/pager.c:131:12 526 Poorly documented large function
    pattern/exec.c:844:13 299 Poorly documented large function
    pattern/pattern.c:191:5 1128 Poorly documented large function
    pop/auth.c:523:5 300 Poorly documented large function
    recvcmd.c:949:6 694 Poorly documented large function
    send/send.c:236:12 301 Poorly documented large function
    send/send.c:1222:12 574 Poorly documented large function
    send/sendlib.c:454:14 284 Poorly documented large function
    send/smtp.c:623:12 303 Poorly documented large function

    debug/names_expando.c:359:3 1116 No trivial switch statements
    mutt/file.c:245:3 6 Time-of-check time-of-use filesystem race condition

    address/address.c:480:5 577 Poorly documented large function
    attach/recvattach.c:433:6 693 Poorly documented large function
    browser/dlg_browser.c:828:5 602 Poorly documented large function
    convert/content_info.c:49:6 285 Poorly documented large function
    docs/makedoc.c:318:12 287 Poorly documented large function
    docs/makedoc.c:886:12 286 Poorly documented large function
    enriched.c:121:13 478 Poorly documented large function
    envelope/window.c:500:12 427 Poorly documented large function
    handler.c:1130:12 697 Poorly documented large function
    history/history.c:206:13 1115 Poorly documented large function
    index/functions.c:1343:12 292 Poorly documented large function
    index/functions.c:1461:12 291 Poorly documented large function
    mbox/mbox.c:183:27 293 Poorly documented large function
    mutt/filter.c:62:7 659 Poorly documented large function
    mutt_thread.c:235:13 294 Poorly documented large function
    ncrypt/crypt.c:1117:5 1104 Poorly documented large function
    ncrypt/crypt.c:1243:5 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14 296 Poorly documented large function
    ncrypt/pgp.c:1463:7 295 Poorly documented large function
    notmuch/notmuch.c:2231:22 298 Poorly documented large function
    pager/pager.c:131:12 526 Poorly documented large function
    pattern/exec.c:844:13 299 Poorly documented large function
    pattern/pattern.c:191:5 1128 Poorly documented large function
    pop/auth.c:523:5 300 Poorly documented large function
    recvcmd.c:949:6 694 Poorly documented large function
    send/send.c:236:12 301 Poorly documented large function
    send/send.c:1222:12 574 Poorly documented large function
    send/sendlib.c:454:14 284 Poorly documented large function
    send/smtp.c:623:12 303 Poorly documented large function
    mutt/filter.c:151:36 1098 Uncontrolled data used in OS command

    mutt/file.c:245:3 6 Time-of-check time-of-use filesystem race condition
    send/sendlib.c:114:26 913 Uncontrolled data used in path expression

    mutt/filter.c:151:36 1098 Uncontrolled data used in OS command
    send/sendmail.c:174:14 384 Uncontrolled process operation

    alias/alias.c:524:30 894 Uncontrolled data used in path expression
    attach/cid.c:127:35 727 Uncontrolled data used in path expression
    attach/cid.c:186:33 725 Uncontrolled data used in path expression
    attach/cid.c:197:28 726 Uncontrolled data used in path expression
    attach/mutt_attach.c:89:33 774 Uncontrolled data used in path expression
    attach/mutt_attach.c:170:41 1105 Uncontrolled data used in path expression
    attach/mutt_attach.c:209:44 772 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:33 1106 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:34 773 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:58 1107 Uncontrolled data used in path expression
    attach/mutt_attach.c:490:37 763 Uncontrolled data used in path expression
    attach/mutt_attach.c:494:46 764 Uncontrolled data used in path expression
    attach/mutt_attach.c:547:39 1095 Uncontrolled data used in path expression
    attach/mutt_attach.c:555:40 766 Uncontrolled data used in path expression
    attach/mutt_attach.c:630:40 767 Uncontrolled data used in path expression
    attach/mutt_attach.c:648:41 768 Uncontrolled data used in path expression
    attach/mutt_attach.c:652:48 769 Uncontrolled data used in path expression
    attach/mutt_attach.c:662:46 770 Uncontrolled data used in path expression
    attach/mutt_attach.c:720:22 771 Uncontrolled data used in path expression
    attach/mutt_attach.c:787:36 756 Uncontrolled data used in path expression
    attach/mutt_attach.c:800:48 757 Uncontrolled data used in path expression
    attach/mutt_attach.c:802:36 758 Uncontrolled data used in path expression
    attach/mutt_attach.c:825:39 759 Uncontrolled data used in path expression
    attach/mutt_attach.c:831:48 760 Uncontrolled data used in path expression
    attach/mutt_attach.c:839:29 902 Uncontrolled data used in path expression
    attach/mutt_attach.c:868:22 762 Uncontrolled data used in path expression
    attach/mutt_attach.c:998:39 901 Uncontrolled data used in path expression
    attach/mutt_attach.c:1074:38 1092 Uncontrolled data used in path expression
    attach/mutt_attach.c:1168:37 748 Uncontrolled data used in path expression
    attach/mutt_attach.c:1174:46 749 Uncontrolled data used in path expression
    attach/mutt_attach.c:1186:31 899 Uncontrolled data used in path expression
    attach/mutt_attach.c:1222:24 751 Uncontrolled data used in path expression
    attach/mutt_attach.c:1242:44 752 Uncontrolled data used in path expression
    attach/mutt_attach.c:1249:31 900 Uncontrolled data used in path expression
    attach/mutt_attach.c:1282:24 754 Uncontrolled data used in path expression
    attach/recvattach.c:249:46 746 Uncontrolled data used in path expression
    attach/recvattach.c:257:22 747 Uncontrolled data used in path expression
    attach/recvattach.c:353:46 745 Uncontrolled data used in path expression
    attach/recvattach.c:415:45 744 Uncontrolled data used in path expression
    attach/recvattach.c:506:51 897 Uncontrolled data used in path expression
    attach/recvattach.c:507:68 898 Uncontrolled data used in path expression
    attach/recvattach.c:568:44 739 Uncontrolled data used in path expression
    attach/recvattach.c:573:24 740 Uncontrolled data used in path expression
    attach/recvattach.c:581:24 741 Uncontrolled data used in path expression
    attach/recvattach.c:615:36 733 Uncontrolled data used in path expression
    attach/recvattach.c:629:36 734 Uncontrolled data used in path expression
    attach/recvattach.c:649:39 735 Uncontrolled data used in path expression
    attach/recvattach.c:652:48 736 Uncontrolled data used in path expression
    attach/recvattach.c:660:29 896 Uncontrolled data used in path expression
    attach/recvattach.c:679:22 738 Uncontrolled data used in path expression
    attach/recvattach.c:849:50 730 Uncontrolled data used in path expression
    attach/recvattach.c:858:37 895 Uncontrolled data used in path expression
    attach/recvattach.c:867:28 732 Uncontrolled data used in path expression
    bcache/bcache.c:196:30 729 Uncontrolled data used in path expression
    bcache/bcache.c:242:30 728 Uncontrolled data used in path expression
    color/dump.c:455:30 775 Uncontrolled data used in path expression
    commands.c:252:29 781 Uncontrolled data used in path expression
    commands.c:879:34 780 Uncontrolled data used in path expression
    commands.c:938:36 779 Uncontrolled data used in path expression
    commands.c:1624:34 778 Uncontrolled data used in path expression
    compose/functions.c:1476:30 777 Uncontrolled data used in path expression
    compose/functions.c:1902:51 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24 903 Uncontrolled data used in path expression
    docs/makedoc.c:1448:16 363 Uncontrolled data used in path expression
    editmsg.c:188:24 904 Uncontrolled data used in path expression
    gui/global.c:105:30 783 Uncontrolled data used in path expression
    handler.c:568:29 786 Uncontrolled data used in path expression
    handler.c:662:24 787 Uncontrolled data used in path expression
    handler.c:1375:39 784 Uncontrolled data used in path expression
    handler.c:1430:38 905 Uncontrolled data used in path expression
    help.c:489:26 1064 Uncontrolled data used in path expression
    imap/imap.c:2171:29 788 Uncontrolled data used in path expression
    imap/message.c:1151:24 790 Uncontrolled data used in path expression
    imap/message.c:2016:31 789 Uncontrolled data used in path expression
    key/dump.c:227:28 791 Uncontrolled data used in path expression
    mailcap.c:523:38 792 Uncontrolled data used in path expression
    maildir/mailbox.c:360:33 931 Uncontrolled data used in path expression
    maildir/message.c:141:28 929 Uncontrolled data used in path expression
    main.c:1092:35 1065 Uncontrolled data used in path expression
    main.c:1115:34 1066 Uncontrolled data used in path expression
    main.c:1137:33 1067 Uncontrolled data used in path expression
    main.c:1247:42 1068 Uncontrolled data used in path expression
    main.c:1263:34 1069 Uncontrolled data used in path expression
    mbox/mbox.c:1126:17 795 Uncontrolled data used in path expression
    mbox/mbox.c:1260:24 907 Uncontrolled data used in path expression
    mutt_body.c:69:39 797 Uncontrolled data used in path expression
    ncrypt/crypt.c:865:34 800 Uncontrolled data used in path expression
    ncrypt/crypt.c:938:20 801 Uncontrolled data used in path expression
    ncrypt/crypt.c:1314:46 798 Uncontrolled data used in path expression
    ncrypt/crypt.c:1344:24 799 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:426:34 805 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:571:30 804 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2226:42 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2233:34 908 Uncontrolled data used in path expression
    ncrypt/gpgme_functions.c:642:30 1070 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32 833 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24 843 Uncontrolled data used in path expression
    ncrypt/pgp.c:776:22 854 Uncontrolled data used in path expression
    ncrypt/pgp.c:816:42 823 Uncontrolled data used in path expression
    ncrypt/pgp.c:823:34 909 Uncontrolled data used in path expression
    ncrypt/pgp.c:907:34 821 Uncontrolled data used in path expression
    ncrypt/pgp.c:957:20 822 Uncontrolled data used in path expression
    ncrypt/pgp.c:977:34 819 Uncontrolled data used in path expression
    ncrypt/pgp.c:994:20 820 Uncontrolled data used in path expression
    ncrypt/pgp.c:1047:32 817 Uncontrolled data used in path expression
    ncrypt/pgp.c:1104:20 818 Uncontrolled data used in path expression
    ncrypt/pgp.c:1346:34 814 Uncontrolled data used in path expression
    ncrypt/pgp.c:1353:31 815 Uncontrolled data used in path expression
    ncrypt/pgp.c:1439:58 816 Uncontrolled data used in path expression
    ncrypt/pgp.c:1600:34 812 Uncontrolled data used in path expression
    ncrypt/pgp.c:1617:28 813 Uncontrolled data used in path expression
    ncrypt/pgp.c:1747:37 807 Uncontrolled data used in path expression
    ncrypt/pgp.c:1792:38 809 Uncontrolled data used in path expression
    ncrypt/pgp.c:1814:22 810 Uncontrolled data used in path expression
    ncrypt/pgp.c:1829:20 811 Uncontrolled data used in path expression
    ncrypt/pgp_functions.c:132:34 806 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:280:34 808 Uncontrolled data used in path expression
    ncrypt/smime.c:497:30 859 Uncontrolled data used in path expression
    ncrypt/smime.c:969:28 851 Uncontrolled data used in path expression
    ncrypt/smime.c:1003:29 852 Uncontrolled data used in path expression
    ncrypt/smime.c:1007:22 853 Uncontrolled data used in path expression
    ncrypt/smime.c:1019:22 855 Uncontrolled data used in path expression
    ncrypt/smime.c:1025:20 856 Uncontrolled data used in path expression
    ncrypt/smime.c:1047:22 857 Uncontrolled data used in path expression
    ncrypt/smime.c:1052:22 858 Uncontrolled data used in path expression
    ncrypt/smime.c:1080:34 849 Uncontrolled data used in path expression
    ncrypt/smime.c:1123:22 850 Uncontrolled data used in path expression
    ncrypt/smime.c:1187:22 848 Uncontrolled data used in path expression
    ncrypt/smime.c:1215:34 844 Uncontrolled data used in path expression
    ncrypt/smime.c:1246:24 845 Uncontrolled data used in path expression
    ncrypt/smime.c:1256:24 846 Uncontrolled data used in path expression
    ncrypt/smime.c:1269:20 847 Uncontrolled data used in path expression
    ncrypt/smime.c:1349:28 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1364:28 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1398:22 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1405:20 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1430:22 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1452:22 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1458:22 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1526:29 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1534:34 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1566:22 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1591:20 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1599:22 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1637:22 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1642:22 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1724:35 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1749:34 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1799:20 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1850:28 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1871:22 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1883:22 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1902:20 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2018:22 1075 Uncontrolled data used in path expression
    nntp/newsrc.c:182:47 371 Uncontrolled data used in path expression
    nntp/newsrc.c:187:45 580 Uncontrolled data used in path expression
    nntp/newsrc.c:404:26 579 Uncontrolled data used in path expression
    nntp/newsrc.c:623:30 860 Uncontrolled data used in path expression
    nntp/nntp.c:2692:41 861 Uncontrolled data used in path expression
    pager/functions.c:1027:29 862 Uncontrolled data used in path expression
    pager/message.c:219:34 863 Uncontrolled data used in path expression
    pager/message.c:265:22 864 Uncontrolled data used in path expression
    pattern/exec.c:733:26 865 Uncontrolled data used in path expression
    pop/pop.c:1035:33 867 Uncontrolled data used in path expression
    postpone/postpone.c:410:38 868 Uncontrolled data used in path expression
    recvcmd.c:510:34 875 Uncontrolled data used in path expression
    recvcmd.c:629:43 876 Uncontrolled data used in path expression
    recvcmd.c:640:22 956 Uncontrolled data used in path expression
    recvcmd.c:701:30 872 Uncontrolled data used in path expression
    recvcmd.c:775:35 874 Uncontrolled data used in path expression
    recvcmd.c:1012:28 869 Uncontrolled data used in path expression
    recvcmd.c:1104:39 870 Uncontrolled data used in path expression
    recvcmd.c:1114:22 955 Uncontrolled data used in path expression
    rfc3676.c:492:34 375 Uncontrolled data used in path expression
    rfc3676.c:505:34 873 Uncontrolled data used in path expression
    send/body.c:339:30 911 Uncontrolled data used in path expression
    send/send.c:1501:34 888 Uncontrolled data used in path expression
    send/send.c:1533:25 889 Uncontrolled data used in path expression
    send/send.c:1539:29 890 Uncontrolled data used in path expression
    send/send.c:2064:45 380 Uncontrolled data used in path expression
    send/send.c:2072:49 381 Uncontrolled data used in path expression
    send/send.c:2497:40 1076 Uncontrolled data used in path expression
    send/send.c:2506:32 884 Uncontrolled data used in path expression
    send/send.c:2987:32 880 Uncontrolled data used in path expression
    send/sendlib.c:114:26 913 Uncontrolled data used in path expression
    send/sendlib.c:222:38 887 Uncontrolled data used in path expression
    send/sendlib.c:270:57 912 Uncontrolled data used in path expression
    send/sendlib.c:289:28 1077 Uncontrolled data used in path expression
    send/sendlib.c:339:22 1078 Uncontrolled data used in path expression
    send/sendlib.c:475:31 1094 Uncontrolled data used in path expression
    send/sendlib.c:856:34 881 Uncontrolled data used in path expression
    send/sendlib.c:893:53 882 Uncontrolled data used in path expression
    send/sendlib.c:898:62 883 Uncontrolled data used in path expression
    send/sendlib.c:1089:30 879 Uncontrolled data used in path expression

    send/sendmail.c:174:14 384 Uncontrolled process operation

    mutt_config.c:67:29 1137 Unused static variable
    mutt_config.c:376:46 1079 Unused static variable
    send/config.c:51:46 1080 Unused static variable

    expando/node_conddate.c:88:10 1099 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9 486 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:370:11 321 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:384:11 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:592:8 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:757:8 1114 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:234:11 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:348:8 323 Year field changed using an arithmetic operation without checking for leap year
    expando/node_conddate.c:88:10 1099 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9 486 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:370:11 321 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:384:11 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:592:8 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:757:8 1114 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:234:11 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:348:8 323 Year field changed using an arithmetic operation without checking for leap year
  12. flatcap revised this gist Nov 22, 2024. 2 changed files with 41 additions and 40 deletions.
    4 changes: 2 additions & 2 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -22,16 +22,16 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 322 Issues
    # 323 Issues

    194 Uncontrolled data used in path expression
    44 For loop variable changed in body
    29 Poorly documented large function
    21 Local variable address stored in non-local memory
    11 Long switch case
    9 Year field changed using an arithmetic operation without checking for leap year
    3 Unused static variable
    3 Nested loops with same variable
    2 Unused static variable
    2 File created without restricting permissions
    2 Cleartext transmission of sensitive information
    1 Uncontrolled process operation
    77 changes: 39 additions & 38 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -1,7 +1,7 @@
    ncrypt/smime.c:888:11 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:923:13 3 Cleartext transmission of sensitive information

    maildir/message.c:568:10 1103 File created without restricting permissions
    maildir/message.c:567:10 1103 File created without restricting permissions
    mh/shared.c:86:10 691 File created without restricting permissions

    compose/functions.c:645:9 187 For loop variable changed in body
    @@ -49,12 +49,12 @@ ncrypt/smime.c:444:20 231 For loop variable changed in body
    nntp/complete.c:66:9 230 For loop variable changed in body
    pattern/pattern.c:120:7 483 For loop variable changed in body

    hdrline.c:363:15 1120 Inconsistent nullness check
    hdrline.c:362:15 1120 Inconsistent nullness check

    alias/dlg_alias.c:239:3 325 Local variable address stored in non-local memory
    alias/dlg_query.c:312:3 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1293:3 1130 Local variable address stored in non-local memory
    browser/dlg_browser.c:1294:3 1131 Local variable address stored in non-local memory
    alias/dlg_alias.c:240:3 325 Local variable address stored in non-local memory
    alias/dlg_query.c:313:3 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1295:3 1130 Local variable address stored in non-local memory
    browser/dlg_browser.c:1296:3 1131 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3 331 Local variable address stored in non-local memory
    editor/window.c:299:3 667 Local variable address stored in non-local memory
    email/parse.c:258:9 334 Local variable address stored in non-local memory
    @@ -64,18 +64,18 @@ history/dlg_history.c:155:3 1132 Local variable address stored in non-loc
    imap/browse.c:165:3 341 Local variable address stored in non-local memory
    imap/browse.c:277:5 1100 Local variable address stored in non-local memory
    imap/command.c:687:3 343 Local variable address stored in non-local memory
    imap/imap.c:1304:3 344 Local variable address stored in non-local memory
    imap/imap.c:1303:3 344 Local variable address stored in non-local memory
    mutt/notify.c:210:3 1110 Local variable address stored in non-local memory
    mutt_thread.c:1067:5 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:683:3 1135 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:678:3 1133 Local variable address stored in non-local memory
    mutt_thread.c:1066:5 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:531:3 1135 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:559:3 1133 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:210:3 1134 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3 353 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:224:3 1136 Local variable address stored in non-local memory

    docs/makedoc.c:324:3 12 Long switch case
    docs/makedoc.c:446:7 413 Long switch case
    docs/makedoc.c:1194:3 412 Long switch case
    docs/makedoc.c:1209:3 412 Long switch case
    email/parse.c:687:3 521 Long switch case
    flags.c:72:3 575 Long switch case
    muttlib.c:138:5 513 Long switch case
    @@ -93,19 +93,19 @@ debug/names_expando.c:359:3 1116 No trivial switch statements

    address/address.c:480:5 577 Poorly documented large function
    attach/recvattach.c:433:6 693 Poorly documented large function
    browser/dlg_browser.c:826:5 602 Poorly documented large function
    browser/dlg_browser.c:828:5 602 Poorly documented large function
    convert/content_info.c:49:6 285 Poorly documented large function
    docs/makedoc.c:318:12 287 Poorly documented large function
    docs/makedoc.c:886:12 286 Poorly documented large function
    enriched.c:121:13 478 Poorly documented large function
    envelope/window.c:500:12 427 Poorly documented large function
    handler.c:1129:12 697 Poorly documented large function
    handler.c:1130:12 697 Poorly documented large function
    history/history.c:206:13 1115 Poorly documented large function
    index/functions.c:1344:12 292 Poorly documented large function
    index/functions.c:1462:12 291 Poorly documented large function
    mbox/mbox.c:184:27 293 Poorly documented large function
    index/functions.c:1343:12 292 Poorly documented large function
    index/functions.c:1461:12 291 Poorly documented large function
    mbox/mbox.c:183:27 293 Poorly documented large function
    mutt/filter.c:62:7 659 Poorly documented large function
    mutt_thread.c:236:13 294 Poorly documented large function
    mutt_thread.c:235:13 294 Poorly documented large function
    ncrypt/crypt.c:1117:5 1104 Poorly documented large function
    ncrypt/crypt.c:1243:5 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14 296 Poorly documented large function
    @@ -116,8 +116,8 @@ pattern/exec.c:844:13 299 Poorly documented large function
    pattern/pattern.c:191:5 1128 Poorly documented large function
    pop/auth.c:523:5 300 Poorly documented large function
    recvcmd.c:949:6 694 Poorly documented large function
    send/send.c:237:12 301 Poorly documented large function
    send/send.c:1223:12 574 Poorly documented large function
    send/send.c:236:12 301 Poorly documented large function
    send/send.c:1222:12 574 Poorly documented large function
    send/sendlib.c:454:14 284 Poorly documented large function
    send/smtp.c:623:12 303 Poorly documented large function

    @@ -188,28 +188,28 @@ commands.c:1624:34 778 Uncontrolled data used in path expressio
    compose/functions.c:1476:30 777 Uncontrolled data used in path expression
    compose/functions.c:1902:51 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24 903 Uncontrolled data used in path expression
    docs/makedoc.c:1433:16 363 Uncontrolled data used in path expression
    docs/makedoc.c:1448:16 363 Uncontrolled data used in path expression
    editmsg.c:188:24 904 Uncontrolled data used in path expression
    gui/global.c:105:30 783 Uncontrolled data used in path expression
    handler.c:567:29 786 Uncontrolled data used in path expression
    handler.c:661:24 787 Uncontrolled data used in path expression
    handler.c:1374:39 784 Uncontrolled data used in path expression
    handler.c:1429:38 905 Uncontrolled data used in path expression
    handler.c:568:29 786 Uncontrolled data used in path expression
    handler.c:662:24 787 Uncontrolled data used in path expression
    handler.c:1375:39 784 Uncontrolled data used in path expression
    handler.c:1430:38 905 Uncontrolled data used in path expression
    help.c:489:26 1064 Uncontrolled data used in path expression
    imap/imap.c:2172:29 788 Uncontrolled data used in path expression
    imap/imap.c:2171:29 788 Uncontrolled data used in path expression
    imap/message.c:1151:24 790 Uncontrolled data used in path expression
    imap/message.c:2016:31 789 Uncontrolled data used in path expression
    key/dump.c:227:28 791 Uncontrolled data used in path expression
    mailcap.c:523:38 792 Uncontrolled data used in path expression
    maildir/mailbox.c:361:33 931 Uncontrolled data used in path expression
    maildir/message.c:142:28 929 Uncontrolled data used in path expression
    maildir/mailbox.c:360:33 931 Uncontrolled data used in path expression
    maildir/message.c:141:28 929 Uncontrolled data used in path expression
    main.c:1092:35 1065 Uncontrolled data used in path expression
    main.c:1115:34 1066 Uncontrolled data used in path expression
    main.c:1137:33 1067 Uncontrolled data used in path expression
    main.c:1247:42 1068 Uncontrolled data used in path expression
    main.c:1263:34 1069 Uncontrolled data used in path expression
    mbox/mbox.c:1127:17 795 Uncontrolled data used in path expression
    mbox/mbox.c:1261:24 907 Uncontrolled data used in path expression
    mbox/mbox.c:1126:17 795 Uncontrolled data used in path expression
    mbox/mbox.c:1260:24 907 Uncontrolled data used in path expression
    mutt_body.c:69:39 797 Uncontrolled data used in path expression
    ncrypt/crypt.c:865:34 800 Uncontrolled data used in path expression
    ncrypt/crypt.c:938:20 801 Uncontrolled data used in path expression
    @@ -301,14 +301,14 @@ recvcmd.c:1114:22 955 Uncontrolled data used in path expressio
    rfc3676.c:492:34 375 Uncontrolled data used in path expression
    rfc3676.c:505:34 873 Uncontrolled data used in path expression
    send/body.c:339:30 911 Uncontrolled data used in path expression
    send/send.c:1502:34 888 Uncontrolled data used in path expression
    send/send.c:1534:25 889 Uncontrolled data used in path expression
    send/send.c:1540:29 890 Uncontrolled data used in path expression
    send/send.c:2065:45 380 Uncontrolled data used in path expression
    send/send.c:2073:49 381 Uncontrolled data used in path expression
    send/send.c:2498:40 1076 Uncontrolled data used in path expression
    send/send.c:2507:32 884 Uncontrolled data used in path expression
    send/send.c:2988:32 880 Uncontrolled data used in path expression
    send/send.c:1501:34 888 Uncontrolled data used in path expression
    send/send.c:1533:25 889 Uncontrolled data used in path expression
    send/send.c:1539:29 890 Uncontrolled data used in path expression
    send/send.c:2064:45 380 Uncontrolled data used in path expression
    send/send.c:2072:49 381 Uncontrolled data used in path expression
    send/send.c:2497:40 1076 Uncontrolled data used in path expression
    send/send.c:2506:32 884 Uncontrolled data used in path expression
    send/send.c:2987:32 880 Uncontrolled data used in path expression
    send/sendlib.c:114:26 913 Uncontrolled data used in path expression
    send/sendlib.c:222:38 887 Uncontrolled data used in path expression
    send/sendlib.c:270:57 912 Uncontrolled data used in path expression
    @@ -322,7 +322,8 @@ send/sendlib.c:1089:30 879 Uncontrolled data used in path expressio

    send/sendmail.c:174:14 384 Uncontrolled process operation

    mutt_config.c:374:46 1079 Unused static variable
    mutt_config.c:67:29 1137 Unused static variable
    mutt_config.c:376:46 1079 Unused static variable
    send/config.c:51:46 1080 Unused static variable

    expando/node_conddate.c:88:10 1099 Year field changed using an arithmetic operation without checking for leap year
  13. flatcap revised this gist Nov 19, 2024. 2 changed files with 324 additions and 324 deletions.
    4 changes: 2 additions & 2 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -26,8 +26,8 @@ v1

    194 Uncontrolled data used in path expression
    44 For loop variable changed in body
    28 Poorly documented large function
    22 Local variable address stored in non-local memory
    29 Poorly documented large function
    21 Local variable address stored in non-local memory
    11 Long switch case
    9 Year field changed using an arithmetic operation without checking for leap year
    3 Nested loops with same variable
    644 changes: 322 additions & 322 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -1,336 +1,336 @@
    ncrypt/smime.c:886:11: 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:921:13: 3 Cleartext transmission of sensitive information
    ncrypt/smime.c:888:11 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:923:13 3 Cleartext transmission of sensitive information

    maildir/message.c:568:10: 1103 File created without restricting permissions
    mh/shared.c:86:10: 691 File created without restricting permissions
    maildir/message.c:568:10 1103 File created without restricting permissions
    mh/shared.c:86:10 691 File created without restricting permissions

    compose/functions.c:645:9: 187 For loop variable changed in body
    compose/functions.c:657:9: 188 For loop variable changed in body
    docs/makedoc.c:241:24: 205 For loop variable changed in body
    docs/makedoc.c:263:7: 419 For loop variable changed in body
    docs/makedoc.c:572:17: 415 For loop variable changed in body
    docs/makedoc.c:577:17: 416 For loop variable changed in body
    docs/makedoc.c:761:19: 417 For loop variable changed in body
    docs/makedoc.c:766:19: 418 For loop variable changed in body
    docs/makedoc.c:917:7: 189 For loop variable changed in body
    docs/makedoc.c:922:7: 190 For loop variable changed in body
    docs/makedoc.c:928:7: 191 For loop variable changed in body
    docs/makedoc.c:934:7: 192 For loop variable changed in body
    docs/makedoc.c:940:7: 193 For loop variable changed in body
    docs/makedoc.c:946:7: 194 For loop variable changed in body
    docs/makedoc.c:957:7: 195 For loop variable changed in body
    docs/makedoc.c:968:7: 196 For loop variable changed in body
    docs/makedoc.c:975:7: 197 For loop variable changed in body
    docs/makedoc.c:979:9: 198 For loop variable changed in body
    docs/makedoc.c:989:11: 199 For loop variable changed in body
    docs/makedoc.c:996:9: 414 For loop variable changed in body
    email/parse.c:227:17: 507 For loop variable changed in body
    email/parse.c:640:5: 208 For loop variable changed in body
    email/parse.c:645:5: 209 For loop variable changed in body
    email/rfc2047.c:385:9: 1063 For loop variable changed in body
    email/rfc2231.c:119:7: 571 For loop variable changed in body
    email/url.c:205:9: 572 For loop variable changed in body
    imap/utf7.c:119:7: 213 For loop variable changed in body
    imap/utf7.c:129:27: 214 For loop variable changed in body
    mutt/buffer.c:446:20: 932 For loop variable changed in body
    mutt/file.c:1488:28: 508 For loop variable changed in body
    mutt/file.c:1493:11: 509 For loop variable changed in body
    mutt/path.c:80:13: 217 For loop variable changed in body
    mutt/slist.c:199:7: 218 For loop variable changed in body
    mutt_header.c:330:13: 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13: 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13: 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13: 225 For loop variable changed in body
    ncrypt/gnupgparse.c:361:20: 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:199:7: 227 For loop variable changed in body
    ncrypt/gpgme_functions.c:216:9: 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:224:11: 573 For loop variable changed in body
    ncrypt/smime.c:444:20: 231 For loop variable changed in body
    nntp/complete.c:66:9: 230 For loop variable changed in body
    pattern/pattern.c:120:7: 483 For loop variable changed in body
    compose/functions.c:645:9 187 For loop variable changed in body
    compose/functions.c:657:9 188 For loop variable changed in body
    docs/makedoc.c:241:24 205 For loop variable changed in body
    docs/makedoc.c:263:7 419 For loop variable changed in body
    docs/makedoc.c:572:17 415 For loop variable changed in body
    docs/makedoc.c:577:17 416 For loop variable changed in body
    docs/makedoc.c:761:19 417 For loop variable changed in body
    docs/makedoc.c:766:19 418 For loop variable changed in body
    docs/makedoc.c:917:7 189 For loop variable changed in body
    docs/makedoc.c:922:7 190 For loop variable changed in body
    docs/makedoc.c:928:7 191 For loop variable changed in body
    docs/makedoc.c:934:7 192 For loop variable changed in body
    docs/makedoc.c:940:7 193 For loop variable changed in body
    docs/makedoc.c:946:7 194 For loop variable changed in body
    docs/makedoc.c:957:7 195 For loop variable changed in body
    docs/makedoc.c:968:7 196 For loop variable changed in body
    docs/makedoc.c:975:7 197 For loop variable changed in body
    docs/makedoc.c:979:9 198 For loop variable changed in body
    docs/makedoc.c:989:11 199 For loop variable changed in body
    docs/makedoc.c:996:9 414 For loop variable changed in body
    email/parse.c:227:17 507 For loop variable changed in body
    email/parse.c:640:5 208 For loop variable changed in body
    email/parse.c:645:5 209 For loop variable changed in body
    email/rfc2047.c:385:9 1063 For loop variable changed in body
    email/rfc2231.c:119:7 571 For loop variable changed in body
    email/url.c:205:9 572 For loop variable changed in body
    imap/utf7.c:119:7 213 For loop variable changed in body
    imap/utf7.c:129:27 214 For loop variable changed in body
    mutt/buffer.c:446:20 932 For loop variable changed in body
    mutt/file.c:1488:28 508 For loop variable changed in body
    mutt/file.c:1493:11 509 For loop variable changed in body
    mutt/path.c:80:13 217 For loop variable changed in body
    mutt/slist.c:199:7 218 For loop variable changed in body
    mutt_header.c:330:13 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13 225 For loop variable changed in body
    ncrypt/gnupgparse.c:361:20 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:199:7 1109 For loop variable changed in body
    ncrypt/gpgme_functions.c:216:9 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:224:11 573 For loop variable changed in body
    ncrypt/smime.c:444:20 231 For loop variable changed in body
    nntp/complete.c:66:9 230 For loop variable changed in body
    pattern/pattern.c:120:7 483 For loop variable changed in body

    hdrline.c:363:15: 1120 Inconsistent nullness check
    hdrline.c:363:15 1120 Inconsistent nullness check

    alias/dlg_alias.c:343:3: 325 Local variable address stored in non-local memory
    alias/dlg_query.c:390:3: 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1296:3: 605 Local variable address stored in non-local memory
    browser/dlg_browser.c:1297:3: 606 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3: 331 Local variable address stored in non-local memory
    editor/window.c:299:3: 667 Local variable address stored in non-local memory
    email/parse.c:258:9: 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5: 336 Local variable address stored in non-local memory
    email/thread.c:112:3: 527 Local variable address stored in non-local memory
    history/dlg_history.c:156:3: 666 Local variable address stored in non-local memory
    imap/browse.c:165:3: 341 Local variable address stored in non-local memory
    imap/browse.c:277:5: 1100 Local variable address stored in non-local memory
    imap/command.c:687:3: 343 Local variable address stored in non-local memory
    imap/imap.c:1304:3: 344 Local variable address stored in non-local memory
    mutt/notify.c:210:3: 348 Local variable address stored in non-local memory
    mutt_thread.c:1064:5: 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:704:3: 609 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:698:3: 608 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:228:3: 352 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3: 353 Local variable address stored in non-local memory
    pattern/dlg_pattern.c:348:3: 610 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:222:3: 611 Local variable address stored in non-local memory
    alias/dlg_alias.c:239:3 325 Local variable address stored in non-local memory
    alias/dlg_query.c:312:3 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1293:3 1130 Local variable address stored in non-local memory
    browser/dlg_browser.c:1294:3 1131 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3 331 Local variable address stored in non-local memory
    editor/window.c:299:3 667 Local variable address stored in non-local memory
    email/parse.c:258:9 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5 336 Local variable address stored in non-local memory
    email/thread.c:112:3 527 Local variable address stored in non-local memory
    history/dlg_history.c:155:3 1132 Local variable address stored in non-local memory
    imap/browse.c:165:3 341 Local variable address stored in non-local memory
    imap/browse.c:277:5 1100 Local variable address stored in non-local memory
    imap/command.c:687:3 343 Local variable address stored in non-local memory
    imap/imap.c:1304:3 344 Local variable address stored in non-local memory
    mutt/notify.c:210:3 1110 Local variable address stored in non-local memory
    mutt_thread.c:1067:5 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:683:3 1135 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:678:3 1133 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:210:3 1134 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3 353 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:224:3 1136 Local variable address stored in non-local memory

    docs/makedoc.c:324:3: 12 Long switch case
    docs/makedoc.c:446:7: 413 Long switch case
    docs/makedoc.c:1194:3: 412 Long switch case
    email/parse.c:687:3: 521 Long switch case
    flags.c:72:3: 575 Long switch case
    muttlib.c:138:5: 513 Long switch case
    ncrypt/gnupgparse.c:174:5: 19 Long switch case
    ncrypt/smime.c:2188:5: 20 Long switch case
    notmuch/notmuch.c:1367:3: 21 Long switch case
    pattern/compile.c:373:5: 23 Long switch case
    pattern/compile.c:936:5: 692 Long switch case
    docs/makedoc.c:324:3 12 Long switch case
    docs/makedoc.c:446:7 413 Long switch case
    docs/makedoc.c:1194:3 412 Long switch case
    email/parse.c:687:3 521 Long switch case
    flags.c:72:3 575 Long switch case
    muttlib.c:138:5 513 Long switch case
    ncrypt/gnupgparse.c:174:5 19 Long switch case
    ncrypt/smime.c:2190:5 20 Long switch case
    notmuch/notmuch.c:1367:3 21 Long switch case
    pattern/compile.c:373:5 23 Long switch case
    pattern/compile.c:936:5 692 Long switch case

    postpone/postpone.c:225:24: 356 Nested loops with same variable
    postpone/postpone.c:260:22: 357 Nested loops with same variable
    postpone/postpone.c:297:16: 358 Nested loops with same variable
    postpone/postpone.c:225:24 356 Nested loops with same variable
    postpone/postpone.c:260:22 357 Nested loops with same variable
    postpone/postpone.c:297:16 358 Nested loops with same variable

    debug/names_expando.c:358:3: 1116 No trivial switch statements
    debug/names_expando.c:359:3 1116 No trivial switch statements

    address/address.c:480:5: 577 Poorly documented large function
    attach/recvattach.c:433:6: 693 Poorly documented large function
    browser/dlg_browser.c:833:5: 602 Poorly documented large function
    convert/content_info.c:49:6: 285 Poorly documented large function
    docs/makedoc.c:318:12: 287 Poorly documented large function
    docs/makedoc.c:886:12: 286 Poorly documented large function
    enriched.c:121:13: 478 Poorly documented large function
    envelope/window.c:500:12: 427 Poorly documented large function
    handler.c:1129:12: 697 Poorly documented large function
    history/history.c:205:13: 1115 Poorly documented large function
    index/functions.c:1347:12: 292 Poorly documented large function
    index/functions.c:1465:12: 291 Poorly documented large function
    mbox/mbox.c:184:27: 293 Poorly documented large function
    mutt/filter.c:62:7: 659 Poorly documented large function
    mutt_thread.c:236:13: 294 Poorly documented large function
    ncrypt/crypt.c:1117:5: 1104 Poorly documented large function
    ncrypt/crypt.c:1238:5: 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14: 296 Poorly documented large function
    ncrypt/pgp.c:1463:7: 295 Poorly documented large function
    notmuch/notmuch.c:2231:22: 298 Poorly documented large function
    pager/pager.c:131:12: 526 Poorly documented large function
    pattern/exec.c:844:13: 299 Poorly documented large function
    pop/auth.c:523:5: 300 Poorly documented large function
    recvcmd.c:949:6: 694 Poorly documented large function
    send/send.c:234:12: 301 Poorly documented large function
    send/send.c:1220:12: 574 Poorly documented large function
    send/sendlib.c:454:14: 284 Poorly documented large function
    send/smtp.c:623:12: 303 Poorly documented large function
    address/address.c:480:5 577 Poorly documented large function
    attach/recvattach.c:433:6 693 Poorly documented large function
    browser/dlg_browser.c:826:5 602 Poorly documented large function
    convert/content_info.c:49:6 285 Poorly documented large function
    docs/makedoc.c:318:12 287 Poorly documented large function
    docs/makedoc.c:886:12 286 Poorly documented large function
    enriched.c:121:13 478 Poorly documented large function
    envelope/window.c:500:12 427 Poorly documented large function
    handler.c:1129:12 697 Poorly documented large function
    history/history.c:206:13 1115 Poorly documented large function
    index/functions.c:1344:12 292 Poorly documented large function
    index/functions.c:1462:12 291 Poorly documented large function
    mbox/mbox.c:184:27 293 Poorly documented large function
    mutt/filter.c:62:7 659 Poorly documented large function
    mutt_thread.c:236:13 294 Poorly documented large function
    ncrypt/crypt.c:1117:5 1104 Poorly documented large function
    ncrypt/crypt.c:1243:5 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14 296 Poorly documented large function
    ncrypt/pgp.c:1463:7 295 Poorly documented large function
    notmuch/notmuch.c:2231:22 298 Poorly documented large function
    pager/pager.c:131:12 526 Poorly documented large function
    pattern/exec.c:844:13 299 Poorly documented large function
    pattern/pattern.c:191:5 1128 Poorly documented large function
    pop/auth.c:523:5 300 Poorly documented large function
    recvcmd.c:949:6 694 Poorly documented large function
    send/send.c:237:12 301 Poorly documented large function
    send/send.c:1223:12 574 Poorly documented large function
    send/sendlib.c:454:14 284 Poorly documented large function
    send/smtp.c:623:12 303 Poorly documented large function

    mutt/file.c:245:3: 6 Time-of-check time-of-use filesystem race condition
    mutt/file.c:245:3 6 Time-of-check time-of-use filesystem race condition

    mutt/filter.c:151:36: 1098 Uncontrolled data used in OS command
    mutt/filter.c:151:36 1098 Uncontrolled data used in OS command

    alias/alias.c:524:30: 894 Uncontrolled data used in path expression
    attach/cid.c:127:35: 727 Uncontrolled data used in path expression
    attach/cid.c:186:33: 725 Uncontrolled data used in path expression
    attach/cid.c:197:28: 726 Uncontrolled data used in path expression
    attach/mutt_attach.c:89:33: 774 Uncontrolled data used in path expression
    attach/mutt_attach.c:170:41: 1105 Uncontrolled data used in path expression
    attach/mutt_attach.c:209:44: 772 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:33: 1106 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:34: 773 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:58: 1107 Uncontrolled data used in path expression
    attach/mutt_attach.c:490:37: 763 Uncontrolled data used in path expression
    attach/mutt_attach.c:494:46: 764 Uncontrolled data used in path expression
    attach/mutt_attach.c:547:39: 1095 Uncontrolled data used in path expression
    attach/mutt_attach.c:555:40: 766 Uncontrolled data used in path expression
    attach/mutt_attach.c:630:40: 767 Uncontrolled data used in path expression
    attach/mutt_attach.c:648:41: 768 Uncontrolled data used in path expression
    attach/mutt_attach.c:652:48: 769 Uncontrolled data used in path expression
    attach/mutt_attach.c:662:46: 770 Uncontrolled data used in path expression
    attach/mutt_attach.c:720:22: 771 Uncontrolled data used in path expression
    attach/mutt_attach.c:787:36: 756 Uncontrolled data used in path expression
    attach/mutt_attach.c:800:48: 757 Uncontrolled data used in path expression
    attach/mutt_attach.c:802:36: 758 Uncontrolled data used in path expression
    attach/mutt_attach.c:825:39: 759 Uncontrolled data used in path expression
    attach/mutt_attach.c:831:48: 760 Uncontrolled data used in path expression
    attach/mutt_attach.c:839:29: 902 Uncontrolled data used in path expression
    attach/mutt_attach.c:868:22: 762 Uncontrolled data used in path expression
    attach/mutt_attach.c:998:39: 901 Uncontrolled data used in path expression
    attach/mutt_attach.c:1074:38: 1092 Uncontrolled data used in path expression
    attach/mutt_attach.c:1168:37: 748 Uncontrolled data used in path expression
    attach/mutt_attach.c:1174:46: 749 Uncontrolled data used in path expression
    attach/mutt_attach.c:1186:31: 899 Uncontrolled data used in path expression
    attach/mutt_attach.c:1222:24: 751 Uncontrolled data used in path expression
    attach/mutt_attach.c:1242:44: 752 Uncontrolled data used in path expression
    attach/mutt_attach.c:1249:31: 900 Uncontrolled data used in path expression
    attach/mutt_attach.c:1282:24: 754 Uncontrolled data used in path expression
    attach/recvattach.c:249:46: 746 Uncontrolled data used in path expression
    attach/recvattach.c:257:22: 747 Uncontrolled data used in path expression
    attach/recvattach.c:353:46: 745 Uncontrolled data used in path expression
    attach/recvattach.c:415:45: 744 Uncontrolled data used in path expression
    attach/recvattach.c:506:51: 897 Uncontrolled data used in path expression
    attach/recvattach.c:507:68: 898 Uncontrolled data used in path expression
    attach/recvattach.c:568:44: 739 Uncontrolled data used in path expression
    attach/recvattach.c:573:24: 740 Uncontrolled data used in path expression
    attach/recvattach.c:581:24: 741 Uncontrolled data used in path expression
    attach/recvattach.c:615:36: 733 Uncontrolled data used in path expression
    attach/recvattach.c:629:36: 734 Uncontrolled data used in path expression
    attach/recvattach.c:649:39: 735 Uncontrolled data used in path expression
    attach/recvattach.c:652:48: 736 Uncontrolled data used in path expression
    attach/recvattach.c:660:29: 896 Uncontrolled data used in path expression
    attach/recvattach.c:679:22: 738 Uncontrolled data used in path expression
    attach/recvattach.c:849:50: 730 Uncontrolled data used in path expression
    attach/recvattach.c:858:37: 895 Uncontrolled data used in path expression
    attach/recvattach.c:867:28: 732 Uncontrolled data used in path expression
    bcache/bcache.c:196:30: 729 Uncontrolled data used in path expression
    bcache/bcache.c:242:30: 728 Uncontrolled data used in path expression
    color/dump.c:455:30: 775 Uncontrolled data used in path expression
    commands.c:252:29: 781 Uncontrolled data used in path expression
    commands.c:879:34: 780 Uncontrolled data used in path expression
    commands.c:938:36: 779 Uncontrolled data used in path expression
    commands.c:1624:34: 778 Uncontrolled data used in path expression
    compose/functions.c:1476:30: 777 Uncontrolled data used in path expression
    compose/functions.c:1902:51: 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24: 903 Uncontrolled data used in path expression
    docs/makedoc.c:1433:16: 363 Uncontrolled data used in path expression
    editmsg.c:188:24: 904 Uncontrolled data used in path expression
    gui/global.c:105:30: 783 Uncontrolled data used in path expression
    handler.c:567:29: 786 Uncontrolled data used in path expression
    handler.c:661:24: 787 Uncontrolled data used in path expression
    handler.c:1374:39: 784 Uncontrolled data used in path expression
    handler.c:1429:38: 905 Uncontrolled data used in path expression
    help.c:489:26: 1064 Uncontrolled data used in path expression
    imap/imap.c:2172:29: 788 Uncontrolled data used in path expression
    imap/message.c:1151:24: 790 Uncontrolled data used in path expression
    imap/message.c:2016:31: 789 Uncontrolled data used in path expression
    key/dump.c:227:28: 791 Uncontrolled data used in path expression
    mailcap.c:523:38: 792 Uncontrolled data used in path expression
    maildir/mailbox.c:361:33: 931 Uncontrolled data used in path expression
    maildir/message.c:142:28: 929 Uncontrolled data used in path expression
    main.c:1092:35: 1065 Uncontrolled data used in path expression
    main.c:1115:34: 1066 Uncontrolled data used in path expression
    main.c:1137:33: 1067 Uncontrolled data used in path expression
    main.c:1247:42: 1068 Uncontrolled data used in path expression
    main.c:1263:34: 1069 Uncontrolled data used in path expression
    mbox/mbox.c:1127:17: 795 Uncontrolled data used in path expression
    mbox/mbox.c:1261:24: 907 Uncontrolled data used in path expression
    mutt_body.c:69:39: 797 Uncontrolled data used in path expression
    ncrypt/crypt.c:865:34: 800 Uncontrolled data used in path expression
    ncrypt/crypt.c:938:20: 801 Uncontrolled data used in path expression
    ncrypt/crypt.c:1309:46: 798 Uncontrolled data used in path expression
    ncrypt/crypt.c:1339:24: 799 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:426:34: 805 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:571:30: 804 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2226:42: 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2233:34: 908 Uncontrolled data used in path expression
    ncrypt/gpgme_functions.c:642:30: 1070 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32: 833 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24: 843 Uncontrolled data used in path expression
    ncrypt/pgp.c:776:22: 854 Uncontrolled data used in path expression
    ncrypt/pgp.c:816:42: 823 Uncontrolled data used in path expression
    ncrypt/pgp.c:823:34: 909 Uncontrolled data used in path expression
    ncrypt/pgp.c:907:34: 821 Uncontrolled data used in path expression
    ncrypt/pgp.c:957:20: 822 Uncontrolled data used in path expression
    ncrypt/pgp.c:977:34: 819 Uncontrolled data used in path expression
    ncrypt/pgp.c:994:20: 820 Uncontrolled data used in path expression
    ncrypt/pgp.c:1047:32: 817 Uncontrolled data used in path expression
    ncrypt/pgp.c:1104:20: 818 Uncontrolled data used in path expression
    ncrypt/pgp.c:1346:34: 814 Uncontrolled data used in path expression
    ncrypt/pgp.c:1353:31: 815 Uncontrolled data used in path expression
    ncrypt/pgp.c:1439:58: 816 Uncontrolled data used in path expression
    ncrypt/pgp.c:1600:34: 812 Uncontrolled data used in path expression
    ncrypt/pgp.c:1617:28: 813 Uncontrolled data used in path expression
    ncrypt/pgp.c:1747:37: 807 Uncontrolled data used in path expression
    ncrypt/pgp.c:1792:38: 809 Uncontrolled data used in path expression
    ncrypt/pgp.c:1814:22: 810 Uncontrolled data used in path expression
    ncrypt/pgp.c:1829:20: 811 Uncontrolled data used in path expression
    ncrypt/pgp_functions.c:129:34: 806 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:280:34: 808 Uncontrolled data used in path expression
    ncrypt/smime.c:497:30: 859 Uncontrolled data used in path expression
    ncrypt/smime.c:967:28: 851 Uncontrolled data used in path expression
    ncrypt/smime.c:1001:29: 852 Uncontrolled data used in path expression
    ncrypt/smime.c:1005:22: 853 Uncontrolled data used in path expression
    ncrypt/smime.c:1017:22: 855 Uncontrolled data used in path expression
    ncrypt/smime.c:1023:20: 856 Uncontrolled data used in path expression
    ncrypt/smime.c:1045:22: 857 Uncontrolled data used in path expression
    ncrypt/smime.c:1050:22: 858 Uncontrolled data used in path expression
    ncrypt/smime.c:1078:34: 849 Uncontrolled data used in path expression
    ncrypt/smime.c:1121:22: 850 Uncontrolled data used in path expression
    ncrypt/smime.c:1185:22: 848 Uncontrolled data used in path expression
    ncrypt/smime.c:1213:34: 844 Uncontrolled data used in path expression
    ncrypt/smime.c:1244:24: 845 Uncontrolled data used in path expression
    ncrypt/smime.c:1254:24: 846 Uncontrolled data used in path expression
    ncrypt/smime.c:1267:20: 847 Uncontrolled data used in path expression
    ncrypt/smime.c:1347:28: 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1362:28: 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1396:22: 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1403:20: 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1428:22: 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1450:22: 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1456:22: 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1524:29: 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1532:34: 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1564:22: 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1589:20: 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1597:22: 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1635:22: 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1640:22: 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1722:35: 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1747:34: 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1797:20: 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1848:28: 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1869:22: 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1881:22: 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1900:20: 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2016:22: 1075 Uncontrolled data used in path expression
    nntp/newsrc.c:182:47: 371 Uncontrolled data used in path expression
    nntp/newsrc.c:187:45: 580 Uncontrolled data used in path expression
    nntp/newsrc.c:404:26: 579 Uncontrolled data used in path expression
    nntp/newsrc.c:623:30: 860 Uncontrolled data used in path expression
    nntp/nntp.c:2692:41: 861 Uncontrolled data used in path expression
    pager/functions.c:1027:29: 862 Uncontrolled data used in path expression
    pager/message.c:219:34: 863 Uncontrolled data used in path expression
    pager/message.c:265:22: 864 Uncontrolled data used in path expression
    pattern/exec.c:733:26: 865 Uncontrolled data used in path expression
    pop/pop.c:1035:33: 867 Uncontrolled data used in path expression
    postpone/postpone.c:410:38: 868 Uncontrolled data used in path expression
    recvcmd.c:510:34: 875 Uncontrolled data used in path expression
    recvcmd.c:629:43: 876 Uncontrolled data used in path expression
    recvcmd.c:640:22: 956 Uncontrolled data used in path expression
    recvcmd.c:701:30: 872 Uncontrolled data used in path expression
    recvcmd.c:775:35: 874 Uncontrolled data used in path expression
    recvcmd.c:1012:28: 869 Uncontrolled data used in path expression
    recvcmd.c:1104:39: 870 Uncontrolled data used in path expression
    recvcmd.c:1114:22: 955 Uncontrolled data used in path expression
    rfc3676.c:492:34: 375 Uncontrolled data used in path expression
    rfc3676.c:505:34: 873 Uncontrolled data used in path expression
    send/body.c:339:30: 911 Uncontrolled data used in path expression
    send/send.c:1499:34: 888 Uncontrolled data used in path expression
    send/send.c:1531:25: 889 Uncontrolled data used in path expression
    send/send.c:1537:29: 890 Uncontrolled data used in path expression
    send/send.c:2062:45: 380 Uncontrolled data used in path expression
    send/send.c:2070:49: 381 Uncontrolled data used in path expression
    send/send.c:2495:40: 1076 Uncontrolled data used in path expression
    send/send.c:2504:32: 884 Uncontrolled data used in path expression
    send/send.c:2985:32: 880 Uncontrolled data used in path expression
    send/sendlib.c:114:26: 913 Uncontrolled data used in path expression
    send/sendlib.c:222:38: 887 Uncontrolled data used in path expression
    send/sendlib.c:270:57: 912 Uncontrolled data used in path expression
    send/sendlib.c:289:28: 1077 Uncontrolled data used in path expression
    send/sendlib.c:339:22: 1078 Uncontrolled data used in path expression
    send/sendlib.c:475:31: 1094 Uncontrolled data used in path expression
    send/sendlib.c:856:34: 881 Uncontrolled data used in path expression
    send/sendlib.c:893:53: 882 Uncontrolled data used in path expression
    send/sendlib.c:898:62: 883 Uncontrolled data used in path expression
    send/sendlib.c:1089:30: 879 Uncontrolled data used in path expression
    alias/alias.c:524:30 894 Uncontrolled data used in path expression
    attach/cid.c:127:35 727 Uncontrolled data used in path expression
    attach/cid.c:186:33 725 Uncontrolled data used in path expression
    attach/cid.c:197:28 726 Uncontrolled data used in path expression
    attach/mutt_attach.c:89:33 774 Uncontrolled data used in path expression
    attach/mutt_attach.c:170:41 1105 Uncontrolled data used in path expression
    attach/mutt_attach.c:209:44 772 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:33 1106 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:34 773 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:58 1107 Uncontrolled data used in path expression
    attach/mutt_attach.c:490:37 763 Uncontrolled data used in path expression
    attach/mutt_attach.c:494:46 764 Uncontrolled data used in path expression
    attach/mutt_attach.c:547:39 1095 Uncontrolled data used in path expression
    attach/mutt_attach.c:555:40 766 Uncontrolled data used in path expression
    attach/mutt_attach.c:630:40 767 Uncontrolled data used in path expression
    attach/mutt_attach.c:648:41 768 Uncontrolled data used in path expression
    attach/mutt_attach.c:652:48 769 Uncontrolled data used in path expression
    attach/mutt_attach.c:662:46 770 Uncontrolled data used in path expression
    attach/mutt_attach.c:720:22 771 Uncontrolled data used in path expression
    attach/mutt_attach.c:787:36 756 Uncontrolled data used in path expression
    attach/mutt_attach.c:800:48 757 Uncontrolled data used in path expression
    attach/mutt_attach.c:802:36 758 Uncontrolled data used in path expression
    attach/mutt_attach.c:825:39 759 Uncontrolled data used in path expression
    attach/mutt_attach.c:831:48 760 Uncontrolled data used in path expression
    attach/mutt_attach.c:839:29 902 Uncontrolled data used in path expression
    attach/mutt_attach.c:868:22 762 Uncontrolled data used in path expression
    attach/mutt_attach.c:998:39 901 Uncontrolled data used in path expression
    attach/mutt_attach.c:1074:38 1092 Uncontrolled data used in path expression
    attach/mutt_attach.c:1168:37 748 Uncontrolled data used in path expression
    attach/mutt_attach.c:1174:46 749 Uncontrolled data used in path expression
    attach/mutt_attach.c:1186:31 899 Uncontrolled data used in path expression
    attach/mutt_attach.c:1222:24 751 Uncontrolled data used in path expression
    attach/mutt_attach.c:1242:44 752 Uncontrolled data used in path expression
    attach/mutt_attach.c:1249:31 900 Uncontrolled data used in path expression
    attach/mutt_attach.c:1282:24 754 Uncontrolled data used in path expression
    attach/recvattach.c:249:46 746 Uncontrolled data used in path expression
    attach/recvattach.c:257:22 747 Uncontrolled data used in path expression
    attach/recvattach.c:353:46 745 Uncontrolled data used in path expression
    attach/recvattach.c:415:45 744 Uncontrolled data used in path expression
    attach/recvattach.c:506:51 897 Uncontrolled data used in path expression
    attach/recvattach.c:507:68 898 Uncontrolled data used in path expression
    attach/recvattach.c:568:44 739 Uncontrolled data used in path expression
    attach/recvattach.c:573:24 740 Uncontrolled data used in path expression
    attach/recvattach.c:581:24 741 Uncontrolled data used in path expression
    attach/recvattach.c:615:36 733 Uncontrolled data used in path expression
    attach/recvattach.c:629:36 734 Uncontrolled data used in path expression
    attach/recvattach.c:649:39 735 Uncontrolled data used in path expression
    attach/recvattach.c:652:48 736 Uncontrolled data used in path expression
    attach/recvattach.c:660:29 896 Uncontrolled data used in path expression
    attach/recvattach.c:679:22 738 Uncontrolled data used in path expression
    attach/recvattach.c:849:50 730 Uncontrolled data used in path expression
    attach/recvattach.c:858:37 895 Uncontrolled data used in path expression
    attach/recvattach.c:867:28 732 Uncontrolled data used in path expression
    bcache/bcache.c:196:30 729 Uncontrolled data used in path expression
    bcache/bcache.c:242:30 728 Uncontrolled data used in path expression
    color/dump.c:455:30 775 Uncontrolled data used in path expression
    commands.c:252:29 781 Uncontrolled data used in path expression
    commands.c:879:34 780 Uncontrolled data used in path expression
    commands.c:938:36 779 Uncontrolled data used in path expression
    commands.c:1624:34 778 Uncontrolled data used in path expression
    compose/functions.c:1476:30 777 Uncontrolled data used in path expression
    compose/functions.c:1902:51 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24 903 Uncontrolled data used in path expression
    docs/makedoc.c:1433:16 363 Uncontrolled data used in path expression
    editmsg.c:188:24 904 Uncontrolled data used in path expression
    gui/global.c:105:30 783 Uncontrolled data used in path expression
    handler.c:567:29 786 Uncontrolled data used in path expression
    handler.c:661:24 787 Uncontrolled data used in path expression
    handler.c:1374:39 784 Uncontrolled data used in path expression
    handler.c:1429:38 905 Uncontrolled data used in path expression
    help.c:489:26 1064 Uncontrolled data used in path expression
    imap/imap.c:2172:29 788 Uncontrolled data used in path expression
    imap/message.c:1151:24 790 Uncontrolled data used in path expression
    imap/message.c:2016:31 789 Uncontrolled data used in path expression
    key/dump.c:227:28 791 Uncontrolled data used in path expression
    mailcap.c:523:38 792 Uncontrolled data used in path expression
    maildir/mailbox.c:361:33 931 Uncontrolled data used in path expression
    maildir/message.c:142:28 929 Uncontrolled data used in path expression
    main.c:1092:35 1065 Uncontrolled data used in path expression
    main.c:1115:34 1066 Uncontrolled data used in path expression
    main.c:1137:33 1067 Uncontrolled data used in path expression
    main.c:1247:42 1068 Uncontrolled data used in path expression
    main.c:1263:34 1069 Uncontrolled data used in path expression
    mbox/mbox.c:1127:17 795 Uncontrolled data used in path expression
    mbox/mbox.c:1261:24 907 Uncontrolled data used in path expression
    mutt_body.c:69:39 797 Uncontrolled data used in path expression
    ncrypt/crypt.c:865:34 800 Uncontrolled data used in path expression
    ncrypt/crypt.c:938:20 801 Uncontrolled data used in path expression
    ncrypt/crypt.c:1314:46 798 Uncontrolled data used in path expression
    ncrypt/crypt.c:1344:24 799 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:426:34 805 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:571:30 804 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2226:42 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2233:34 908 Uncontrolled data used in path expression
    ncrypt/gpgme_functions.c:642:30 1070 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32 833 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24 843 Uncontrolled data used in path expression
    ncrypt/pgp.c:776:22 854 Uncontrolled data used in path expression
    ncrypt/pgp.c:816:42 823 Uncontrolled data used in path expression
    ncrypt/pgp.c:823:34 909 Uncontrolled data used in path expression
    ncrypt/pgp.c:907:34 821 Uncontrolled data used in path expression
    ncrypt/pgp.c:957:20 822 Uncontrolled data used in path expression
    ncrypt/pgp.c:977:34 819 Uncontrolled data used in path expression
    ncrypt/pgp.c:994:20 820 Uncontrolled data used in path expression
    ncrypt/pgp.c:1047:32 817 Uncontrolled data used in path expression
    ncrypt/pgp.c:1104:20 818 Uncontrolled data used in path expression
    ncrypt/pgp.c:1346:34 814 Uncontrolled data used in path expression
    ncrypt/pgp.c:1353:31 815 Uncontrolled data used in path expression
    ncrypt/pgp.c:1439:58 816 Uncontrolled data used in path expression
    ncrypt/pgp.c:1600:34 812 Uncontrolled data used in path expression
    ncrypt/pgp.c:1617:28 813 Uncontrolled data used in path expression
    ncrypt/pgp.c:1747:37 807 Uncontrolled data used in path expression
    ncrypt/pgp.c:1792:38 809 Uncontrolled data used in path expression
    ncrypt/pgp.c:1814:22 810 Uncontrolled data used in path expression
    ncrypt/pgp.c:1829:20 811 Uncontrolled data used in path expression
    ncrypt/pgp_functions.c:132:34 806 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:280:34 808 Uncontrolled data used in path expression
    ncrypt/smime.c:497:30 859 Uncontrolled data used in path expression
    ncrypt/smime.c:969:28 851 Uncontrolled data used in path expression
    ncrypt/smime.c:1003:29 852 Uncontrolled data used in path expression
    ncrypt/smime.c:1007:22 853 Uncontrolled data used in path expression
    ncrypt/smime.c:1019:22 855 Uncontrolled data used in path expression
    ncrypt/smime.c:1025:20 856 Uncontrolled data used in path expression
    ncrypt/smime.c:1047:22 857 Uncontrolled data used in path expression
    ncrypt/smime.c:1052:22 858 Uncontrolled data used in path expression
    ncrypt/smime.c:1080:34 849 Uncontrolled data used in path expression
    ncrypt/smime.c:1123:22 850 Uncontrolled data used in path expression
    ncrypt/smime.c:1187:22 848 Uncontrolled data used in path expression
    ncrypt/smime.c:1215:34 844 Uncontrolled data used in path expression
    ncrypt/smime.c:1246:24 845 Uncontrolled data used in path expression
    ncrypt/smime.c:1256:24 846 Uncontrolled data used in path expression
    ncrypt/smime.c:1269:20 847 Uncontrolled data used in path expression
    ncrypt/smime.c:1349:28 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1364:28 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1398:22 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1405:20 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1430:22 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1452:22 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1458:22 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1526:29 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1534:34 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1566:22 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1591:20 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1599:22 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1637:22 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1642:22 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1724:35 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1749:34 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1799:20 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1850:28 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1871:22 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1883:22 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1902:20 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2018:22 1075 Uncontrolled data used in path expression
    nntp/newsrc.c:182:47 371 Uncontrolled data used in path expression
    nntp/newsrc.c:187:45 580 Uncontrolled data used in path expression
    nntp/newsrc.c:404:26 579 Uncontrolled data used in path expression
    nntp/newsrc.c:623:30 860 Uncontrolled data used in path expression
    nntp/nntp.c:2692:41 861 Uncontrolled data used in path expression
    pager/functions.c:1027:29 862 Uncontrolled data used in path expression
    pager/message.c:219:34 863 Uncontrolled data used in path expression
    pager/message.c:265:22 864 Uncontrolled data used in path expression
    pattern/exec.c:733:26 865 Uncontrolled data used in path expression
    pop/pop.c:1035:33 867 Uncontrolled data used in path expression
    postpone/postpone.c:410:38 868 Uncontrolled data used in path expression
    recvcmd.c:510:34 875 Uncontrolled data used in path expression
    recvcmd.c:629:43 876 Uncontrolled data used in path expression
    recvcmd.c:640:22 956 Uncontrolled data used in path expression
    recvcmd.c:701:30 872 Uncontrolled data used in path expression
    recvcmd.c:775:35 874 Uncontrolled data used in path expression
    recvcmd.c:1012:28 869 Uncontrolled data used in path expression
    recvcmd.c:1104:39 870 Uncontrolled data used in path expression
    recvcmd.c:1114:22 955 Uncontrolled data used in path expression
    rfc3676.c:492:34 375 Uncontrolled data used in path expression
    rfc3676.c:505:34 873 Uncontrolled data used in path expression
    send/body.c:339:30 911 Uncontrolled data used in path expression
    send/send.c:1502:34 888 Uncontrolled data used in path expression
    send/send.c:1534:25 889 Uncontrolled data used in path expression
    send/send.c:1540:29 890 Uncontrolled data used in path expression
    send/send.c:2065:45 380 Uncontrolled data used in path expression
    send/send.c:2073:49 381 Uncontrolled data used in path expression
    send/send.c:2498:40 1076 Uncontrolled data used in path expression
    send/send.c:2507:32 884 Uncontrolled data used in path expression
    send/send.c:2988:32 880 Uncontrolled data used in path expression
    send/sendlib.c:114:26 913 Uncontrolled data used in path expression
    send/sendlib.c:222:38 887 Uncontrolled data used in path expression
    send/sendlib.c:270:57 912 Uncontrolled data used in path expression
    send/sendlib.c:289:28 1077 Uncontrolled data used in path expression
    send/sendlib.c:339:22 1078 Uncontrolled data used in path expression
    send/sendlib.c:475:31 1094 Uncontrolled data used in path expression
    send/sendlib.c:856:34 881 Uncontrolled data used in path expression
    send/sendlib.c:893:53 882 Uncontrolled data used in path expression
    send/sendlib.c:898:62 883 Uncontrolled data used in path expression
    send/sendlib.c:1089:30 879 Uncontrolled data used in path expression

    send/sendmail.c:174:14: 384 Uncontrolled process operation
    send/sendmail.c:174:14 384 Uncontrolled process operation

    mutt_config.c:362:46: 1079 Unused static variable
    send/config.c:51:46: 1080 Unused static variable
    mutt_config.c:374:46 1079 Unused static variable
    send/config.c:51:46 1080 Unused static variable

    expando/node_conddate.c:88:10: 1099 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9: 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9: 486 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:370:11: 321 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:384:11: 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:592:8: 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:757:8: 1114 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:234:11: 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:348:8: 323 Year field changed using an arithmetic operation without checking for leap year
    expando/node_conddate.c:88:10 1099 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9 486 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:370:11 321 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:384:11 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:592:8 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:757:8 1114 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:234:11 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:348:8 323 Year field changed using an arithmetic operation without checking for leap year
  14. flatcap revised this gist Oct 30, 2024. 2 changed files with 325 additions and 323 deletions.
    4 changes: 2 additions & 2 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -22,7 +22,7 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 321 Issues
    # 322 Issues

    194 Uncontrolled data used in path expression
    44 For loop variable changed in body
    @@ -38,4 +38,4 @@ v1
    1 Uncontrolled data used in OS command
    1 Time-of-check time-of-use filesystem race condition
    1 No trivial switch statements

    1 Inconsistent nullness check
    644 changes: 323 additions & 321 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -1,334 +1,336 @@
    ncrypt/smime.c:886:11: 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:921:13: 3 Cleartext transmission of sensitive information
    ncrypt/smime.c:886:11: 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:921:13: 3 Cleartext transmission of sensitive information

    maildir/message.c:568:10: 1103 File created without restricting permissions
    mh/shared.c:86:10: 691 File created without restricting permissions
    maildir/message.c:568:10: 1103 File created without restricting permissions
    mh/shared.c:86:10: 691 File created without restricting permissions

    compose/functions.c:645:9: 187 For loop variable changed in body
    compose/functions.c:657:9: 188 For loop variable changed in body
    docs/makedoc.c:241:24: 205 For loop variable changed in body
    docs/makedoc.c:263:7: 419 For loop variable changed in body
    docs/makedoc.c:572:17: 415 For loop variable changed in body
    docs/makedoc.c:577:17: 416 For loop variable changed in body
    docs/makedoc.c:761:19: 417 For loop variable changed in body
    docs/makedoc.c:766:19: 418 For loop variable changed in body
    docs/makedoc.c:917:7: 189 For loop variable changed in body
    docs/makedoc.c:922:7: 190 For loop variable changed in body
    docs/makedoc.c:928:7: 191 For loop variable changed in body
    docs/makedoc.c:934:7: 192 For loop variable changed in body
    docs/makedoc.c:940:7: 193 For loop variable changed in body
    docs/makedoc.c:946:7: 194 For loop variable changed in body
    docs/makedoc.c:957:7: 195 For loop variable changed in body
    docs/makedoc.c:968:7: 196 For loop variable changed in body
    docs/makedoc.c:975:7: 197 For loop variable changed in body
    docs/makedoc.c:979:9: 198 For loop variable changed in body
    docs/makedoc.c:989:11: 199 For loop variable changed in body
    docs/makedoc.c:996:9: 414 For loop variable changed in body
    email/parse.c:227:17: 507 For loop variable changed in body
    email/parse.c:640:5: 208 For loop variable changed in body
    email/parse.c:645:5: 209 For loop variable changed in body
    email/rfc2047.c:385:9: 1063 For loop variable changed in body
    email/rfc2231.c:119:7: 571 For loop variable changed in body
    email/url.c:205:9: 572 For loop variable changed in body
    imap/utf7.c:119:7: 213 For loop variable changed in body
    imap/utf7.c:129:27: 214 For loop variable changed in body
    mutt/buffer.c:446:20: 932 For loop variable changed in body
    mutt/file.c:1488:28: 508 For loop variable changed in body
    mutt/file.c:1493:11: 509 For loop variable changed in body
    mutt/path.c:80:13: 217 For loop variable changed in body
    mutt/slist.c:199:7: 218 For loop variable changed in body
    mutt_header.c:331:13: 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13: 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13: 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13: 225 For loop variable changed in body
    ncrypt/gnupgparse.c:361:20: 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:199:7: 227 For loop variable changed in body
    ncrypt/gpgme_functions.c:216:9: 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:224:11: 573 For loop variable changed in body
    ncrypt/smime.c:444:20: 231 For loop variable changed in body
    nntp/complete.c:66:9: 230 For loop variable changed in body
    pattern/pattern.c:120:7: 483 For loop variable changed in body
    compose/functions.c:645:9: 187 For loop variable changed in body
    compose/functions.c:657:9: 188 For loop variable changed in body
    docs/makedoc.c:241:24: 205 For loop variable changed in body
    docs/makedoc.c:263:7: 419 For loop variable changed in body
    docs/makedoc.c:572:17: 415 For loop variable changed in body
    docs/makedoc.c:577:17: 416 For loop variable changed in body
    docs/makedoc.c:761:19: 417 For loop variable changed in body
    docs/makedoc.c:766:19: 418 For loop variable changed in body
    docs/makedoc.c:917:7: 189 For loop variable changed in body
    docs/makedoc.c:922:7: 190 For loop variable changed in body
    docs/makedoc.c:928:7: 191 For loop variable changed in body
    docs/makedoc.c:934:7: 192 For loop variable changed in body
    docs/makedoc.c:940:7: 193 For loop variable changed in body
    docs/makedoc.c:946:7: 194 For loop variable changed in body
    docs/makedoc.c:957:7: 195 For loop variable changed in body
    docs/makedoc.c:968:7: 196 For loop variable changed in body
    docs/makedoc.c:975:7: 197 For loop variable changed in body
    docs/makedoc.c:979:9: 198 For loop variable changed in body
    docs/makedoc.c:989:11: 199 For loop variable changed in body
    docs/makedoc.c:996:9: 414 For loop variable changed in body
    email/parse.c:227:17: 507 For loop variable changed in body
    email/parse.c:640:5: 208 For loop variable changed in body
    email/parse.c:645:5: 209 For loop variable changed in body
    email/rfc2047.c:385:9: 1063 For loop variable changed in body
    email/rfc2231.c:119:7: 571 For loop variable changed in body
    email/url.c:205:9: 572 For loop variable changed in body
    imap/utf7.c:119:7: 213 For loop variable changed in body
    imap/utf7.c:129:27: 214 For loop variable changed in body
    mutt/buffer.c:446:20: 932 For loop variable changed in body
    mutt/file.c:1488:28: 508 For loop variable changed in body
    mutt/file.c:1493:11: 509 For loop variable changed in body
    mutt/path.c:80:13: 217 For loop variable changed in body
    mutt/slist.c:199:7: 218 For loop variable changed in body
    mutt_header.c:330:13: 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13: 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13: 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13: 225 For loop variable changed in body
    ncrypt/gnupgparse.c:361:20: 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:199:7: 227 For loop variable changed in body
    ncrypt/gpgme_functions.c:216:9: 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:224:11: 573 For loop variable changed in body
    ncrypt/smime.c:444:20: 231 For loop variable changed in body
    nntp/complete.c:66:9: 230 For loop variable changed in body
    pattern/pattern.c:120:7: 483 For loop variable changed in body

    alias/dlg_alias.c:343:3: 325 Local variable address stored in non-local memory
    alias/dlg_query.c:390:3: 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1301:3: 605 Local variable address stored in non-local memory
    browser/dlg_browser.c:1302:3: 606 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3: 331 Local variable address stored in non-local memory
    editor/window.c:299:3: 667 Local variable address stored in non-local memory
    email/parse.c:258:9: 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5: 336 Local variable address stored in non-local memory
    email/thread.c:112:3: 527 Local variable address stored in non-local memory
    history/dlg_history.c:156:3: 666 Local variable address stored in non-local memory
    imap/browse.c:165:3: 341 Local variable address stored in non-local memory
    imap/browse.c:277:5: 1100 Local variable address stored in non-local memory
    imap/command.c:687:3: 343 Local variable address stored in non-local memory
    imap/imap.c:1304:3: 344 Local variable address stored in non-local memory
    mutt/notify.c:210:3: 348 Local variable address stored in non-local memory
    mutt_thread.c:1064:5: 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:711:3: 609 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:705:3: 608 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:228:3: 352 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3: 353 Local variable address stored in non-local memory
    pattern/dlg_pattern.c:348:3: 610 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:222:3: 611 Local variable address stored in non-local memory
    hdrline.c:363:15: 1120 Inconsistent nullness check

    docs/makedoc.c:324:3: 12 Long switch case
    docs/makedoc.c:446:7: 413 Long switch case
    docs/makedoc.c:1194:3: 412 Long switch case
    email/parse.c:687:3: 521 Long switch case
    flags.c:72:3: 575 Long switch case
    muttlib.c:138:5: 513 Long switch case
    ncrypt/gnupgparse.c:174:5: 19 Long switch case
    ncrypt/smime.c:2188:5: 20 Long switch case
    notmuch/notmuch.c:1367:3: 21 Long switch case
    pattern/compile.c:373:5: 23 Long switch case
    pattern/compile.c:936:5: 692 Long switch case
    alias/dlg_alias.c:343:3: 325 Local variable address stored in non-local memory
    alias/dlg_query.c:390:3: 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1296:3: 605 Local variable address stored in non-local memory
    browser/dlg_browser.c:1297:3: 606 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3: 331 Local variable address stored in non-local memory
    editor/window.c:299:3: 667 Local variable address stored in non-local memory
    email/parse.c:258:9: 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5: 336 Local variable address stored in non-local memory
    email/thread.c:112:3: 527 Local variable address stored in non-local memory
    history/dlg_history.c:156:3: 666 Local variable address stored in non-local memory
    imap/browse.c:165:3: 341 Local variable address stored in non-local memory
    imap/browse.c:277:5: 1100 Local variable address stored in non-local memory
    imap/command.c:687:3: 343 Local variable address stored in non-local memory
    imap/imap.c:1304:3: 344 Local variable address stored in non-local memory
    mutt/notify.c:210:3: 348 Local variable address stored in non-local memory
    mutt_thread.c:1064:5: 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:704:3: 609 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:698:3: 608 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:228:3: 352 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3: 353 Local variable address stored in non-local memory
    pattern/dlg_pattern.c:348:3: 610 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:222:3: 611 Local variable address stored in non-local memory

    postpone/postpone.c:226:24: 356 Nested loops with same variable
    postpone/postpone.c:261:22: 357 Nested loops with same variable
    postpone/postpone.c:298:16: 358 Nested loops with same variable
    docs/makedoc.c:324:3: 12 Long switch case
    docs/makedoc.c:446:7: 413 Long switch case
    docs/makedoc.c:1194:3: 412 Long switch case
    email/parse.c:687:3: 521 Long switch case
    flags.c:72:3: 575 Long switch case
    muttlib.c:138:5: 513 Long switch case
    ncrypt/gnupgparse.c:174:5: 19 Long switch case
    ncrypt/smime.c:2188:5: 20 Long switch case
    notmuch/notmuch.c:1367:3: 21 Long switch case
    pattern/compile.c:373:5: 23 Long switch case
    pattern/compile.c:936:5: 692 Long switch case

    debug/names_expando.c:353:3: 1116 No trivial switch statements
    postpone/postpone.c:225:24: 356 Nested loops with same variable
    postpone/postpone.c:260:22: 357 Nested loops with same variable
    postpone/postpone.c:297:16: 358 Nested loops with same variable

    address/address.c:480:5: 577 Poorly documented large function
    attach/recvattach.c:433:6: 693 Poorly documented large function
    browser/dlg_browser.c:838:5: 602 Poorly documented large function
    convert/content_info.c:49:6: 285 Poorly documented large function
    docs/makedoc.c:318:12: 287 Poorly documented large function
    docs/makedoc.c:886:12: 286 Poorly documented large function
    enriched.c:121:13: 478 Poorly documented large function
    envelope/window.c:500:12: 427 Poorly documented large function
    handler.c:1129:12: 697 Poorly documented large function
    history/history.c:205:13: 1115 Poorly documented large function
    index/functions.c:1347:12: 292 Poorly documented large function
    index/functions.c:1465:12: 291 Poorly documented large function
    mbox/mbox.c:184:27: 293 Poorly documented large function
    mutt/filter.c:62:7: 659 Poorly documented large function
    mutt_thread.c:236:13: 294 Poorly documented large function
    ncrypt/crypt.c:1117:5: 1104 Poorly documented large function
    ncrypt/crypt.c:1238:5: 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14: 296 Poorly documented large function
    ncrypt/pgp.c:1463:7: 295 Poorly documented large function
    notmuch/notmuch.c:2231:22: 298 Poorly documented large function
    pager/pager.c:131:12: 526 Poorly documented large function
    pattern/exec.c:844:13: 299 Poorly documented large function
    pop/auth.c:523:5: 300 Poorly documented large function
    recvcmd.c:949:6: 694 Poorly documented large function
    send/send.c:234:12: 301 Poorly documented large function
    send/send.c:1220:12: 574 Poorly documented large function
    send/sendlib.c:454:14: 284 Poorly documented large function
    send/smtp.c:623:12: 303 Poorly documented large function
    debug/names_expando.c:358:3: 1116 No trivial switch statements

    mutt/file.c:245:3: 6 Time-of-check time-of-use filesystem race condition
    address/address.c:480:5: 577 Poorly documented large function
    attach/recvattach.c:433:6: 693 Poorly documented large function
    browser/dlg_browser.c:833:5: 602 Poorly documented large function
    convert/content_info.c:49:6: 285 Poorly documented large function
    docs/makedoc.c:318:12: 287 Poorly documented large function
    docs/makedoc.c:886:12: 286 Poorly documented large function
    enriched.c:121:13: 478 Poorly documented large function
    envelope/window.c:500:12: 427 Poorly documented large function
    handler.c:1129:12: 697 Poorly documented large function
    history/history.c:205:13: 1115 Poorly documented large function
    index/functions.c:1347:12: 292 Poorly documented large function
    index/functions.c:1465:12: 291 Poorly documented large function
    mbox/mbox.c:184:27: 293 Poorly documented large function
    mutt/filter.c:62:7: 659 Poorly documented large function
    mutt_thread.c:236:13: 294 Poorly documented large function
    ncrypt/crypt.c:1117:5: 1104 Poorly documented large function
    ncrypt/crypt.c:1238:5: 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14: 296 Poorly documented large function
    ncrypt/pgp.c:1463:7: 295 Poorly documented large function
    notmuch/notmuch.c:2231:22: 298 Poorly documented large function
    pager/pager.c:131:12: 526 Poorly documented large function
    pattern/exec.c:844:13: 299 Poorly documented large function
    pop/auth.c:523:5: 300 Poorly documented large function
    recvcmd.c:949:6: 694 Poorly documented large function
    send/send.c:234:12: 301 Poorly documented large function
    send/send.c:1220:12: 574 Poorly documented large function
    send/sendlib.c:454:14: 284 Poorly documented large function
    send/smtp.c:623:12: 303 Poorly documented large function

    mutt/filter.c:151:36: 1098 Uncontrolled data used in OS command
    mutt/file.c:245:3: 6 Time-of-check time-of-use filesystem race condition

    alias/alias.c:524:30: 894 Uncontrolled data used in path expression
    attach/cid.c:127:35: 727 Uncontrolled data used in path expression
    attach/cid.c:186:33: 725 Uncontrolled data used in path expression
    attach/cid.c:197:28: 726 Uncontrolled data used in path expression
    attach/mutt_attach.c:89:33: 774 Uncontrolled data used in path expression
    attach/mutt_attach.c:170:41: 1105 Uncontrolled data used in path expression
    attach/mutt_attach.c:209:44: 772 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:33: 1106 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:34: 773 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:58: 1107 Uncontrolled data used in path expression
    attach/mutt_attach.c:490:37: 763 Uncontrolled data used in path expression
    attach/mutt_attach.c:494:46: 764 Uncontrolled data used in path expression
    attach/mutt_attach.c:547:39: 1095 Uncontrolled data used in path expression
    attach/mutt_attach.c:555:40: 766 Uncontrolled data used in path expression
    attach/mutt_attach.c:630:40: 767 Uncontrolled data used in path expression
    attach/mutt_attach.c:648:41: 768 Uncontrolled data used in path expression
    attach/mutt_attach.c:652:48: 769 Uncontrolled data used in path expression
    attach/mutt_attach.c:662:46: 770 Uncontrolled data used in path expression
    attach/mutt_attach.c:720:22: 771 Uncontrolled data used in path expression
    attach/mutt_attach.c:787:36: 756 Uncontrolled data used in path expression
    attach/mutt_attach.c:800:48: 757 Uncontrolled data used in path expression
    attach/mutt_attach.c:802:36: 758 Uncontrolled data used in path expression
    attach/mutt_attach.c:825:39: 759 Uncontrolled data used in path expression
    attach/mutt_attach.c:831:48: 760 Uncontrolled data used in path expression
    attach/mutt_attach.c:839:29: 902 Uncontrolled data used in path expression
    attach/mutt_attach.c:868:22: 762 Uncontrolled data used in path expression
    attach/mutt_attach.c:998:39: 901 Uncontrolled data used in path expression
    attach/mutt_attach.c:1074:38: 1092 Uncontrolled data used in path expression
    attach/mutt_attach.c:1168:37: 748 Uncontrolled data used in path expression
    attach/mutt_attach.c:1174:46: 749 Uncontrolled data used in path expression
    attach/mutt_attach.c:1186:31: 899 Uncontrolled data used in path expression
    attach/mutt_attach.c:1222:24: 751 Uncontrolled data used in path expression
    attach/mutt_attach.c:1242:44: 752 Uncontrolled data used in path expression
    attach/mutt_attach.c:1249:31: 900 Uncontrolled data used in path expression
    attach/mutt_attach.c:1282:24: 754 Uncontrolled data used in path expression
    attach/recvattach.c:249:46: 746 Uncontrolled data used in path expression
    attach/recvattach.c:257:22: 747 Uncontrolled data used in path expression
    attach/recvattach.c:353:46: 745 Uncontrolled data used in path expression
    attach/recvattach.c:415:45: 744 Uncontrolled data used in path expression
    attach/recvattach.c:506:51: 897 Uncontrolled data used in path expression
    attach/recvattach.c:507:68: 898 Uncontrolled data used in path expression
    attach/recvattach.c:568:44: 739 Uncontrolled data used in path expression
    attach/recvattach.c:573:24: 740 Uncontrolled data used in path expression
    attach/recvattach.c:581:24: 741 Uncontrolled data used in path expression
    attach/recvattach.c:615:36: 733 Uncontrolled data used in path expression
    attach/recvattach.c:629:36: 734 Uncontrolled data used in path expression
    attach/recvattach.c:649:39: 735 Uncontrolled data used in path expression
    attach/recvattach.c:652:48: 736 Uncontrolled data used in path expression
    attach/recvattach.c:660:29: 896 Uncontrolled data used in path expression
    attach/recvattach.c:679:22: 738 Uncontrolled data used in path expression
    attach/recvattach.c:849:50: 730 Uncontrolled data used in path expression
    attach/recvattach.c:858:37: 895 Uncontrolled data used in path expression
    attach/recvattach.c:867:28: 732 Uncontrolled data used in path expression
    bcache/bcache.c:196:30: 729 Uncontrolled data used in path expression
    bcache/bcache.c:242:30: 728 Uncontrolled data used in path expression
    color/dump.c:455:30: 775 Uncontrolled data used in path expression
    commands.c:252:29: 781 Uncontrolled data used in path expression
    commands.c:879:34: 780 Uncontrolled data used in path expression
    commands.c:938:36: 779 Uncontrolled data used in path expression
    commands.c:1624:34: 778 Uncontrolled data used in path expression
    compose/functions.c:1476:30: 777 Uncontrolled data used in path expression
    compose/functions.c:1902:51: 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24: 903 Uncontrolled data used in path expression
    docs/makedoc.c:1433:16: 363 Uncontrolled data used in path expression
    editmsg.c:188:24: 904 Uncontrolled data used in path expression
    gui/global.c:104:30: 783 Uncontrolled data used in path expression
    handler.c:567:29: 786 Uncontrolled data used in path expression
    handler.c:661:24: 787 Uncontrolled data used in path expression
    handler.c:1374:39: 784 Uncontrolled data used in path expression
    handler.c:1429:38: 905 Uncontrolled data used in path expression
    help.c:489:26: 1064 Uncontrolled data used in path expression
    imap/imap.c:2172:29: 788 Uncontrolled data used in path expression
    imap/message.c:1151:24: 790 Uncontrolled data used in path expression
    imap/message.c:2016:31: 789 Uncontrolled data used in path expression
    key/dump.c:227:28: 791 Uncontrolled data used in path expression
    mailcap.c:523:38: 792 Uncontrolled data used in path expression
    maildir/mailbox.c:361:33: 931 Uncontrolled data used in path expression
    maildir/message.c:142:28: 929 Uncontrolled data used in path expression
    main.c:1092:35: 1065 Uncontrolled data used in path expression
    main.c:1115:34: 1066 Uncontrolled data used in path expression
    main.c:1137:33: 1067 Uncontrolled data used in path expression
    main.c:1247:42: 1068 Uncontrolled data used in path expression
    main.c:1263:34: 1069 Uncontrolled data used in path expression
    mbox/mbox.c:1127:17: 795 Uncontrolled data used in path expression
    mbox/mbox.c:1261:24: 907 Uncontrolled data used in path expression
    mutt_body.c:69:39: 797 Uncontrolled data used in path expression
    ncrypt/crypt.c:865:34: 800 Uncontrolled data used in path expression
    ncrypt/crypt.c:938:20: 801 Uncontrolled data used in path expression
    ncrypt/crypt.c:1309:46: 798 Uncontrolled data used in path expression
    ncrypt/crypt.c:1339:24: 799 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:426:34: 805 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:571:30: 804 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2226:42: 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2233:34: 908 Uncontrolled data used in path expression
    ncrypt/gpgme_functions.c:642:30: 1070 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32: 833 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24: 843 Uncontrolled data used in path expression
    ncrypt/pgp.c:776:22: 854 Uncontrolled data used in path expression
    ncrypt/pgp.c:816:42: 823 Uncontrolled data used in path expression
    ncrypt/pgp.c:823:34: 909 Uncontrolled data used in path expression
    ncrypt/pgp.c:907:34: 821 Uncontrolled data used in path expression
    ncrypt/pgp.c:957:20: 822 Uncontrolled data used in path expression
    ncrypt/pgp.c:977:34: 819 Uncontrolled data used in path expression
    ncrypt/pgp.c:994:20: 820 Uncontrolled data used in path expression
    ncrypt/pgp.c:1047:32: 817 Uncontrolled data used in path expression
    ncrypt/pgp.c:1104:20: 818 Uncontrolled data used in path expression
    ncrypt/pgp.c:1346:34: 814 Uncontrolled data used in path expression
    ncrypt/pgp.c:1353:31: 815 Uncontrolled data used in path expression
    ncrypt/pgp.c:1439:58: 816 Uncontrolled data used in path expression
    ncrypt/pgp.c:1600:34: 812 Uncontrolled data used in path expression
    ncrypt/pgp.c:1617:28: 813 Uncontrolled data used in path expression
    ncrypt/pgp.c:1747:37: 807 Uncontrolled data used in path expression
    ncrypt/pgp.c:1792:38: 809 Uncontrolled data used in path expression
    ncrypt/pgp.c:1814:22: 810 Uncontrolled data used in path expression
    ncrypt/pgp.c:1829:20: 811 Uncontrolled data used in path expression
    ncrypt/pgp_functions.c:129:34: 806 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:280:34: 808 Uncontrolled data used in path expression
    ncrypt/smime.c:497:30: 859 Uncontrolled data used in path expression
    ncrypt/smime.c:967:28: 851 Uncontrolled data used in path expression
    ncrypt/smime.c:1001:29: 852 Uncontrolled data used in path expression
    ncrypt/smime.c:1005:22: 853 Uncontrolled data used in path expression
    ncrypt/smime.c:1017:22: 855 Uncontrolled data used in path expression
    ncrypt/smime.c:1023:20: 856 Uncontrolled data used in path expression
    ncrypt/smime.c:1045:22: 857 Uncontrolled data used in path expression
    ncrypt/smime.c:1050:22: 858 Uncontrolled data used in path expression
    ncrypt/smime.c:1078:34: 849 Uncontrolled data used in path expression
    ncrypt/smime.c:1121:22: 850 Uncontrolled data used in path expression
    ncrypt/smime.c:1185:22: 848 Uncontrolled data used in path expression
    ncrypt/smime.c:1213:34: 844 Uncontrolled data used in path expression
    ncrypt/smime.c:1244:24: 845 Uncontrolled data used in path expression
    ncrypt/smime.c:1254:24: 846 Uncontrolled data used in path expression
    ncrypt/smime.c:1267:20: 847 Uncontrolled data used in path expression
    ncrypt/smime.c:1347:28: 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1362:28: 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1396:22: 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1403:20: 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1428:22: 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1450:22: 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1456:22: 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1524:29: 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1532:34: 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1564:22: 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1589:20: 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1597:22: 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1635:22: 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1640:22: 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1722:35: 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1747:34: 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1797:20: 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1848:28: 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1869:22: 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1881:22: 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1900:20: 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2016:22: 1075 Uncontrolled data used in path expression
    nntp/newsrc.c:182:47: 371 Uncontrolled data used in path expression
    nntp/newsrc.c:187:45: 580 Uncontrolled data used in path expression
    nntp/newsrc.c:404:26: 579 Uncontrolled data used in path expression
    nntp/newsrc.c:623:30: 860 Uncontrolled data used in path expression
    nntp/nntp.c:2692:41: 861 Uncontrolled data used in path expression
    pager/functions.c:1027:29: 862 Uncontrolled data used in path expression
    pager/message.c:219:34: 863 Uncontrolled data used in path expression
    pager/message.c:265:22: 864 Uncontrolled data used in path expression
    pattern/exec.c:733:26: 865 Uncontrolled data used in path expression
    pop/pop.c:1035:33: 867 Uncontrolled data used in path expression
    postpone/postpone.c:411:38: 868 Uncontrolled data used in path expression
    recvcmd.c:510:34: 875 Uncontrolled data used in path expression
    recvcmd.c:629:43: 876 Uncontrolled data used in path expression
    recvcmd.c:640:22: 956 Uncontrolled data used in path expression
    recvcmd.c:701:30: 872 Uncontrolled data used in path expression
    recvcmd.c:775:35: 874 Uncontrolled data used in path expression
    recvcmd.c:1012:28: 869 Uncontrolled data used in path expression
    recvcmd.c:1104:39: 870 Uncontrolled data used in path expression
    recvcmd.c:1114:22: 955 Uncontrolled data used in path expression
    rfc3676.c:492:34: 375 Uncontrolled data used in path expression
    rfc3676.c:505:34: 873 Uncontrolled data used in path expression
    send/body.c:339:30: 911 Uncontrolled data used in path expression
    send/send.c:1499:34: 888 Uncontrolled data used in path expression
    send/send.c:1531:25: 889 Uncontrolled data used in path expression
    send/send.c:1537:29: 890 Uncontrolled data used in path expression
    send/send.c:2062:45: 380 Uncontrolled data used in path expression
    send/send.c:2070:49: 381 Uncontrolled data used in path expression
    send/send.c:2495:40: 1076 Uncontrolled data used in path expression
    send/send.c:2504:32: 884 Uncontrolled data used in path expression
    send/send.c:2985:32: 880 Uncontrolled data used in path expression
    send/sendlib.c:114:26: 913 Uncontrolled data used in path expression
    send/sendlib.c:222:38: 887 Uncontrolled data used in path expression
    send/sendlib.c:270:57: 912 Uncontrolled data used in path expression
    send/sendlib.c:289:28: 1077 Uncontrolled data used in path expression
    send/sendlib.c:339:22: 1078 Uncontrolled data used in path expression
    send/sendlib.c:475:31: 1094 Uncontrolled data used in path expression
    send/sendlib.c:856:34: 881 Uncontrolled data used in path expression
    send/sendlib.c:893:53: 882 Uncontrolled data used in path expression
    send/sendlib.c:898:62: 883 Uncontrolled data used in path expression
    send/sendlib.c:1089:30: 879 Uncontrolled data used in path expression
    mutt/filter.c:151:36: 1098 Uncontrolled data used in OS command

    send/sendmail.c:174:14: 384 Uncontrolled process operation
    alias/alias.c:524:30: 894 Uncontrolled data used in path expression
    attach/cid.c:127:35: 727 Uncontrolled data used in path expression
    attach/cid.c:186:33: 725 Uncontrolled data used in path expression
    attach/cid.c:197:28: 726 Uncontrolled data used in path expression
    attach/mutt_attach.c:89:33: 774 Uncontrolled data used in path expression
    attach/mutt_attach.c:170:41: 1105 Uncontrolled data used in path expression
    attach/mutt_attach.c:209:44: 772 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:33: 1106 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:34: 773 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:58: 1107 Uncontrolled data used in path expression
    attach/mutt_attach.c:490:37: 763 Uncontrolled data used in path expression
    attach/mutt_attach.c:494:46: 764 Uncontrolled data used in path expression
    attach/mutt_attach.c:547:39: 1095 Uncontrolled data used in path expression
    attach/mutt_attach.c:555:40: 766 Uncontrolled data used in path expression
    attach/mutt_attach.c:630:40: 767 Uncontrolled data used in path expression
    attach/mutt_attach.c:648:41: 768 Uncontrolled data used in path expression
    attach/mutt_attach.c:652:48: 769 Uncontrolled data used in path expression
    attach/mutt_attach.c:662:46: 770 Uncontrolled data used in path expression
    attach/mutt_attach.c:720:22: 771 Uncontrolled data used in path expression
    attach/mutt_attach.c:787:36: 756 Uncontrolled data used in path expression
    attach/mutt_attach.c:800:48: 757 Uncontrolled data used in path expression
    attach/mutt_attach.c:802:36: 758 Uncontrolled data used in path expression
    attach/mutt_attach.c:825:39: 759 Uncontrolled data used in path expression
    attach/mutt_attach.c:831:48: 760 Uncontrolled data used in path expression
    attach/mutt_attach.c:839:29: 902 Uncontrolled data used in path expression
    attach/mutt_attach.c:868:22: 762 Uncontrolled data used in path expression
    attach/mutt_attach.c:998:39: 901 Uncontrolled data used in path expression
    attach/mutt_attach.c:1074:38: 1092 Uncontrolled data used in path expression
    attach/mutt_attach.c:1168:37: 748 Uncontrolled data used in path expression
    attach/mutt_attach.c:1174:46: 749 Uncontrolled data used in path expression
    attach/mutt_attach.c:1186:31: 899 Uncontrolled data used in path expression
    attach/mutt_attach.c:1222:24: 751 Uncontrolled data used in path expression
    attach/mutt_attach.c:1242:44: 752 Uncontrolled data used in path expression
    attach/mutt_attach.c:1249:31: 900 Uncontrolled data used in path expression
    attach/mutt_attach.c:1282:24: 754 Uncontrolled data used in path expression
    attach/recvattach.c:249:46: 746 Uncontrolled data used in path expression
    attach/recvattach.c:257:22: 747 Uncontrolled data used in path expression
    attach/recvattach.c:353:46: 745 Uncontrolled data used in path expression
    attach/recvattach.c:415:45: 744 Uncontrolled data used in path expression
    attach/recvattach.c:506:51: 897 Uncontrolled data used in path expression
    attach/recvattach.c:507:68: 898 Uncontrolled data used in path expression
    attach/recvattach.c:568:44: 739 Uncontrolled data used in path expression
    attach/recvattach.c:573:24: 740 Uncontrolled data used in path expression
    attach/recvattach.c:581:24: 741 Uncontrolled data used in path expression
    attach/recvattach.c:615:36: 733 Uncontrolled data used in path expression
    attach/recvattach.c:629:36: 734 Uncontrolled data used in path expression
    attach/recvattach.c:649:39: 735 Uncontrolled data used in path expression
    attach/recvattach.c:652:48: 736 Uncontrolled data used in path expression
    attach/recvattach.c:660:29: 896 Uncontrolled data used in path expression
    attach/recvattach.c:679:22: 738 Uncontrolled data used in path expression
    attach/recvattach.c:849:50: 730 Uncontrolled data used in path expression
    attach/recvattach.c:858:37: 895 Uncontrolled data used in path expression
    attach/recvattach.c:867:28: 732 Uncontrolled data used in path expression
    bcache/bcache.c:196:30: 729 Uncontrolled data used in path expression
    bcache/bcache.c:242:30: 728 Uncontrolled data used in path expression
    color/dump.c:455:30: 775 Uncontrolled data used in path expression
    commands.c:252:29: 781 Uncontrolled data used in path expression
    commands.c:879:34: 780 Uncontrolled data used in path expression
    commands.c:938:36: 779 Uncontrolled data used in path expression
    commands.c:1624:34: 778 Uncontrolled data used in path expression
    compose/functions.c:1476:30: 777 Uncontrolled data used in path expression
    compose/functions.c:1902:51: 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24: 903 Uncontrolled data used in path expression
    docs/makedoc.c:1433:16: 363 Uncontrolled data used in path expression
    editmsg.c:188:24: 904 Uncontrolled data used in path expression
    gui/global.c:105:30: 783 Uncontrolled data used in path expression
    handler.c:567:29: 786 Uncontrolled data used in path expression
    handler.c:661:24: 787 Uncontrolled data used in path expression
    handler.c:1374:39: 784 Uncontrolled data used in path expression
    handler.c:1429:38: 905 Uncontrolled data used in path expression
    help.c:489:26: 1064 Uncontrolled data used in path expression
    imap/imap.c:2172:29: 788 Uncontrolled data used in path expression
    imap/message.c:1151:24: 790 Uncontrolled data used in path expression
    imap/message.c:2016:31: 789 Uncontrolled data used in path expression
    key/dump.c:227:28: 791 Uncontrolled data used in path expression
    mailcap.c:523:38: 792 Uncontrolled data used in path expression
    maildir/mailbox.c:361:33: 931 Uncontrolled data used in path expression
    maildir/message.c:142:28: 929 Uncontrolled data used in path expression
    main.c:1092:35: 1065 Uncontrolled data used in path expression
    main.c:1115:34: 1066 Uncontrolled data used in path expression
    main.c:1137:33: 1067 Uncontrolled data used in path expression
    main.c:1247:42: 1068 Uncontrolled data used in path expression
    main.c:1263:34: 1069 Uncontrolled data used in path expression
    mbox/mbox.c:1127:17: 795 Uncontrolled data used in path expression
    mbox/mbox.c:1261:24: 907 Uncontrolled data used in path expression
    mutt_body.c:69:39: 797 Uncontrolled data used in path expression
    ncrypt/crypt.c:865:34: 800 Uncontrolled data used in path expression
    ncrypt/crypt.c:938:20: 801 Uncontrolled data used in path expression
    ncrypt/crypt.c:1309:46: 798 Uncontrolled data used in path expression
    ncrypt/crypt.c:1339:24: 799 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:426:34: 805 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:571:30: 804 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2226:42: 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2233:34: 908 Uncontrolled data used in path expression
    ncrypt/gpgme_functions.c:642:30: 1070 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32: 833 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24: 843 Uncontrolled data used in path expression
    ncrypt/pgp.c:776:22: 854 Uncontrolled data used in path expression
    ncrypt/pgp.c:816:42: 823 Uncontrolled data used in path expression
    ncrypt/pgp.c:823:34: 909 Uncontrolled data used in path expression
    ncrypt/pgp.c:907:34: 821 Uncontrolled data used in path expression
    ncrypt/pgp.c:957:20: 822 Uncontrolled data used in path expression
    ncrypt/pgp.c:977:34: 819 Uncontrolled data used in path expression
    ncrypt/pgp.c:994:20: 820 Uncontrolled data used in path expression
    ncrypt/pgp.c:1047:32: 817 Uncontrolled data used in path expression
    ncrypt/pgp.c:1104:20: 818 Uncontrolled data used in path expression
    ncrypt/pgp.c:1346:34: 814 Uncontrolled data used in path expression
    ncrypt/pgp.c:1353:31: 815 Uncontrolled data used in path expression
    ncrypt/pgp.c:1439:58: 816 Uncontrolled data used in path expression
    ncrypt/pgp.c:1600:34: 812 Uncontrolled data used in path expression
    ncrypt/pgp.c:1617:28: 813 Uncontrolled data used in path expression
    ncrypt/pgp.c:1747:37: 807 Uncontrolled data used in path expression
    ncrypt/pgp.c:1792:38: 809 Uncontrolled data used in path expression
    ncrypt/pgp.c:1814:22: 810 Uncontrolled data used in path expression
    ncrypt/pgp.c:1829:20: 811 Uncontrolled data used in path expression
    ncrypt/pgp_functions.c:129:34: 806 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:280:34: 808 Uncontrolled data used in path expression
    ncrypt/smime.c:497:30: 859 Uncontrolled data used in path expression
    ncrypt/smime.c:967:28: 851 Uncontrolled data used in path expression
    ncrypt/smime.c:1001:29: 852 Uncontrolled data used in path expression
    ncrypt/smime.c:1005:22: 853 Uncontrolled data used in path expression
    ncrypt/smime.c:1017:22: 855 Uncontrolled data used in path expression
    ncrypt/smime.c:1023:20: 856 Uncontrolled data used in path expression
    ncrypt/smime.c:1045:22: 857 Uncontrolled data used in path expression
    ncrypt/smime.c:1050:22: 858 Uncontrolled data used in path expression
    ncrypt/smime.c:1078:34: 849 Uncontrolled data used in path expression
    ncrypt/smime.c:1121:22: 850 Uncontrolled data used in path expression
    ncrypt/smime.c:1185:22: 848 Uncontrolled data used in path expression
    ncrypt/smime.c:1213:34: 844 Uncontrolled data used in path expression
    ncrypt/smime.c:1244:24: 845 Uncontrolled data used in path expression
    ncrypt/smime.c:1254:24: 846 Uncontrolled data used in path expression
    ncrypt/smime.c:1267:20: 847 Uncontrolled data used in path expression
    ncrypt/smime.c:1347:28: 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1362:28: 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1396:22: 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1403:20: 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1428:22: 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1450:22: 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1456:22: 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1524:29: 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1532:34: 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1564:22: 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1589:20: 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1597:22: 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1635:22: 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1640:22: 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1722:35: 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1747:34: 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1797:20: 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1848:28: 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1869:22: 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1881:22: 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1900:20: 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2016:22: 1075 Uncontrolled data used in path expression
    nntp/newsrc.c:182:47: 371 Uncontrolled data used in path expression
    nntp/newsrc.c:187:45: 580 Uncontrolled data used in path expression
    nntp/newsrc.c:404:26: 579 Uncontrolled data used in path expression
    nntp/newsrc.c:623:30: 860 Uncontrolled data used in path expression
    nntp/nntp.c:2692:41: 861 Uncontrolled data used in path expression
    pager/functions.c:1027:29: 862 Uncontrolled data used in path expression
    pager/message.c:219:34: 863 Uncontrolled data used in path expression
    pager/message.c:265:22: 864 Uncontrolled data used in path expression
    pattern/exec.c:733:26: 865 Uncontrolled data used in path expression
    pop/pop.c:1035:33: 867 Uncontrolled data used in path expression
    postpone/postpone.c:410:38: 868 Uncontrolled data used in path expression
    recvcmd.c:510:34: 875 Uncontrolled data used in path expression
    recvcmd.c:629:43: 876 Uncontrolled data used in path expression
    recvcmd.c:640:22: 956 Uncontrolled data used in path expression
    recvcmd.c:701:30: 872 Uncontrolled data used in path expression
    recvcmd.c:775:35: 874 Uncontrolled data used in path expression
    recvcmd.c:1012:28: 869 Uncontrolled data used in path expression
    recvcmd.c:1104:39: 870 Uncontrolled data used in path expression
    recvcmd.c:1114:22: 955 Uncontrolled data used in path expression
    rfc3676.c:492:34: 375 Uncontrolled data used in path expression
    rfc3676.c:505:34: 873 Uncontrolled data used in path expression
    send/body.c:339:30: 911 Uncontrolled data used in path expression
    send/send.c:1499:34: 888 Uncontrolled data used in path expression
    send/send.c:1531:25: 889 Uncontrolled data used in path expression
    send/send.c:1537:29: 890 Uncontrolled data used in path expression
    send/send.c:2062:45: 380 Uncontrolled data used in path expression
    send/send.c:2070:49: 381 Uncontrolled data used in path expression
    send/send.c:2495:40: 1076 Uncontrolled data used in path expression
    send/send.c:2504:32: 884 Uncontrolled data used in path expression
    send/send.c:2985:32: 880 Uncontrolled data used in path expression
    send/sendlib.c:114:26: 913 Uncontrolled data used in path expression
    send/sendlib.c:222:38: 887 Uncontrolled data used in path expression
    send/sendlib.c:270:57: 912 Uncontrolled data used in path expression
    send/sendlib.c:289:28: 1077 Uncontrolled data used in path expression
    send/sendlib.c:339:22: 1078 Uncontrolled data used in path expression
    send/sendlib.c:475:31: 1094 Uncontrolled data used in path expression
    send/sendlib.c:856:34: 881 Uncontrolled data used in path expression
    send/sendlib.c:893:53: 882 Uncontrolled data used in path expression
    send/sendlib.c:898:62: 883 Uncontrolled data used in path expression
    send/sendlib.c:1089:30: 879 Uncontrolled data used in path expression

    mutt_config.c:356:46: 1079 Unused static variable
    send/config.c:51:46: 1080 Unused static variable
    send/sendmail.c:174:14: 384 Uncontrolled process operation

    expando/node_conddate.c:94:10: 1043 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9: 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9: 486 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:370:11: 321 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:384:11: 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:592:8: 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:757:8: 1114 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:234:11: 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:348:8: 323 Year field changed using an arithmetic operation without checking for leap year
    mutt_config.c:362:46: 1079 Unused static variable
    send/config.c:51:46: 1080 Unused static variable

    expando/node_conddate.c:88:10: 1099 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9: 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9: 486 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:370:11: 321 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:384:11: 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:592:8: 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:757:8: 1114 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:234:11: 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:348:8: 323 Year field changed using an arithmetic operation without checking for leap year
  15. flatcap revised this gist Sep 27, 2024. 2 changed files with 24 additions and 25 deletions.
    5 changes: 3 additions & 2 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -22,12 +22,12 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 324 Issues
    # 321 Issues

    194 Uncontrolled data used in path expression
    44 For loop variable changed in body
    28 Poorly documented large function
    26 Local variable address stored in non-local memory
    22 Local variable address stored in non-local memory
    11 Long switch case
    9 Year field changed using an arithmetic operation without checking for leap year
    3 Nested loops with same variable
    @@ -37,4 +37,5 @@ v1
    1 Uncontrolled process operation
    1 Uncontrolled data used in OS command
    1 Time-of-check time-of-use filesystem race condition
    1 No trivial switch statements

    44 changes: 21 additions & 23 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -4,8 +4,8 @@ ncrypt/smime.c:921:13: 3 Cleartext transmission of sensitive inform
    maildir/message.c:568:10: 1103 File created without restricting permissions
    mh/shared.c:86:10: 691 File created without restricting permissions

    compose/functions.c:654:9: 187 For loop variable changed in body
    compose/functions.c:666:9: 188 For loop variable changed in body
    compose/functions.c:645:9: 187 For loop variable changed in body
    compose/functions.c:657:9: 188 For loop variable changed in body
    docs/makedoc.c:241:24: 205 For loop variable changed in body
    docs/makedoc.c:263:7: 419 For loop variable changed in body
    docs/makedoc.c:572:17: 415 For loop variable changed in body
    @@ -63,10 +63,6 @@ imap/browse.c:165:3: 341 Local variable address stored in non-local
    imap/browse.c:277:5: 1100 Local variable address stored in non-local memory
    imap/command.c:687:3: 343 Local variable address stored in non-local memory
    imap/imap.c:1304:3: 344 Local variable address stored in non-local memory
    imap/imap.c:2369:3: 588 Local variable address stored in non-local memory
    mixmaster/dlg_mixmaster.c:148:3: 345 Local variable address stored in non-local memory
    mixmaster/win_chain.c:213:3: 346 Local variable address stored in non-local memory
    mixmaster/win_hosts.c:195:3: 347 Local variable address stored in non-local memory
    mutt/notify.c:210:3: 348 Local variable address stored in non-local memory
    mutt_thread.c:1064:5: 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:711:3: 609 Local variable address stored in non-local memory
    @@ -92,14 +88,16 @@ postpone/postpone.c:226:24: 356 Nested loops with same variable
    postpone/postpone.c:261:22: 357 Nested loops with same variable
    postpone/postpone.c:298:16: 358 Nested loops with same variable

    debug/names_expando.c:353:3: 1116 No trivial switch statements

    address/address.c:480:5: 577 Poorly documented large function
    attach/recvattach.c:433:6: 693 Poorly documented large function
    browser/dlg_browser.c:838:5: 602 Poorly documented large function
    convert/content_info.c:49:6: 285 Poorly documented large function
    docs/makedoc.c:318:12: 287 Poorly documented large function
    docs/makedoc.c:886:12: 286 Poorly documented large function
    enriched.c:121:13: 478 Poorly documented large function
    envelope/window.c:543:12: 427 Poorly documented large function
    envelope/window.c:500:12: 427 Poorly documented large function
    handler.c:1129:12: 697 Poorly documented large function
    history/history.c:205:13: 1115 Poorly documented large function
    index/functions.c:1347:12: 292 Poorly documented large function
    @@ -113,11 +111,11 @@ ncrypt/crypt_gpgme.c:3534:14: 296 Poorly documented large function
    ncrypt/pgp.c:1463:7: 295 Poorly documented large function
    notmuch/notmuch.c:2231:22: 298 Poorly documented large function
    pager/pager.c:131:12: 526 Poorly documented large function
    pattern/exec.c:822:13: 299 Poorly documented large function
    pattern/exec.c:844:13: 299 Poorly documented large function
    pop/auth.c:523:5: 300 Poorly documented large function
    recvcmd.c:949:6: 694 Poorly documented large function
    send/send.c:237:12: 301 Poorly documented large function
    send/send.c:1223:12: 574 Poorly documented large function
    send/send.c:234:12: 301 Poorly documented large function
    send/send.c:1220:12: 574 Poorly documented large function
    send/sendlib.c:454:14: 284 Poorly documented large function
    send/smtp.c:623:12: 303 Poorly documented large function

    @@ -185,12 +183,12 @@ commands.c:252:29: 781 Uncontrolled data used in path expression
    commands.c:879:34: 780 Uncontrolled data used in path expression
    commands.c:938:36: 779 Uncontrolled data used in path expression
    commands.c:1624:34: 778 Uncontrolled data used in path expression
    compose/functions.c:1491:30: 777 Uncontrolled data used in path expression
    compose/functions.c:1917:51: 776 Uncontrolled data used in path expression
    compose/functions.c:1476:30: 777 Uncontrolled data used in path expression
    compose/functions.c:1902:51: 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24: 903 Uncontrolled data used in path expression
    docs/makedoc.c:1433:16: 363 Uncontrolled data used in path expression
    editmsg.c:188:24: 904 Uncontrolled data used in path expression
    gui/global.c:105:30: 783 Uncontrolled data used in path expression
    gui/global.c:104:30: 783 Uncontrolled data used in path expression
    handler.c:567:29: 786 Uncontrolled data used in path expression
    handler.c:661:24: 787 Uncontrolled data used in path expression
    handler.c:1374:39: 784 Uncontrolled data used in path expression
    @@ -287,7 +285,7 @@ nntp/nntp.c:2692:41: 861 Uncontrolled data used in path expression
    pager/functions.c:1027:29: 862 Uncontrolled data used in path expression
    pager/message.c:219:34: 863 Uncontrolled data used in path expression
    pager/message.c:265:22: 864 Uncontrolled data used in path expression
    pattern/exec.c:716:26: 865 Uncontrolled data used in path expression
    pattern/exec.c:733:26: 865 Uncontrolled data used in path expression
    pop/pop.c:1035:33: 867 Uncontrolled data used in path expression
    postpone/postpone.c:411:38: 868 Uncontrolled data used in path expression
    recvcmd.c:510:34: 875 Uncontrolled data used in path expression
    @@ -301,14 +299,14 @@ recvcmd.c:1114:22: 955 Uncontrolled data used in path expression
    rfc3676.c:492:34: 375 Uncontrolled data used in path expression
    rfc3676.c:505:34: 873 Uncontrolled data used in path expression
    send/body.c:339:30: 911 Uncontrolled data used in path expression
    send/send.c:1502:34: 888 Uncontrolled data used in path expression
    send/send.c:1548:25: 889 Uncontrolled data used in path expression
    send/send.c:1554:29: 890 Uncontrolled data used in path expression
    send/send.c:2079:45: 380 Uncontrolled data used in path expression
    send/send.c:2087:49: 381 Uncontrolled data used in path expression
    send/send.c:2509:40: 1076 Uncontrolled data used in path expression
    send/send.c:2518:32: 884 Uncontrolled data used in path expression
    send/send.c:2999:32: 880 Uncontrolled data used in path expression
    send/send.c:1499:34: 888 Uncontrolled data used in path expression
    send/send.c:1531:25: 889 Uncontrolled data used in path expression
    send/send.c:1537:29: 890 Uncontrolled data used in path expression
    send/send.c:2062:45: 380 Uncontrolled data used in path expression
    send/send.c:2070:49: 381 Uncontrolled data used in path expression
    send/send.c:2495:40: 1076 Uncontrolled data used in path expression
    send/send.c:2504:32: 884 Uncontrolled data used in path expression
    send/send.c:2985:32: 880 Uncontrolled data used in path expression
    send/sendlib.c:114:26: 913 Uncontrolled data used in path expression
    send/sendlib.c:222:38: 887 Uncontrolled data used in path expression
    send/sendlib.c:270:57: 912 Uncontrolled data used in path expression
    @@ -322,7 +320,7 @@ send/sendlib.c:1089:30: 879 Uncontrolled data used in path expression

    send/sendmail.c:174:14: 384 Uncontrolled process operation

    mutt_config.c:357:46: 1079 Unused static variable
    mutt_config.c:356:46: 1079 Unused static variable
    send/config.c:51:46: 1080 Unused static variable

    expando/node_conddate.c:94:10: 1043 Year field changed using an arithmetic operation without checking for leap year
  16. flatcap revised this gist May 14, 2024. 2 changed files with 325 additions and 335 deletions.
    3 changes: 1 addition & 2 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -22,15 +22,14 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 334 Issues
    # 324 Issues

    194 Uncontrolled data used in path expression
    44 For loop variable changed in body
    28 Poorly documented large function
    26 Local variable address stored in non-local memory
    11 Long switch case
    9 Year field changed using an arithmetic operation without checking for leap year
    8 Missing return-value check for a 'scanf'-like function
    3 Nested loops with same variable
    2 Unused static variable
    2 File created without restricting permissions
    657 changes: 324 additions & 333 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -1,345 +1,336 @@
    ncrypt/smime.c:886:11: 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:921:13: 3 Cleartext transmission of sensitive information
    ncrypt/smime.c:886:11: 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:921:13: 3 Cleartext transmission of sensitive information

    maildir/message.c:568:10: 1103 File created without restricting permissions
    mh/shared.c:86:10: 691 File created without restricting permissions
    maildir/message.c:568:10: 1103 File created without restricting permissions
    mh/shared.c:86:10: 691 File created without restricting permissions

    compose/functions.c:654:9: 187 For loop variable changed in body
    compose/functions.c:666:9: 188 For loop variable changed in body
    docs/makedoc.c:241:24: 205 For loop variable changed in body
    docs/makedoc.c:263:7: 419 For loop variable changed in body
    docs/makedoc.c:572:17: 415 For loop variable changed in body
    docs/makedoc.c:577:17: 416 For loop variable changed in body
    docs/makedoc.c:761:19: 417 For loop variable changed in body
    docs/makedoc.c:766:19: 418 For loop variable changed in body
    docs/makedoc.c:917:7: 189 For loop variable changed in body
    docs/makedoc.c:922:7: 190 For loop variable changed in body
    docs/makedoc.c:928:7: 191 For loop variable changed in body
    docs/makedoc.c:934:7: 192 For loop variable changed in body
    docs/makedoc.c:940:7: 193 For loop variable changed in body
    docs/makedoc.c:946:7: 194 For loop variable changed in body
    docs/makedoc.c:957:7: 195 For loop variable changed in body
    docs/makedoc.c:968:7: 196 For loop variable changed in body
    docs/makedoc.c:975:7: 197 For loop variable changed in body
    docs/makedoc.c:979:9: 198 For loop variable changed in body
    docs/makedoc.c:989:11: 199 For loop variable changed in body
    docs/makedoc.c:996:9: 414 For loop variable changed in body
    email/parse.c:227:17: 507 For loop variable changed in body
    email/parse.c:640:5: 208 For loop variable changed in body
    email/parse.c:645:5: 209 For loop variable changed in body
    email/rfc2047.c:385:9: 1063 For loop variable changed in body
    email/rfc2231.c:119:7: 571 For loop variable changed in body
    email/url.c:205:9: 572 For loop variable changed in body
    imap/utf7.c:119:7: 213 For loop variable changed in body
    imap/utf7.c:129:27: 214 For loop variable changed in body
    mutt/buffer.c:446:20: 932 For loop variable changed in body
    mutt/file.c:1488:28: 508 For loop variable changed in body
    mutt/file.c:1493:11: 509 For loop variable changed in body
    mutt/path.c:80:13: 217 For loop variable changed in body
    mutt/slist.c:199:7: 218 For loop variable changed in body
    mutt_header.c:331:13: 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13: 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13: 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13: 225 For loop variable changed in body
    ncrypt/gnupgparse.c:361:20: 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:199:7: 227 For loop variable changed in body
    ncrypt/gpgme_functions.c:216:9: 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:224:11: 573 For loop variable changed in body
    ncrypt/smime.c:444:20: 231 For loop variable changed in body
    nntp/complete.c:66:9: 230 For loop variable changed in body
    pattern/pattern.c:120:7: 483 For loop variable changed in body
    compose/functions.c:654:9: 187 For loop variable changed in body
    compose/functions.c:666:9: 188 For loop variable changed in body
    docs/makedoc.c:241:24: 205 For loop variable changed in body
    docs/makedoc.c:263:7: 419 For loop variable changed in body
    docs/makedoc.c:572:17: 415 For loop variable changed in body
    docs/makedoc.c:577:17: 416 For loop variable changed in body
    docs/makedoc.c:761:19: 417 For loop variable changed in body
    docs/makedoc.c:766:19: 418 For loop variable changed in body
    docs/makedoc.c:917:7: 189 For loop variable changed in body
    docs/makedoc.c:922:7: 190 For loop variable changed in body
    docs/makedoc.c:928:7: 191 For loop variable changed in body
    docs/makedoc.c:934:7: 192 For loop variable changed in body
    docs/makedoc.c:940:7: 193 For loop variable changed in body
    docs/makedoc.c:946:7: 194 For loop variable changed in body
    docs/makedoc.c:957:7: 195 For loop variable changed in body
    docs/makedoc.c:968:7: 196 For loop variable changed in body
    docs/makedoc.c:975:7: 197 For loop variable changed in body
    docs/makedoc.c:979:9: 198 For loop variable changed in body
    docs/makedoc.c:989:11: 199 For loop variable changed in body
    docs/makedoc.c:996:9: 414 For loop variable changed in body
    email/parse.c:227:17: 507 For loop variable changed in body
    email/parse.c:640:5: 208 For loop variable changed in body
    email/parse.c:645:5: 209 For loop variable changed in body
    email/rfc2047.c:385:9: 1063 For loop variable changed in body
    email/rfc2231.c:119:7: 571 For loop variable changed in body
    email/url.c:205:9: 572 For loop variable changed in body
    imap/utf7.c:119:7: 213 For loop variable changed in body
    imap/utf7.c:129:27: 214 For loop variable changed in body
    mutt/buffer.c:446:20: 932 For loop variable changed in body
    mutt/file.c:1488:28: 508 For loop variable changed in body
    mutt/file.c:1493:11: 509 For loop variable changed in body
    mutt/path.c:80:13: 217 For loop variable changed in body
    mutt/slist.c:199:7: 218 For loop variable changed in body
    mutt_header.c:331:13: 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13: 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13: 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13: 225 For loop variable changed in body
    ncrypt/gnupgparse.c:361:20: 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:199:7: 227 For loop variable changed in body
    ncrypt/gpgme_functions.c:216:9: 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:224:11: 573 For loop variable changed in body
    ncrypt/smime.c:444:20: 231 For loop variable changed in body
    nntp/complete.c:66:9: 230 For loop variable changed in body
    pattern/pattern.c:120:7: 483 For loop variable changed in body

    alias/dlg_alias.c:343:3: 325 Local variable address stored in non-local memory
    alias/dlg_query.c:390:3: 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1301:3: 605 Local variable address stored in non-local memory
    browser/dlg_browser.c:1302:3: 606 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3: 331 Local variable address stored in non-local memory
    editor/window.c:299:3: 667 Local variable address stored in non-local memory
    email/parse.c:258:9: 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5: 336 Local variable address stored in non-local memory
    email/thread.c:112:3: 527 Local variable address stored in non-local memory
    history/dlg_history.c:156:3: 666 Local variable address stored in non-local memory
    imap/browse.c:165:3: 341 Local variable address stored in non-local memory
    imap/browse.c:277:5: 1100 Local variable address stored in non-local memory
    imap/command.c:687:3: 343 Local variable address stored in non-local memory
    imap/imap.c:1304:3: 344 Local variable address stored in non-local memory
    imap/imap.c:2369:3: 588 Local variable address stored in non-local memory
    mixmaster/dlg_mixmaster.c:148:3: 345 Local variable address stored in non-local memory
    mixmaster/win_chain.c:213:3: 346 Local variable address stored in non-local memory
    mixmaster/win_hosts.c:195:3: 347 Local variable address stored in non-local memory
    mutt/notify.c:210:3: 348 Local variable address stored in non-local memory
    mutt_thread.c:1064:5: 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:711:3: 609 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:705:3: 608 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:228:3: 352 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3: 353 Local variable address stored in non-local memory
    pattern/dlg_pattern.c:348:3: 610 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:222:3: 611 Local variable address stored in non-local memory
    alias/dlg_alias.c:343:3: 325 Local variable address stored in non-local memory
    alias/dlg_query.c:390:3: 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1301:3: 605 Local variable address stored in non-local memory
    browser/dlg_browser.c:1302:3: 606 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3: 331 Local variable address stored in non-local memory
    editor/window.c:299:3: 667 Local variable address stored in non-local memory
    email/parse.c:258:9: 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5: 336 Local variable address stored in non-local memory
    email/thread.c:112:3: 527 Local variable address stored in non-local memory
    history/dlg_history.c:156:3: 666 Local variable address stored in non-local memory
    imap/browse.c:165:3: 341 Local variable address stored in non-local memory
    imap/browse.c:277:5: 1100 Local variable address stored in non-local memory
    imap/command.c:687:3: 343 Local variable address stored in non-local memory
    imap/imap.c:1304:3: 344 Local variable address stored in non-local memory
    imap/imap.c:2369:3: 588 Local variable address stored in non-local memory
    mixmaster/dlg_mixmaster.c:148:3: 345 Local variable address stored in non-local memory
    mixmaster/win_chain.c:213:3: 346 Local variable address stored in non-local memory
    mixmaster/win_hosts.c:195:3: 347 Local variable address stored in non-local memory
    mutt/notify.c:210:3: 348 Local variable address stored in non-local memory
    mutt_thread.c:1064:5: 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:711:3: 609 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:705:3: 608 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:228:3: 352 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3: 353 Local variable address stored in non-local memory
    pattern/dlg_pattern.c:348:3: 610 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:222:3: 611 Local variable address stored in non-local memory

    docs/makedoc.c:324:3: 12 Long switch case
    docs/makedoc.c:446:7: 413 Long switch case
    docs/makedoc.c:1194:3: 412 Long switch case
    email/parse.c:687:3: 521 Long switch case
    flags.c:72:3: 575 Long switch case
    muttlib.c:138:5: 513 Long switch case
    ncrypt/gnupgparse.c:174:5: 19 Long switch case
    ncrypt/smime.c:2188:5: 20 Long switch case
    notmuch/notmuch.c:1367:3: 21 Long switch case
    pattern/compile.c:373:5: 23 Long switch case
    pattern/compile.c:936:5: 692 Long switch case
    docs/makedoc.c:324:3: 12 Long switch case
    docs/makedoc.c:446:7: 413 Long switch case
    docs/makedoc.c:1194:3: 412 Long switch case
    email/parse.c:687:3: 521 Long switch case
    flags.c:72:3: 575 Long switch case
    muttlib.c:138:5: 513 Long switch case
    ncrypt/gnupgparse.c:174:5: 19 Long switch case
    ncrypt/smime.c:2188:5: 20 Long switch case
    notmuch/notmuch.c:1367:3: 21 Long switch case
    pattern/compile.c:373:5: 23 Long switch case
    pattern/compile.c:936:5: 692 Long switch case

    mutt/date.c:767:8: 245 Missing return-value check for a 'scanf'-like function
    mutt/date.c:767:23: 246 Missing return-value check for a 'scanf'-like function
    mutt/date.c:781:18: 251 Missing return-value check for a 'scanf'-like function
    mutt/date.c:877:21: 239 Missing return-value check for a 'scanf'-like function
    mutt/date.c:879:68: 240 Missing return-value check for a 'scanf'-like function
    mutt/date.c:879:76: 241 Missing return-value check for a 'scanf'-like function
    pop/pop.c:574:8: 261 Missing return-value check for a 'scanf'-like function
    pop/pop.c:606:59: 264 Missing return-value check for a 'scanf'-like function
    postpone/postpone.c:226:24: 356 Nested loops with same variable
    postpone/postpone.c:261:22: 357 Nested loops with same variable
    postpone/postpone.c:298:16: 358 Nested loops with same variable

    postpone/postpone.c:226:24: 356 Nested loops with same variable
    postpone/postpone.c:261:22: 357 Nested loops with same variable
    postpone/postpone.c:298:16: 358 Nested loops with same variable
    address/address.c:480:5: 577 Poorly documented large function
    attach/recvattach.c:433:6: 693 Poorly documented large function
    browser/dlg_browser.c:838:5: 602 Poorly documented large function
    convert/content_info.c:49:6: 285 Poorly documented large function
    docs/makedoc.c:318:12: 287 Poorly documented large function
    docs/makedoc.c:886:12: 286 Poorly documented large function
    enriched.c:121:13: 478 Poorly documented large function
    envelope/window.c:543:12: 427 Poorly documented large function
    handler.c:1129:12: 697 Poorly documented large function
    history/history.c:205:13: 1115 Poorly documented large function
    index/functions.c:1347:12: 292 Poorly documented large function
    index/functions.c:1465:12: 291 Poorly documented large function
    mbox/mbox.c:184:27: 293 Poorly documented large function
    mutt/filter.c:62:7: 659 Poorly documented large function
    mutt_thread.c:236:13: 294 Poorly documented large function
    ncrypt/crypt.c:1117:5: 1104 Poorly documented large function
    ncrypt/crypt.c:1238:5: 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14: 296 Poorly documented large function
    ncrypt/pgp.c:1463:7: 295 Poorly documented large function
    notmuch/notmuch.c:2231:22: 298 Poorly documented large function
    pager/pager.c:131:12: 526 Poorly documented large function
    pattern/exec.c:822:13: 299 Poorly documented large function
    pop/auth.c:523:5: 300 Poorly documented large function
    recvcmd.c:949:6: 694 Poorly documented large function
    send/send.c:237:12: 301 Poorly documented large function
    send/send.c:1223:12: 574 Poorly documented large function
    send/sendlib.c:454:14: 284 Poorly documented large function
    send/smtp.c:623:12: 303 Poorly documented large function

    address/address.c:480:5: 577 Poorly documented large function
    attach/recvattach.c:433:6: 693 Poorly documented large function
    browser/dlg_browser.c:838:5: 602 Poorly documented large function
    convert/content_info.c:49:6: 285 Poorly documented large function
    docs/makedoc.c:318:12: 287 Poorly documented large function
    docs/makedoc.c:886:12: 286 Poorly documented large function
    enriched.c:121:13: 478 Poorly documented large function
    envelope/window.c:543:12: 427 Poorly documented large function
    handler.c:1129:12: 697 Poorly documented large function
    history/history.c:205:13: 290 Poorly documented large function
    index/functions.c:1347:12: 292 Poorly documented large function
    index/functions.c:1465:12: 291 Poorly documented large function
    mbox/mbox.c:184:27: 293 Poorly documented large function
    mutt/filter.c:62:7: 659 Poorly documented large function
    mutt_thread.c:236:13: 294 Poorly documented large function
    ncrypt/crypt.c:1117:5: 1104 Poorly documented large function
    ncrypt/crypt.c:1238:5: 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14: 296 Poorly documented large function
    ncrypt/pgp.c:1463:7: 295 Poorly documented large function
    notmuch/notmuch.c:2231:22: 298 Poorly documented large function
    pager/pager.c:131:12: 526 Poorly documented large function
    pattern/exec.c:822:13: 299 Poorly documented large function
    pop/auth.c:523:5: 300 Poorly documented large function
    recvcmd.c:949:6: 694 Poorly documented large function
    send/send.c:237:12: 301 Poorly documented large function
    send/send.c:1223:12: 574 Poorly documented large function
    send/sendlib.c:454:14: 284 Poorly documented large function
    send/smtp.c:623:12: 303 Poorly documented large function
    mutt/file.c:245:3: 6 Time-of-check time-of-use filesystem race condition

    mutt/file.c:245:3: 6 Time-of-check time-of-use filesystem race condition
    mutt/filter.c:151:36: 1098 Uncontrolled data used in OS command

    mutt/filter.c:151:36: 1098 Uncontrolled data used in OS command
    alias/alias.c:524:30: 894 Uncontrolled data used in path expression
    attach/cid.c:127:35: 727 Uncontrolled data used in path expression
    attach/cid.c:186:33: 725 Uncontrolled data used in path expression
    attach/cid.c:197:28: 726 Uncontrolled data used in path expression
    attach/mutt_attach.c:89:33: 774 Uncontrolled data used in path expression
    attach/mutt_attach.c:170:41: 1105 Uncontrolled data used in path expression
    attach/mutt_attach.c:209:44: 772 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:33: 1106 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:34: 773 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:58: 1107 Uncontrolled data used in path expression
    attach/mutt_attach.c:490:37: 763 Uncontrolled data used in path expression
    attach/mutt_attach.c:494:46: 764 Uncontrolled data used in path expression
    attach/mutt_attach.c:547:39: 1095 Uncontrolled data used in path expression
    attach/mutt_attach.c:555:40: 766 Uncontrolled data used in path expression
    attach/mutt_attach.c:630:40: 767 Uncontrolled data used in path expression
    attach/mutt_attach.c:648:41: 768 Uncontrolled data used in path expression
    attach/mutt_attach.c:652:48: 769 Uncontrolled data used in path expression
    attach/mutt_attach.c:662:46: 770 Uncontrolled data used in path expression
    attach/mutt_attach.c:720:22: 771 Uncontrolled data used in path expression
    attach/mutt_attach.c:787:36: 756 Uncontrolled data used in path expression
    attach/mutt_attach.c:800:48: 757 Uncontrolled data used in path expression
    attach/mutt_attach.c:802:36: 758 Uncontrolled data used in path expression
    attach/mutt_attach.c:825:39: 759 Uncontrolled data used in path expression
    attach/mutt_attach.c:831:48: 760 Uncontrolled data used in path expression
    attach/mutt_attach.c:839:29: 902 Uncontrolled data used in path expression
    attach/mutt_attach.c:868:22: 762 Uncontrolled data used in path expression
    attach/mutt_attach.c:998:39: 901 Uncontrolled data used in path expression
    attach/mutt_attach.c:1074:38: 1092 Uncontrolled data used in path expression
    attach/mutt_attach.c:1168:37: 748 Uncontrolled data used in path expression
    attach/mutt_attach.c:1174:46: 749 Uncontrolled data used in path expression
    attach/mutt_attach.c:1186:31: 899 Uncontrolled data used in path expression
    attach/mutt_attach.c:1222:24: 751 Uncontrolled data used in path expression
    attach/mutt_attach.c:1242:44: 752 Uncontrolled data used in path expression
    attach/mutt_attach.c:1249:31: 900 Uncontrolled data used in path expression
    attach/mutt_attach.c:1282:24: 754 Uncontrolled data used in path expression
    attach/recvattach.c:249:46: 746 Uncontrolled data used in path expression
    attach/recvattach.c:257:22: 747 Uncontrolled data used in path expression
    attach/recvattach.c:353:46: 745 Uncontrolled data used in path expression
    attach/recvattach.c:415:45: 744 Uncontrolled data used in path expression
    attach/recvattach.c:506:51: 897 Uncontrolled data used in path expression
    attach/recvattach.c:507:68: 898 Uncontrolled data used in path expression
    attach/recvattach.c:568:44: 739 Uncontrolled data used in path expression
    attach/recvattach.c:573:24: 740 Uncontrolled data used in path expression
    attach/recvattach.c:581:24: 741 Uncontrolled data used in path expression
    attach/recvattach.c:615:36: 733 Uncontrolled data used in path expression
    attach/recvattach.c:629:36: 734 Uncontrolled data used in path expression
    attach/recvattach.c:649:39: 735 Uncontrolled data used in path expression
    attach/recvattach.c:652:48: 736 Uncontrolled data used in path expression
    attach/recvattach.c:660:29: 896 Uncontrolled data used in path expression
    attach/recvattach.c:679:22: 738 Uncontrolled data used in path expression
    attach/recvattach.c:849:50: 730 Uncontrolled data used in path expression
    attach/recvattach.c:858:37: 895 Uncontrolled data used in path expression
    attach/recvattach.c:867:28: 732 Uncontrolled data used in path expression
    bcache/bcache.c:196:30: 729 Uncontrolled data used in path expression
    bcache/bcache.c:242:30: 728 Uncontrolled data used in path expression
    color/dump.c:455:30: 775 Uncontrolled data used in path expression
    commands.c:252:29: 781 Uncontrolled data used in path expression
    commands.c:879:34: 780 Uncontrolled data used in path expression
    commands.c:938:36: 779 Uncontrolled data used in path expression
    commands.c:1624:34: 778 Uncontrolled data used in path expression
    compose/functions.c:1491:30: 777 Uncontrolled data used in path expression
    compose/functions.c:1917:51: 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24: 903 Uncontrolled data used in path expression
    docs/makedoc.c:1433:16: 363 Uncontrolled data used in path expression
    editmsg.c:188:24: 904 Uncontrolled data used in path expression
    gui/global.c:105:30: 783 Uncontrolled data used in path expression
    handler.c:567:29: 786 Uncontrolled data used in path expression
    handler.c:661:24: 787 Uncontrolled data used in path expression
    handler.c:1374:39: 784 Uncontrolled data used in path expression
    handler.c:1429:38: 905 Uncontrolled data used in path expression
    help.c:489:26: 1064 Uncontrolled data used in path expression
    imap/imap.c:2172:29: 788 Uncontrolled data used in path expression
    imap/message.c:1151:24: 790 Uncontrolled data used in path expression
    imap/message.c:2016:31: 789 Uncontrolled data used in path expression
    key/dump.c:227:28: 791 Uncontrolled data used in path expression
    mailcap.c:523:38: 792 Uncontrolled data used in path expression
    maildir/mailbox.c:361:33: 931 Uncontrolled data used in path expression
    maildir/message.c:142:28: 929 Uncontrolled data used in path expression
    main.c:1092:35: 1065 Uncontrolled data used in path expression
    main.c:1115:34: 1066 Uncontrolled data used in path expression
    main.c:1137:33: 1067 Uncontrolled data used in path expression
    main.c:1247:42: 1068 Uncontrolled data used in path expression
    main.c:1263:34: 1069 Uncontrolled data used in path expression
    mbox/mbox.c:1127:17: 795 Uncontrolled data used in path expression
    mbox/mbox.c:1261:24: 907 Uncontrolled data used in path expression
    mutt_body.c:69:39: 797 Uncontrolled data used in path expression
    ncrypt/crypt.c:865:34: 800 Uncontrolled data used in path expression
    ncrypt/crypt.c:938:20: 801 Uncontrolled data used in path expression
    ncrypt/crypt.c:1309:46: 798 Uncontrolled data used in path expression
    ncrypt/crypt.c:1339:24: 799 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:426:34: 805 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:571:30: 804 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2226:42: 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2233:34: 908 Uncontrolled data used in path expression
    ncrypt/gpgme_functions.c:642:30: 1070 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32: 833 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24: 843 Uncontrolled data used in path expression
    ncrypt/pgp.c:776:22: 854 Uncontrolled data used in path expression
    ncrypt/pgp.c:816:42: 823 Uncontrolled data used in path expression
    ncrypt/pgp.c:823:34: 909 Uncontrolled data used in path expression
    ncrypt/pgp.c:907:34: 821 Uncontrolled data used in path expression
    ncrypt/pgp.c:957:20: 822 Uncontrolled data used in path expression
    ncrypt/pgp.c:977:34: 819 Uncontrolled data used in path expression
    ncrypt/pgp.c:994:20: 820 Uncontrolled data used in path expression
    ncrypt/pgp.c:1047:32: 817 Uncontrolled data used in path expression
    ncrypt/pgp.c:1104:20: 818 Uncontrolled data used in path expression
    ncrypt/pgp.c:1346:34: 814 Uncontrolled data used in path expression
    ncrypt/pgp.c:1353:31: 815 Uncontrolled data used in path expression
    ncrypt/pgp.c:1439:58: 816 Uncontrolled data used in path expression
    ncrypt/pgp.c:1600:34: 812 Uncontrolled data used in path expression
    ncrypt/pgp.c:1617:28: 813 Uncontrolled data used in path expression
    ncrypt/pgp.c:1747:37: 807 Uncontrolled data used in path expression
    ncrypt/pgp.c:1792:38: 809 Uncontrolled data used in path expression
    ncrypt/pgp.c:1814:22: 810 Uncontrolled data used in path expression
    ncrypt/pgp.c:1829:20: 811 Uncontrolled data used in path expression
    ncrypt/pgp_functions.c:129:34: 806 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:280:34: 808 Uncontrolled data used in path expression
    ncrypt/smime.c:497:30: 859 Uncontrolled data used in path expression
    ncrypt/smime.c:967:28: 851 Uncontrolled data used in path expression
    ncrypt/smime.c:1001:29: 852 Uncontrolled data used in path expression
    ncrypt/smime.c:1005:22: 853 Uncontrolled data used in path expression
    ncrypt/smime.c:1017:22: 855 Uncontrolled data used in path expression
    ncrypt/smime.c:1023:20: 856 Uncontrolled data used in path expression
    ncrypt/smime.c:1045:22: 857 Uncontrolled data used in path expression
    ncrypt/smime.c:1050:22: 858 Uncontrolled data used in path expression
    ncrypt/smime.c:1078:34: 849 Uncontrolled data used in path expression
    ncrypt/smime.c:1121:22: 850 Uncontrolled data used in path expression
    ncrypt/smime.c:1185:22: 848 Uncontrolled data used in path expression
    ncrypt/smime.c:1213:34: 844 Uncontrolled data used in path expression
    ncrypt/smime.c:1244:24: 845 Uncontrolled data used in path expression
    ncrypt/smime.c:1254:24: 846 Uncontrolled data used in path expression
    ncrypt/smime.c:1267:20: 847 Uncontrolled data used in path expression
    ncrypt/smime.c:1347:28: 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1362:28: 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1396:22: 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1403:20: 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1428:22: 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1450:22: 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1456:22: 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1524:29: 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1532:34: 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1564:22: 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1589:20: 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1597:22: 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1635:22: 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1640:22: 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1722:35: 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1747:34: 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1797:20: 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1848:28: 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1869:22: 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1881:22: 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1900:20: 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2016:22: 1075 Uncontrolled data used in path expression
    nntp/newsrc.c:182:47: 371 Uncontrolled data used in path expression
    nntp/newsrc.c:187:45: 580 Uncontrolled data used in path expression
    nntp/newsrc.c:404:26: 579 Uncontrolled data used in path expression
    nntp/newsrc.c:623:30: 860 Uncontrolled data used in path expression
    nntp/nntp.c:2692:41: 861 Uncontrolled data used in path expression
    pager/functions.c:1027:29: 862 Uncontrolled data used in path expression
    pager/message.c:219:34: 863 Uncontrolled data used in path expression
    pager/message.c:265:22: 864 Uncontrolled data used in path expression
    pattern/exec.c:716:26: 865 Uncontrolled data used in path expression
    pop/pop.c:1035:33: 867 Uncontrolled data used in path expression
    postpone/postpone.c:411:38: 868 Uncontrolled data used in path expression
    recvcmd.c:510:34: 875 Uncontrolled data used in path expression
    recvcmd.c:629:43: 876 Uncontrolled data used in path expression
    recvcmd.c:640:22: 956 Uncontrolled data used in path expression
    recvcmd.c:701:30: 872 Uncontrolled data used in path expression
    recvcmd.c:775:35: 874 Uncontrolled data used in path expression
    recvcmd.c:1012:28: 869 Uncontrolled data used in path expression
    recvcmd.c:1104:39: 870 Uncontrolled data used in path expression
    recvcmd.c:1114:22: 955 Uncontrolled data used in path expression
    rfc3676.c:492:34: 375 Uncontrolled data used in path expression
    rfc3676.c:505:34: 873 Uncontrolled data used in path expression
    send/body.c:339:30: 911 Uncontrolled data used in path expression
    send/send.c:1502:34: 888 Uncontrolled data used in path expression
    send/send.c:1548:25: 889 Uncontrolled data used in path expression
    send/send.c:1554:29: 890 Uncontrolled data used in path expression
    send/send.c:2079:45: 380 Uncontrolled data used in path expression
    send/send.c:2087:49: 381 Uncontrolled data used in path expression
    send/send.c:2509:40: 1076 Uncontrolled data used in path expression
    send/send.c:2518:32: 884 Uncontrolled data used in path expression
    send/send.c:2999:32: 880 Uncontrolled data used in path expression
    send/sendlib.c:114:26: 913 Uncontrolled data used in path expression
    send/sendlib.c:222:38: 887 Uncontrolled data used in path expression
    send/sendlib.c:270:57: 912 Uncontrolled data used in path expression
    send/sendlib.c:289:28: 1077 Uncontrolled data used in path expression
    send/sendlib.c:339:22: 1078 Uncontrolled data used in path expression
    send/sendlib.c:475:31: 1094 Uncontrolled data used in path expression
    send/sendlib.c:856:34: 881 Uncontrolled data used in path expression
    send/sendlib.c:893:53: 882 Uncontrolled data used in path expression
    send/sendlib.c:898:62: 883 Uncontrolled data used in path expression
    send/sendlib.c:1089:30: 879 Uncontrolled data used in path expression

    alias/alias.c:524:30: 894 Uncontrolled data used in path expression
    attach/cid.c:127:35: 727 Uncontrolled data used in path expression
    attach/cid.c:186:33: 725 Uncontrolled data used in path expression
    attach/cid.c:197:28: 726 Uncontrolled data used in path expression
    attach/mutt_attach.c:89:33: 774 Uncontrolled data used in path expression
    attach/mutt_attach.c:170:41: 1105 Uncontrolled data used in path expression
    attach/mutt_attach.c:209:44: 772 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:33: 1106 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:34: 773 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:58: 1107 Uncontrolled data used in path expression
    attach/mutt_attach.c:490:37: 763 Uncontrolled data used in path expression
    attach/mutt_attach.c:494:46: 764 Uncontrolled data used in path expression
    attach/mutt_attach.c:547:39: 1095 Uncontrolled data used in path expression
    attach/mutt_attach.c:555:40: 766 Uncontrolled data used in path expression
    attach/mutt_attach.c:630:40: 767 Uncontrolled data used in path expression
    attach/mutt_attach.c:648:41: 768 Uncontrolled data used in path expression
    attach/mutt_attach.c:652:48: 769 Uncontrolled data used in path expression
    attach/mutt_attach.c:662:46: 770 Uncontrolled data used in path expression
    attach/mutt_attach.c:720:22: 771 Uncontrolled data used in path expression
    attach/mutt_attach.c:787:36: 756 Uncontrolled data used in path expression
    attach/mutt_attach.c:800:48: 757 Uncontrolled data used in path expression
    attach/mutt_attach.c:802:36: 758 Uncontrolled data used in path expression
    attach/mutt_attach.c:825:39: 759 Uncontrolled data used in path expression
    attach/mutt_attach.c:831:48: 760 Uncontrolled data used in path expression
    attach/mutt_attach.c:839:29: 902 Uncontrolled data used in path expression
    attach/mutt_attach.c:868:22: 762 Uncontrolled data used in path expression
    attach/mutt_attach.c:998:39: 901 Uncontrolled data used in path expression
    attach/mutt_attach.c:1074:38: 1092 Uncontrolled data used in path expression
    attach/mutt_attach.c:1168:37: 748 Uncontrolled data used in path expression
    attach/mutt_attach.c:1174:46: 749 Uncontrolled data used in path expression
    attach/mutt_attach.c:1186:31: 899 Uncontrolled data used in path expression
    attach/mutt_attach.c:1222:24: 751 Uncontrolled data used in path expression
    attach/mutt_attach.c:1242:44: 752 Uncontrolled data used in path expression
    attach/mutt_attach.c:1249:31: 900 Uncontrolled data used in path expression
    attach/mutt_attach.c:1282:24: 754 Uncontrolled data used in path expression
    attach/recvattach.c:249:46: 746 Uncontrolled data used in path expression
    attach/recvattach.c:257:22: 747 Uncontrolled data used in path expression
    attach/recvattach.c:353:46: 745 Uncontrolled data used in path expression
    attach/recvattach.c:415:45: 744 Uncontrolled data used in path expression
    attach/recvattach.c:506:51: 897 Uncontrolled data used in path expression
    attach/recvattach.c:507:68: 898 Uncontrolled data used in path expression
    attach/recvattach.c:568:44: 739 Uncontrolled data used in path expression
    attach/recvattach.c:573:24: 740 Uncontrolled data used in path expression
    attach/recvattach.c:581:24: 741 Uncontrolled data used in path expression
    attach/recvattach.c:615:36: 733 Uncontrolled data used in path expression
    attach/recvattach.c:629:36: 734 Uncontrolled data used in path expression
    attach/recvattach.c:649:39: 735 Uncontrolled data used in path expression
    attach/recvattach.c:652:48: 736 Uncontrolled data used in path expression
    attach/recvattach.c:660:29: 896 Uncontrolled data used in path expression
    attach/recvattach.c:679:22: 738 Uncontrolled data used in path expression
    attach/recvattach.c:849:50: 730 Uncontrolled data used in path expression
    attach/recvattach.c:858:37: 895 Uncontrolled data used in path expression
    attach/recvattach.c:867:28: 732 Uncontrolled data used in path expression
    bcache/bcache.c:196:30: 729 Uncontrolled data used in path expression
    bcache/bcache.c:242:30: 728 Uncontrolled data used in path expression
    color/dump.c:455:30: 775 Uncontrolled data used in path expression
    commands.c:252:29: 781 Uncontrolled data used in path expression
    commands.c:879:34: 780 Uncontrolled data used in path expression
    commands.c:938:36: 779 Uncontrolled data used in path expression
    commands.c:1624:34: 778 Uncontrolled data used in path expression
    compose/functions.c:1491:30: 777 Uncontrolled data used in path expression
    compose/functions.c:1917:51: 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24: 903 Uncontrolled data used in path expression
    docs/makedoc.c:1433:16: 363 Uncontrolled data used in path expression
    editmsg.c:188:24: 904 Uncontrolled data used in path expression
    gui/global.c:105:30: 783 Uncontrolled data used in path expression
    handler.c:567:29: 786 Uncontrolled data used in path expression
    handler.c:661:24: 787 Uncontrolled data used in path expression
    handler.c:1374:39: 784 Uncontrolled data used in path expression
    handler.c:1429:38: 905 Uncontrolled data used in path expression
    help.c:489:26: 1064 Uncontrolled data used in path expression
    imap/imap.c:2172:29: 788 Uncontrolled data used in path expression
    imap/message.c:1151:24: 790 Uncontrolled data used in path expression
    imap/message.c:2016:31: 789 Uncontrolled data used in path expression
    key/dump.c:227:28: 791 Uncontrolled data used in path expression
    mailcap.c:523:38: 792 Uncontrolled data used in path expression
    maildir/mailbox.c:361:33: 931 Uncontrolled data used in path expression
    maildir/message.c:142:28: 929 Uncontrolled data used in path expression
    main.c:1092:35: 1065 Uncontrolled data used in path expression
    main.c:1115:34: 1066 Uncontrolled data used in path expression
    main.c:1137:33: 1067 Uncontrolled data used in path expression
    main.c:1247:42: 1068 Uncontrolled data used in path expression
    main.c:1263:34: 1069 Uncontrolled data used in path expression
    mbox/mbox.c:1127:17: 795 Uncontrolled data used in path expression
    mbox/mbox.c:1261:24: 907 Uncontrolled data used in path expression
    mutt_body.c:69:39: 797 Uncontrolled data used in path expression
    ncrypt/crypt.c:865:34: 800 Uncontrolled data used in path expression
    ncrypt/crypt.c:938:20: 801 Uncontrolled data used in path expression
    ncrypt/crypt.c:1309:46: 798 Uncontrolled data used in path expression
    ncrypt/crypt.c:1339:24: 799 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:426:34: 805 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:571:30: 804 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2226:42: 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2233:34: 908 Uncontrolled data used in path expression
    ncrypt/gpgme_functions.c:642:30: 1070 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32: 833 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24: 843 Uncontrolled data used in path expression
    ncrypt/pgp.c:776:22: 854 Uncontrolled data used in path expression
    ncrypt/pgp.c:816:42: 823 Uncontrolled data used in path expression
    ncrypt/pgp.c:823:34: 909 Uncontrolled data used in path expression
    ncrypt/pgp.c:907:34: 821 Uncontrolled data used in path expression
    ncrypt/pgp.c:957:20: 822 Uncontrolled data used in path expression
    ncrypt/pgp.c:977:34: 819 Uncontrolled data used in path expression
    ncrypt/pgp.c:994:20: 820 Uncontrolled data used in path expression
    ncrypt/pgp.c:1047:32: 817 Uncontrolled data used in path expression
    ncrypt/pgp.c:1104:20: 818 Uncontrolled data used in path expression
    ncrypt/pgp.c:1346:34: 814 Uncontrolled data used in path expression
    ncrypt/pgp.c:1353:31: 815 Uncontrolled data used in path expression
    ncrypt/pgp.c:1439:58: 816 Uncontrolled data used in path expression
    ncrypt/pgp.c:1600:34: 812 Uncontrolled data used in path expression
    ncrypt/pgp.c:1617:28: 813 Uncontrolled data used in path expression
    ncrypt/pgp.c:1747:37: 807 Uncontrolled data used in path expression
    ncrypt/pgp.c:1792:38: 809 Uncontrolled data used in path expression
    ncrypt/pgp.c:1814:22: 810 Uncontrolled data used in path expression
    ncrypt/pgp.c:1829:20: 811 Uncontrolled data used in path expression
    ncrypt/pgp_functions.c:129:34: 806 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:280:34: 808 Uncontrolled data used in path expression
    ncrypt/smime.c:497:30: 859 Uncontrolled data used in path expression
    ncrypt/smime.c:967:28: 851 Uncontrolled data used in path expression
    ncrypt/smime.c:1001:29: 852 Uncontrolled data used in path expression
    ncrypt/smime.c:1005:22: 853 Uncontrolled data used in path expression
    ncrypt/smime.c:1017:22: 855 Uncontrolled data used in path expression
    ncrypt/smime.c:1023:20: 856 Uncontrolled data used in path expression
    ncrypt/smime.c:1045:22: 857 Uncontrolled data used in path expression
    ncrypt/smime.c:1050:22: 858 Uncontrolled data used in path expression
    ncrypt/smime.c:1078:34: 849 Uncontrolled data used in path expression
    ncrypt/smime.c:1121:22: 850 Uncontrolled data used in path expression
    ncrypt/smime.c:1185:22: 848 Uncontrolled data used in path expression
    ncrypt/smime.c:1213:34: 844 Uncontrolled data used in path expression
    ncrypt/smime.c:1244:24: 845 Uncontrolled data used in path expression
    ncrypt/smime.c:1254:24: 846 Uncontrolled data used in path expression
    ncrypt/smime.c:1267:20: 847 Uncontrolled data used in path expression
    ncrypt/smime.c:1347:28: 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1362:28: 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1396:22: 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1403:20: 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1428:22: 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1450:22: 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1456:22: 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1524:29: 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1532:34: 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1564:22: 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1589:20: 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1597:22: 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1635:22: 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1640:22: 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1722:35: 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1747:34: 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1797:20: 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1848:28: 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1869:22: 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1881:22: 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1900:20: 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2016:22: 1075 Uncontrolled data used in path expression
    nntp/newsrc.c:182:47: 371 Uncontrolled data used in path expression
    nntp/newsrc.c:187:45: 580 Uncontrolled data used in path expression
    nntp/newsrc.c:404:26: 579 Uncontrolled data used in path expression
    nntp/newsrc.c:623:30: 860 Uncontrolled data used in path expression
    nntp/nntp.c:2692:41: 861 Uncontrolled data used in path expression
    pager/functions.c:1027:29: 862 Uncontrolled data used in path expression
    pager/message.c:219:34: 863 Uncontrolled data used in path expression
    pager/message.c:265:22: 864 Uncontrolled data used in path expression
    pattern/exec.c:716:26: 865 Uncontrolled data used in path expression
    pop/pop.c:1035:33: 867 Uncontrolled data used in path expression
    postpone/postpone.c:411:38: 868 Uncontrolled data used in path expression
    recvcmd.c:510:34: 875 Uncontrolled data used in path expression
    recvcmd.c:629:43: 876 Uncontrolled data used in path expression
    recvcmd.c:640:22: 956 Uncontrolled data used in path expression
    recvcmd.c:701:30: 872 Uncontrolled data used in path expression
    recvcmd.c:775:35: 874 Uncontrolled data used in path expression
    recvcmd.c:1012:28: 869 Uncontrolled data used in path expression
    recvcmd.c:1104:39: 870 Uncontrolled data used in path expression
    recvcmd.c:1114:22: 955 Uncontrolled data used in path expression
    rfc3676.c:492:34: 375 Uncontrolled data used in path expression
    rfc3676.c:505:34: 873 Uncontrolled data used in path expression
    send/body.c:339:30: 911 Uncontrolled data used in path expression
    send/send.c:1502:34: 888 Uncontrolled data used in path expression
    send/send.c:1548:25: 889 Uncontrolled data used in path expression
    send/send.c:1554:29: 890 Uncontrolled data used in path expression
    send/send.c:2079:45: 380 Uncontrolled data used in path expression
    send/send.c:2087:49: 381 Uncontrolled data used in path expression
    send/send.c:2509:40: 1076 Uncontrolled data used in path expression
    send/send.c:2518:32: 884 Uncontrolled data used in path expression
    send/send.c:2999:32: 880 Uncontrolled data used in path expression
    send/sendlib.c:114:26: 913 Uncontrolled data used in path expression
    send/sendlib.c:222:38: 887 Uncontrolled data used in path expression
    send/sendlib.c:270:57: 912 Uncontrolled data used in path expression
    send/sendlib.c:289:28: 1077 Uncontrolled data used in path expression
    send/sendlib.c:339:22: 1078 Uncontrolled data used in path expression
    send/sendlib.c:475:31: 1094 Uncontrolled data used in path expression
    send/sendlib.c:856:34: 881 Uncontrolled data used in path expression
    send/sendlib.c:893:53: 882 Uncontrolled data used in path expression
    send/sendlib.c:898:62: 883 Uncontrolled data used in path expression
    send/sendlib.c:1089:30: 879 Uncontrolled data used in path expression
    send/sendmail.c:174:14: 384 Uncontrolled process operation

    send/sendmail.c:174:14: 384 Uncontrolled process operation
    mutt_config.c:357:46: 1079 Unused static variable
    send/config.c:51:46: 1080 Unused static variable

    mutt_config.c:357:46: 1079 Unused static variable
    send/config.c:51:46: 1080 Unused static variable

    expando/node_conddate.c:94:10: 1043 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9: 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9: 486 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:370:11: 321 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:384:11: 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:592:8: 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:757:8: 318 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:234:11: 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:348:8: 323 Year field changed using an arithmetic operation without checking for leap year
    expando/node_conddate.c:94:10: 1043 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9: 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9: 486 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:370:11: 321 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:384:11: 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:592:8: 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:757:8: 1114 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:234:11: 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:348:8: 323 Year field changed using an arithmetic operation without checking for leap year
  17. flatcap revised this gist May 13, 2024. 2 changed files with 195 additions and 187 deletions.
    6 changes: 4 additions & 2 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -22,18 +22,20 @@ jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.mo

    v1

    # 324 Issues
    # 334 Issues

    189 Uncontrolled data used in path expression
    194 Uncontrolled data used in path expression
    44 For loop variable changed in body
    28 Poorly documented large function
    26 Local variable address stored in non-local memory
    11 Long switch case
    9 Year field changed using an arithmetic operation without checking for leap year
    8 Missing return-value check for a 'scanf'-like function
    3 Nested loops with same variable
    2 Unused static variable
    2 File created without restricting permissions
    2 Cleartext transmission of sensitive information
    1 Uncontrolled process operation
    1 Uncontrolled data used in OS command
    1 Time-of-check time-of-use filesystem race condition

    376 changes: 191 additions & 185 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -1,11 +1,11 @@
    ncrypt/smime.c:885:11: 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:920:13: 3 Cleartext transmission of sensitive information
    ncrypt/smime.c:886:11: 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:921:13: 3 Cleartext transmission of sensitive information

    maildir/message.c:564:10: 930 File created without restricting permissions
    mh/shared.c:83:10: 691 File created without restricting permissions
    maildir/message.c:568:10: 1103 File created without restricting permissions
    mh/shared.c:86:10: 691 File created without restricting permissions

    compose/functions.c:651:9: 187 For loop variable changed in body
    compose/functions.c:663:9: 188 For loop variable changed in body
    compose/functions.c:654:9: 187 For loop variable changed in body
    compose/functions.c:666:9: 188 For loop variable changed in body
    docs/makedoc.c:241:24: 205 For loop variable changed in body
    docs/makedoc.c:263:7: 419 For loop variable changed in body
    docs/makedoc.c:572:17: 415 For loop variable changed in body
    @@ -27,52 +27,52 @@ docs/makedoc.c:996:9: 414 For loop variable changed in body
    email/parse.c:227:17: 507 For loop variable changed in body
    email/parse.c:640:5: 208 For loop variable changed in body
    email/parse.c:645:5: 209 For loop variable changed in body
    email/rfc2047.c:386:9: 1063 For loop variable changed in body
    email/rfc2047.c:385:9: 1063 For loop variable changed in body
    email/rfc2231.c:119:7: 571 For loop variable changed in body
    email/url.c:205:9: 572 For loop variable changed in body
    imap/utf7.c:119:7: 213 For loop variable changed in body
    imap/utf7.c:129:27: 214 For loop variable changed in body
    mutt/buffer.c:445:20: 932 For loop variable changed in body
    mutt/file.c:1485:28: 508 For loop variable changed in body
    mutt/file.c:1490:11: 509 For loop variable changed in body
    mutt/buffer.c:446:20: 932 For loop variable changed in body
    mutt/file.c:1488:28: 508 For loop variable changed in body
    mutt/file.c:1493:11: 509 For loop variable changed in body
    mutt/path.c:80:13: 217 For loop variable changed in body
    mutt/slist.c:203:7: 218 For loop variable changed in body
    mutt_header.c:330:13: 510 For loop variable changed in body
    ncrypt/gnupgparse.c:281:13: 223 For loop variable changed in body
    ncrypt/gnupgparse.c:287:13: 224 For loop variable changed in body
    ncrypt/gnupgparse.c:293:13: 225 For loop variable changed in body
    ncrypt/gnupgparse.c:360:20: 226 For loop variable changed in body
    mutt/slist.c:199:7: 218 For loop variable changed in body
    mutt_header.c:331:13: 510 For loop variable changed in body
    ncrypt/gnupgparse.c:282:13: 223 For loop variable changed in body
    ncrypt/gnupgparse.c:288:13: 224 For loop variable changed in body
    ncrypt/gnupgparse.c:294:13: 225 For loop variable changed in body
    ncrypt/gnupgparse.c:361:20: 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:199:7: 227 For loop variable changed in body
    ncrypt/gpgme_functions.c:216:9: 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:224:11: 573 For loop variable changed in body
    ncrypt/smime.c:443:20: 231 For loop variable changed in body
    ncrypt/smime.c:444:20: 231 For loop variable changed in body
    nntp/complete.c:66:9: 230 For loop variable changed in body
    pattern/pattern.c:120:7: 483 For loop variable changed in body

    alias/dlg_alias.c:343:3: 325 Local variable address stored in non-local memory
    alias/dlg_query.c:390:3: 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1302:3: 605 Local variable address stored in non-local memory
    browser/dlg_browser.c:1303:3: 606 Local variable address stored in non-local memory
    browser/dlg_browser.c:1301:3: 605 Local variable address stored in non-local memory
    browser/dlg_browser.c:1302:3: 606 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3: 331 Local variable address stored in non-local memory
    editor/window.c:299:3: 667 Local variable address stored in non-local memory
    email/parse.c:258:9: 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5: 336 Local variable address stored in non-local memory
    email/thread.c:112:3: 527 Local variable address stored in non-local memory
    history/dlg_history.c:156:3: 666 Local variable address stored in non-local memory
    imap/browse.c:165:3: 341 Local variable address stored in non-local memory
    imap/browse.c:277:5: 340 Local variable address stored in non-local memory
    imap/browse.c:277:5: 1100 Local variable address stored in non-local memory
    imap/command.c:687:3: 343 Local variable address stored in non-local memory
    imap/imap.c:1304:3: 344 Local variable address stored in non-local memory
    imap/imap.c:2369:3: 588 Local variable address stored in non-local memory
    mixmaster/dlg_mixmaster.c:148:3: 345 Local variable address stored in non-local memory
    mixmaster/win_chain.c:213:3: 346 Local variable address stored in non-local memory
    mixmaster/win_hosts.c:195:3: 347 Local variable address stored in non-local memory
    mutt/notify.c:210:3: 348 Local variable address stored in non-local memory
    mutt_thread.c:1065:5: 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:712:3: 609 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:706:3: 608 Local variable address stored in non-local memory
    mutt_thread.c:1064:5: 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:711:3: 609 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:705:3: 608 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:228:3: 352 Local variable address stored in non-local memory
    pager/dlg_pager.c:351:3: 353 Local variable address stored in non-local memory
    pager/dlg_pager.c:350:3: 353 Local variable address stored in non-local memory
    pattern/dlg_pattern.c:348:3: 610 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:222:3: 611 Local variable address stored in non-local memory

    @@ -81,29 +81,29 @@ docs/makedoc.c:446:7: 413 Long switch case
    docs/makedoc.c:1194:3: 412 Long switch case
    email/parse.c:687:3: 521 Long switch case
    flags.c:72:3: 575 Long switch case
    muttlib.c:151:5: 513 Long switch case
    ncrypt/gnupgparse.c:173:5: 19 Long switch case
    ncrypt/smime.c:2187:5: 20 Long switch case
    muttlib.c:138:5: 513 Long switch case
    ncrypt/gnupgparse.c:174:5: 19 Long switch case
    ncrypt/smime.c:2188:5: 20 Long switch case
    notmuch/notmuch.c:1367:3: 21 Long switch case
    pattern/compile.c:372:5: 23 Long switch case
    pattern/compile.c:935:5: 692 Long switch case
    pattern/compile.c:373:5: 23 Long switch case
    pattern/compile.c:936:5: 692 Long switch case

    mutt/date.c:766:8: 245 Missing return-value check for a 'scanf'-like function
    mutt/date.c:766:23: 246 Missing return-value check for a 'scanf'-like function
    mutt/date.c:780:18: 251 Missing return-value check for a 'scanf'-like function
    mutt/date.c:876:21: 239 Missing return-value check for a 'scanf'-like function
    mutt/date.c:878:68: 240 Missing return-value check for a 'scanf'-like function
    mutt/date.c:878:76: 241 Missing return-value check for a 'scanf'-like function
    mutt/date.c:767:8: 245 Missing return-value check for a 'scanf'-like function
    mutt/date.c:767:23: 246 Missing return-value check for a 'scanf'-like function
    mutt/date.c:781:18: 251 Missing return-value check for a 'scanf'-like function
    mutt/date.c:877:21: 239 Missing return-value check for a 'scanf'-like function
    mutt/date.c:879:68: 240 Missing return-value check for a 'scanf'-like function
    mutt/date.c:879:76: 241 Missing return-value check for a 'scanf'-like function
    pop/pop.c:574:8: 261 Missing return-value check for a 'scanf'-like function
    pop/pop.c:606:59: 264 Missing return-value check for a 'scanf'-like function

    postpone/postpone.c:225:24: 356 Nested loops with same variable
    postpone/postpone.c:260:22: 357 Nested loops with same variable
    postpone/postpone.c:297:16: 358 Nested loops with same variable
    postpone/postpone.c:226:24: 356 Nested loops with same variable
    postpone/postpone.c:261:22: 357 Nested loops with same variable
    postpone/postpone.c:298:16: 358 Nested loops with same variable

    address/address.c:480:5: 577 Poorly documented large function
    attach/recvattach.c:433:6: 693 Poorly documented large function
    browser/dlg_browser.c:839:5: 602 Poorly documented large function
    browser/dlg_browser.c:838:5: 602 Poorly documented large function
    convert/content_info.c:49:6: 285 Poorly documented large function
    docs/makedoc.c:318:12: 287 Poorly documented large function
    docs/makedoc.c:886:12: 286 Poorly documented large function
    @@ -113,57 +113,62 @@ handler.c:1129:12: 697 Poorly documented large function
    history/history.c:205:13: 290 Poorly documented large function
    index/functions.c:1347:12: 292 Poorly documented large function
    index/functions.c:1465:12: 291 Poorly documented large function
    mbox/mbox.c:182:27: 293 Poorly documented large function
    mbox/mbox.c:184:27: 293 Poorly documented large function
    mutt/filter.c:62:7: 659 Poorly documented large function
    mutt_thread.c:237:13: 294 Poorly documented large function
    ncrypt/crypt.c:1133:5: 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3492:14: 296 Poorly documented large function
    ncrypt/pgp.c:1466:7: 295 Poorly documented large function
    mutt_thread.c:236:13: 294 Poorly documented large function
    ncrypt/crypt.c:1117:5: 1104 Poorly documented large function
    ncrypt/crypt.c:1238:5: 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3534:14: 296 Poorly documented large function
    ncrypt/pgp.c:1463:7: 295 Poorly documented large function
    notmuch/notmuch.c:2231:22: 298 Poorly documented large function
    pager/pager.c:131:12: 526 Poorly documented large function
    pattern/exec.c:823:13: 299 Poorly documented large function
    pattern/exec.c:822:13: 299 Poorly documented large function
    pop/auth.c:523:5: 300 Poorly documented large function
    recvcmd.c:949:6: 694 Poorly documented large function
    send/send.c:236:12: 301 Poorly documented large function
    send/send.c:1227:12: 574 Poorly documented large function
    send/sendlib.c:453:14: 284 Poorly documented large function
    send/send.c:237:12: 301 Poorly documented large function
    send/send.c:1223:12: 574 Poorly documented large function
    send/sendlib.c:454:14: 284 Poorly documented large function
    send/smtp.c:623:12: 303 Poorly documented large function

    mutt/file.c:244:3: 6 Time-of-check time-of-use filesystem race condition
    mutt/file.c:245:3: 6 Time-of-check time-of-use filesystem race condition

    mutt/filter.c:151:36: 1098 Uncontrolled data used in OS command

    alias/alias.c:524:30: 894 Uncontrolled data used in path expression
    attach/cid.c:127:35: 727 Uncontrolled data used in path expression
    attach/cid.c:186:33: 725 Uncontrolled data used in path expression
    attach/cid.c:197:28: 726 Uncontrolled data used in path expression
    attach/mutt_attach.c:88:33: 774 Uncontrolled data used in path expression
    attach/mutt_attach.c:208:44: 772 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:34: 773 Uncontrolled data used in path expression
    attach/mutt_attach.c:489:37: 763 Uncontrolled data used in path expression
    attach/mutt_attach.c:493:46: 764 Uncontrolled data used in path expression
    attach/mutt_attach.c:545:52: 765 Uncontrolled data used in path expression
    attach/mutt_attach.c:553:40: 766 Uncontrolled data used in path expression
    attach/mutt_attach.c:628:40: 767 Uncontrolled data used in path expression
    attach/mutt_attach.c:646:41: 768 Uncontrolled data used in path expression
    attach/mutt_attach.c:650:48: 769 Uncontrolled data used in path expression
    attach/mutt_attach.c:660:46: 770 Uncontrolled data used in path expression
    attach/mutt_attach.c:718:22: 771 Uncontrolled data used in path expression
    attach/mutt_attach.c:785:36: 756 Uncontrolled data used in path expression
    attach/mutt_attach.c:798:48: 757 Uncontrolled data used in path expression
    attach/mutt_attach.c:800:36: 758 Uncontrolled data used in path expression
    attach/mutt_attach.c:823:39: 759 Uncontrolled data used in path expression
    attach/mutt_attach.c:829:48: 760 Uncontrolled data used in path expression
    attach/mutt_attach.c:837:29: 902 Uncontrolled data used in path expression
    attach/mutt_attach.c:866:22: 762 Uncontrolled data used in path expression
    attach/mutt_attach.c:996:39: 901 Uncontrolled data used in path expression
    attach/mutt_attach.c:1166:37: 748 Uncontrolled data used in path expression
    attach/mutt_attach.c:1172:46: 749 Uncontrolled data used in path expression
    attach/mutt_attach.c:1184:31: 899 Uncontrolled data used in path expression
    attach/mutt_attach.c:1220:24: 751 Uncontrolled data used in path expression
    attach/mutt_attach.c:1240:44: 752 Uncontrolled data used in path expression
    attach/mutt_attach.c:1247:31: 900 Uncontrolled data used in path expression
    attach/mutt_attach.c:1280:24: 754 Uncontrolled data used in path expression
    attach/mutt_attach.c:89:33: 774 Uncontrolled data used in path expression
    attach/mutt_attach.c:170:41: 1105 Uncontrolled data used in path expression
    attach/mutt_attach.c:209:44: 772 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:33: 1106 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:34: 773 Uncontrolled data used in path expression
    attach/mutt_attach.c:220:58: 1107 Uncontrolled data used in path expression
    attach/mutt_attach.c:490:37: 763 Uncontrolled data used in path expression
    attach/mutt_attach.c:494:46: 764 Uncontrolled data used in path expression
    attach/mutt_attach.c:547:39: 1095 Uncontrolled data used in path expression
    attach/mutt_attach.c:555:40: 766 Uncontrolled data used in path expression
    attach/mutt_attach.c:630:40: 767 Uncontrolled data used in path expression
    attach/mutt_attach.c:648:41: 768 Uncontrolled data used in path expression
    attach/mutt_attach.c:652:48: 769 Uncontrolled data used in path expression
    attach/mutt_attach.c:662:46: 770 Uncontrolled data used in path expression
    attach/mutt_attach.c:720:22: 771 Uncontrolled data used in path expression
    attach/mutt_attach.c:787:36: 756 Uncontrolled data used in path expression
    attach/mutt_attach.c:800:48: 757 Uncontrolled data used in path expression
    attach/mutt_attach.c:802:36: 758 Uncontrolled data used in path expression
    attach/mutt_attach.c:825:39: 759 Uncontrolled data used in path expression
    attach/mutt_attach.c:831:48: 760 Uncontrolled data used in path expression
    attach/mutt_attach.c:839:29: 902 Uncontrolled data used in path expression
    attach/mutt_attach.c:868:22: 762 Uncontrolled data used in path expression
    attach/mutt_attach.c:998:39: 901 Uncontrolled data used in path expression
    attach/mutt_attach.c:1074:38: 1092 Uncontrolled data used in path expression
    attach/mutt_attach.c:1168:37: 748 Uncontrolled data used in path expression
    attach/mutt_attach.c:1174:46: 749 Uncontrolled data used in path expression
    attach/mutt_attach.c:1186:31: 899 Uncontrolled data used in path expression
    attach/mutt_attach.c:1222:24: 751 Uncontrolled data used in path expression
    attach/mutt_attach.c:1242:44: 752 Uncontrolled data used in path expression
    attach/mutt_attach.c:1249:31: 900 Uncontrolled data used in path expression
    attach/mutt_attach.c:1282:24: 754 Uncontrolled data used in path expression
    attach/recvattach.c:249:46: 746 Uncontrolled data used in path expression
    attach/recvattach.c:257:22: 747 Uncontrolled data used in path expression
    attach/recvattach.c:353:46: 745 Uncontrolled data used in path expression
    @@ -185,43 +190,44 @@ attach/recvattach.c:867:28: 732 Uncontrolled data used in path expressi
    bcache/bcache.c:196:30: 729 Uncontrolled data used in path expression
    bcache/bcache.c:242:30: 728 Uncontrolled data used in path expression
    color/dump.c:455:30: 775 Uncontrolled data used in path expression
    commands.c:251:29: 781 Uncontrolled data used in path expression
    commands.c:878:34: 780 Uncontrolled data used in path expression
    commands.c:937:36: 779 Uncontrolled data used in path expression
    commands.c:1617:34: 778 Uncontrolled data used in path expression
    compose/functions.c:1488:30: 777 Uncontrolled data used in path expression
    compose/functions.c:1914:51: 776 Uncontrolled data used in path expression
    commands.c:252:29: 781 Uncontrolled data used in path expression
    commands.c:879:34: 780 Uncontrolled data used in path expression
    commands.c:938:36: 779 Uncontrolled data used in path expression
    commands.c:1624:34: 778 Uncontrolled data used in path expression
    compose/functions.c:1491:30: 777 Uncontrolled data used in path expression
    compose/functions.c:1917:51: 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24: 903 Uncontrolled data used in path expression
    docs/makedoc.c:1433:16: 363 Uncontrolled data used in path expression
    editmsg.c:187:24: 904 Uncontrolled data used in path expression
    editmsg.c:188:24: 904 Uncontrolled data used in path expression
    gui/global.c:105:30: 783 Uncontrolled data used in path expression
    handler.c:567:29: 786 Uncontrolled data used in path expression
    handler.c:661:24: 787 Uncontrolled data used in path expression
    handler.c:1374:39: 784 Uncontrolled data used in path expression
    handler.c:1429:38: 905 Uncontrolled data used in path expression
    help.c:489:26: 1064 Uncontrolled data used in path expression
    imap/imap.c:2172:29: 788 Uncontrolled data used in path expression
    imap/message.c:1152:24: 790 Uncontrolled data used in path expression
    imap/message.c:2017:31: 789 Uncontrolled data used in path expression
    imap/message.c:1151:24: 790 Uncontrolled data used in path expression
    imap/message.c:2016:31: 789 Uncontrolled data used in path expression
    key/dump.c:227:28: 791 Uncontrolled data used in path expression
    mailcap.c:523:38: 792 Uncontrolled data used in path expression
    maildir/message.c:141:28: 929 Uncontrolled data used in path expression
    main.c:1088:35: 1065 Uncontrolled data used in path expression
    main.c:1111:34: 1066 Uncontrolled data used in path expression
    main.c:1133:33: 1067 Uncontrolled data used in path expression
    main.c:1243:42: 1068 Uncontrolled data used in path expression
    main.c:1259:34: 1069 Uncontrolled data used in path expression
    mbox/mbox.c:1125:17: 795 Uncontrolled data used in path expression
    mbox/mbox.c:1259:24: 907 Uncontrolled data used in path expression
    maildir/mailbox.c:361:33: 931 Uncontrolled data used in path expression
    maildir/message.c:142:28: 929 Uncontrolled data used in path expression
    main.c:1092:35: 1065 Uncontrolled data used in path expression
    main.c:1115:34: 1066 Uncontrolled data used in path expression
    main.c:1137:33: 1067 Uncontrolled data used in path expression
    main.c:1247:42: 1068 Uncontrolled data used in path expression
    main.c:1263:34: 1069 Uncontrolled data used in path expression
    mbox/mbox.c:1127:17: 795 Uncontrolled data used in path expression
    mbox/mbox.c:1261:24: 907 Uncontrolled data used in path expression
    mutt_body.c:69:39: 797 Uncontrolled data used in path expression
    ncrypt/crypt.c:851:34: 800 Uncontrolled data used in path expression
    ncrypt/crypt.c:924:20: 801 Uncontrolled data used in path expression
    ncrypt/crypt.c:1204:46: 798 Uncontrolled data used in path expression
    ncrypt/crypt.c:1234:24: 799 Uncontrolled data used in path expression
    ncrypt/crypt.c:865:34: 800 Uncontrolled data used in path expression
    ncrypt/crypt.c:938:20: 801 Uncontrolled data used in path expression
    ncrypt/crypt.c:1309:46: 798 Uncontrolled data used in path expression
    ncrypt/crypt.c:1339:24: 799 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:426:34: 805 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:571:30: 804 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2187:42: 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2194:34: 908 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2226:42: 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2233:34: 908 Uncontrolled data used in path expression
    ncrypt/gpgme_functions.c:642:30: 1070 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32: 833 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24: 843 Uncontrolled data used in path expression
    @@ -234,65 +240,65 @@ ncrypt/pgp.c:977:34: 819 Uncontrolled data used in path expressi
    ncrypt/pgp.c:994:20: 820 Uncontrolled data used in path expression
    ncrypt/pgp.c:1047:32: 817 Uncontrolled data used in path expression
    ncrypt/pgp.c:1104:20: 818 Uncontrolled data used in path expression
    ncrypt/pgp.c:1349:34: 814 Uncontrolled data used in path expression
    ncrypt/pgp.c:1356:31: 815 Uncontrolled data used in path expression
    ncrypt/pgp.c:1442:58: 816 Uncontrolled data used in path expression
    ncrypt/pgp.c:1603:34: 812 Uncontrolled data used in path expression
    ncrypt/pgp.c:1620:28: 813 Uncontrolled data used in path expression
    ncrypt/pgp.c:1750:37: 807 Uncontrolled data used in path expression
    ncrypt/pgp.c:1795:38: 809 Uncontrolled data used in path expression
    ncrypt/pgp.c:1817:22: 810 Uncontrolled data used in path expression
    ncrypt/pgp.c:1832:20: 811 Uncontrolled data used in path expression
    ncrypt/pgp_functions.c:128:34: 806 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:279:34: 808 Uncontrolled data used in path expression
    ncrypt/smime.c:496:30: 859 Uncontrolled data used in path expression
    ncrypt/smime.c:966:28: 851 Uncontrolled data used in path expression
    ncrypt/smime.c:1000:29: 852 Uncontrolled data used in path expression
    ncrypt/smime.c:1004:22: 853 Uncontrolled data used in path expression
    ncrypt/smime.c:1016:22: 855 Uncontrolled data used in path expression
    ncrypt/smime.c:1022:20: 856 Uncontrolled data used in path expression
    ncrypt/smime.c:1044:22: 857 Uncontrolled data used in path expression
    ncrypt/smime.c:1049:22: 858 Uncontrolled data used in path expression
    ncrypt/smime.c:1077:34: 849 Uncontrolled data used in path expression
    ncrypt/smime.c:1120:22: 850 Uncontrolled data used in path expression
    ncrypt/smime.c:1184:22: 848 Uncontrolled data used in path expression
    ncrypt/smime.c:1212:34: 844 Uncontrolled data used in path expression
    ncrypt/smime.c:1243:24: 845 Uncontrolled data used in path expression
    ncrypt/smime.c:1253:24: 846 Uncontrolled data used in path expression
    ncrypt/smime.c:1266:20: 847 Uncontrolled data used in path expression
    ncrypt/smime.c:1346:28: 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1361:28: 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1395:22: 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1402:20: 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1427:22: 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1449:22: 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1455:22: 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1523:29: 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1531:34: 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1563:22: 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1588:20: 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1596:22: 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1634:22: 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1639:22: 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1721:35: 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1746:34: 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1796:20: 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1847:28: 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1868:22: 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1880:22: 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1899:20: 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2015:22: 1075 Uncontrolled data used in path expression
    nntp/newsrc.c:181:47: 371 Uncontrolled data used in path expression
    nntp/newsrc.c:186:45: 580 Uncontrolled data used in path expression
    nntp/newsrc.c:403:26: 579 Uncontrolled data used in path expression
    nntp/newsrc.c:622:30: 860 Uncontrolled data used in path expression
    nntp/nntp.c:2664:41: 861 Uncontrolled data used in path expression
    ncrypt/pgp.c:1346:34: 814 Uncontrolled data used in path expression
    ncrypt/pgp.c:1353:31: 815 Uncontrolled data used in path expression
    ncrypt/pgp.c:1439:58: 816 Uncontrolled data used in path expression
    ncrypt/pgp.c:1600:34: 812 Uncontrolled data used in path expression
    ncrypt/pgp.c:1617:28: 813 Uncontrolled data used in path expression
    ncrypt/pgp.c:1747:37: 807 Uncontrolled data used in path expression
    ncrypt/pgp.c:1792:38: 809 Uncontrolled data used in path expression
    ncrypt/pgp.c:1814:22: 810 Uncontrolled data used in path expression
    ncrypt/pgp.c:1829:20: 811 Uncontrolled data used in path expression
    ncrypt/pgp_functions.c:129:34: 806 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:280:34: 808 Uncontrolled data used in path expression
    ncrypt/smime.c:497:30: 859 Uncontrolled data used in path expression
    ncrypt/smime.c:967:28: 851 Uncontrolled data used in path expression
    ncrypt/smime.c:1001:29: 852 Uncontrolled data used in path expression
    ncrypt/smime.c:1005:22: 853 Uncontrolled data used in path expression
    ncrypt/smime.c:1017:22: 855 Uncontrolled data used in path expression
    ncrypt/smime.c:1023:20: 856 Uncontrolled data used in path expression
    ncrypt/smime.c:1045:22: 857 Uncontrolled data used in path expression
    ncrypt/smime.c:1050:22: 858 Uncontrolled data used in path expression
    ncrypt/smime.c:1078:34: 849 Uncontrolled data used in path expression
    ncrypt/smime.c:1121:22: 850 Uncontrolled data used in path expression
    ncrypt/smime.c:1185:22: 848 Uncontrolled data used in path expression
    ncrypt/smime.c:1213:34: 844 Uncontrolled data used in path expression
    ncrypt/smime.c:1244:24: 845 Uncontrolled data used in path expression
    ncrypt/smime.c:1254:24: 846 Uncontrolled data used in path expression
    ncrypt/smime.c:1267:20: 847 Uncontrolled data used in path expression
    ncrypt/smime.c:1347:28: 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1362:28: 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1396:22: 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1403:20: 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1428:22: 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1450:22: 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1456:22: 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1524:29: 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1532:34: 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1564:22: 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1589:20: 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1597:22: 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1635:22: 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1640:22: 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1722:35: 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1747:34: 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1797:20: 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1848:28: 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1869:22: 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1881:22: 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1900:20: 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2016:22: 1075 Uncontrolled data used in path expression
    nntp/newsrc.c:182:47: 371 Uncontrolled data used in path expression
    nntp/newsrc.c:187:45: 580 Uncontrolled data used in path expression
    nntp/newsrc.c:404:26: 579 Uncontrolled data used in path expression
    nntp/newsrc.c:623:30: 860 Uncontrolled data used in path expression
    nntp/nntp.c:2692:41: 861 Uncontrolled data used in path expression
    pager/functions.c:1027:29: 862 Uncontrolled data used in path expression
    pager/message.c:218:34: 863 Uncontrolled data used in path expression
    pager/message.c:264:22: 864 Uncontrolled data used in path expression
    pattern/exec.c:717:26: 865 Uncontrolled data used in path expression
    pager/message.c:219:34: 863 Uncontrolled data used in path expression
    pager/message.c:265:22: 864 Uncontrolled data used in path expression
    pattern/exec.c:716:26: 865 Uncontrolled data used in path expression
    pop/pop.c:1035:33: 867 Uncontrolled data used in path expression
    postpone/postpone.c:410:38: 868 Uncontrolled data used in path expression
    postpone/postpone.c:411:38: 868 Uncontrolled data used in path expression
    recvcmd.c:510:34: 875 Uncontrolled data used in path expression
    recvcmd.c:629:43: 876 Uncontrolled data used in path expression
    recvcmd.c:640:22: 956 Uncontrolled data used in path expression
    @@ -304,36 +310,36 @@ recvcmd.c:1114:22: 955 Uncontrolled data used in path expressi
    rfc3676.c:492:34: 375 Uncontrolled data used in path expression
    rfc3676.c:505:34: 873 Uncontrolled data used in path expression
    send/body.c:339:30: 911 Uncontrolled data used in path expression
    send/send.c:1506:34: 888 Uncontrolled data used in path expression
    send/send.c:1552:25: 889 Uncontrolled data used in path expression
    send/send.c:1558:29: 890 Uncontrolled data used in path expression
    send/send.c:2083:45: 380 Uncontrolled data used in path expression
    send/send.c:2091:49: 381 Uncontrolled data used in path expression
    send/send.c:2513:40: 1076 Uncontrolled data used in path expression
    send/send.c:2522:32: 884 Uncontrolled data used in path expression
    send/send.c:3003:32: 880 Uncontrolled data used in path expression
    send/sendlib.c:113:26: 913 Uncontrolled data used in path expression
    send/sendlib.c:221:38: 887 Uncontrolled data used in path expression
    send/sendlib.c:269:57: 912 Uncontrolled data used in path expression
    send/sendlib.c:288:28: 1077 Uncontrolled data used in path expression
    send/sendlib.c:338:22: 1078 Uncontrolled data used in path expression
    send/sendlib.c:474:24: 885 Uncontrolled data used in path expression
    send/sendlib.c:855:34: 881 Uncontrolled data used in path expression
    send/sendlib.c:892:53: 882 Uncontrolled data used in path expression
    send/sendlib.c:897:62: 883 Uncontrolled data used in path expression
    send/sendlib.c:1083:30: 879 Uncontrolled data used in path expression
    send/send.c:1502:34: 888 Uncontrolled data used in path expression
    send/send.c:1548:25: 889 Uncontrolled data used in path expression
    send/send.c:1554:29: 890 Uncontrolled data used in path expression
    send/send.c:2079:45: 380 Uncontrolled data used in path expression
    send/send.c:2087:49: 381 Uncontrolled data used in path expression
    send/send.c:2509:40: 1076 Uncontrolled data used in path expression
    send/send.c:2518:32: 884 Uncontrolled data used in path expression
    send/send.c:2999:32: 880 Uncontrolled data used in path expression
    send/sendlib.c:114:26: 913 Uncontrolled data used in path expression
    send/sendlib.c:222:38: 887 Uncontrolled data used in path expression
    send/sendlib.c:270:57: 912 Uncontrolled data used in path expression
    send/sendlib.c:289:28: 1077 Uncontrolled data used in path expression
    send/sendlib.c:339:22: 1078 Uncontrolled data used in path expression
    send/sendlib.c:475:31: 1094 Uncontrolled data used in path expression
    send/sendlib.c:856:34: 881 Uncontrolled data used in path expression
    send/sendlib.c:893:53: 882 Uncontrolled data used in path expression
    send/sendlib.c:898:62: 883 Uncontrolled data used in path expression
    send/sendlib.c:1089:30: 879 Uncontrolled data used in path expression

    send/sendmail.c:173:14: 384 Uncontrolled process operation
    send/sendmail.c:174:14: 384 Uncontrolled process operation

    mutt_config.c:356:46: 1079 Unused static variable
    mutt_config.c:357:46: 1079 Unused static variable
    send/config.c:51:46: 1080 Unused static variable

    expando/node_conddate.c:95:10: 1043 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:353:9: 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:358:9: 486 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:369:11: 321 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:383:11: 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:591:8: 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:756:8: 318 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:233:11: 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:347:8: 323 Year field changed using an arithmetic operation without checking for leap year
    expando/node_conddate.c:94:10: 1043 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:354:9: 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:359:9: 486 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:370:11: 321 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:384:11: 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:592:8: 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:757:8: 318 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:234:11: 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:348:8: 323 Year field changed using an arithmetic operation without checking for leap year
  18. flatcap revised this gist Apr 27, 2024. 1 changed file with 53 additions and 49 deletions.
    102 changes: 53 additions & 49 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -35,16 +35,16 @@ imap/utf7.c:129:27: 214 For loop variable changed in body
    mutt/buffer.c:445:20: 932 For loop variable changed in body
    mutt/file.c:1485:28: 508 For loop variable changed in body
    mutt/file.c:1490:11: 509 For loop variable changed in body
    mutt/path.c:79:13: 217 For loop variable changed in body
    mutt/path.c:80:13: 217 For loop variable changed in body
    mutt/slist.c:203:7: 218 For loop variable changed in body
    mutt_header.c:330:13: 510 For loop variable changed in body
    ncrypt/gnupgparse.c:281:13: 223 For loop variable changed in body
    ncrypt/gnupgparse.c:287:13: 224 For loop variable changed in body
    ncrypt/gnupgparse.c:293:13: 225 For loop variable changed in body
    ncrypt/gnupgparse.c:360:20: 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:198:7: 227 For loop variable changed in body
    ncrypt/gpgme_functions.c:215:9: 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:223:11: 573 For loop variable changed in body
    ncrypt/gpgme_functions.c:199:7: 227 For loop variable changed in body
    ncrypt/gpgme_functions.c:216:9: 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:224:11: 573 For loop variable changed in body
    ncrypt/smime.c:443:20: 231 For loop variable changed in body
    nntp/complete.c:66:9: 230 For loop variable changed in body
    pattern/pattern.c:120:7: 483 For loop variable changed in body
    @@ -61,16 +61,16 @@ email/thread.c:112:3: 527 Local variable address stored in non-lo
    history/dlg_history.c:156:3: 666 Local variable address stored in non-local memory
    imap/browse.c:165:3: 341 Local variable address stored in non-local memory
    imap/browse.c:277:5: 340 Local variable address stored in non-local memory
    imap/command.c:688:3: 343 Local variable address stored in non-local memory
    imap/imap.c:1303:3: 344 Local variable address stored in non-local memory
    imap/imap.c:2368:3: 588 Local variable address stored in non-local memory
    imap/command.c:687:3: 343 Local variable address stored in non-local memory
    imap/imap.c:1304:3: 344 Local variable address stored in non-local memory
    imap/imap.c:2369:3: 588 Local variable address stored in non-local memory
    mixmaster/dlg_mixmaster.c:148:3: 345 Local variable address stored in non-local memory
    mixmaster/win_chain.c:213:3: 346 Local variable address stored in non-local memory
    mixmaster/win_hosts.c:195:3: 347 Local variable address stored in non-local memory
    mutt/notify.c:210:3: 348 Local variable address stored in non-local memory
    mutt_thread.c:1065:5: 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:712:3: 609 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:698:3: 608 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:706:3: 608 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:228:3: 352 Local variable address stored in non-local memory
    pager/dlg_pager.c:351:3: 353 Local variable address stored in non-local memory
    pattern/dlg_pattern.c:348:3: 610 Local variable address stored in non-local memory
    @@ -83,7 +83,7 @@ email/parse.c:687:3: 521 Long switch case
    flags.c:72:3: 575 Long switch case
    muttlib.c:151:5: 513 Long switch case
    ncrypt/gnupgparse.c:173:5: 19 Long switch case
    ncrypt/smime.c:2186:5: 20 Long switch case
    ncrypt/smime.c:2187:5: 20 Long switch case
    notmuch/notmuch.c:1367:3: 21 Long switch case
    pattern/compile.c:372:5: 23 Long switch case
    pattern/compile.c:935:5: 692 Long switch case
    @@ -110,14 +110,14 @@ docs/makedoc.c:886:12: 286 Poorly documented large function
    enriched.c:121:13: 478 Poorly documented large function
    envelope/window.c:543:12: 427 Poorly documented large function
    handler.c:1129:12: 697 Poorly documented large function
    history/history.c:204:13: 290 Poorly documented large function
    index/functions.c:1348:12: 292 Poorly documented large function
    index/functions.c:1466:12: 291 Poorly documented large function
    history/history.c:205:13: 290 Poorly documented large function
    index/functions.c:1347:12: 292 Poorly documented large function
    index/functions.c:1465:12: 291 Poorly documented large function
    mbox/mbox.c:182:27: 293 Poorly documented large function
    mutt/filter.c:62:7: 659 Poorly documented large function
    mutt_thread.c:237:13: 294 Poorly documented large function
    ncrypt/crypt.c:1133:5: 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3488:14: 296 Poorly documented large function
    ncrypt/crypt_gpgme.c:3492:14: 296 Poorly documented large function
    ncrypt/pgp.c:1466:7: 295 Poorly documented large function
    notmuch/notmuch.c:2231:22: 298 Poorly documented large function
    pager/pager.c:131:12: 526 Poorly documented large function
    @@ -128,10 +128,11 @@ send/send.c:236:12: 301 Poorly documented large function
    send/send.c:1227:12: 574 Poorly documented large function
    send/sendlib.c:453:14: 284 Poorly documented large function
    send/smtp.c:623:12: 303 Poorly documented large function
    version.c:393:6: 696 Poorly documented large function

    mutt/file.c:244:3: 6 Time-of-check time-of-use filesystem race condition

    mutt/filter.c:151:36: 1098 Uncontrolled data used in OS command

    alias/alias.c:524:30: 894 Uncontrolled data used in path expression
    attach/cid.c:127:35: 727 Uncontrolled data used in path expression
    attach/cid.c:186:33: 725 Uncontrolled data used in path expression
    @@ -181,13 +182,13 @@ attach/recvattach.c:679:22: 738 Uncontrolled data used in path expressi
    attach/recvattach.c:849:50: 730 Uncontrolled data used in path expression
    attach/recvattach.c:858:37: 895 Uncontrolled data used in path expression
    attach/recvattach.c:867:28: 732 Uncontrolled data used in path expression
    bcache/bcache.c:191:30: 729 Uncontrolled data used in path expression
    bcache/bcache.c:237:30: 728 Uncontrolled data used in path expression
    bcache/bcache.c:196:30: 729 Uncontrolled data used in path expression
    bcache/bcache.c:242:30: 728 Uncontrolled data used in path expression
    color/dump.c:455:30: 775 Uncontrolled data used in path expression
    commands.c:251:29: 781 Uncontrolled data used in path expression
    commands.c:858:34: 780 Uncontrolled data used in path expression
    commands.c:917:36: 779 Uncontrolled data used in path expression
    commands.c:1597:34: 778 Uncontrolled data used in path expression
    commands.c:878:34: 780 Uncontrolled data used in path expression
    commands.c:937:36: 779 Uncontrolled data used in path expression
    commands.c:1617:34: 778 Uncontrolled data used in path expression
    compose/functions.c:1488:30: 777 Uncontrolled data used in path expression
    compose/functions.c:1914:51: 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24: 903 Uncontrolled data used in path expression
    @@ -199,9 +200,9 @@ handler.c:661:24: 787 Uncontrolled data used in path expressi
    handler.c:1374:39: 784 Uncontrolled data used in path expression
    handler.c:1429:38: 905 Uncontrolled data used in path expression
    help.c:489:26: 1064 Uncontrolled data used in path expression
    imap/imap.c:2171:29: 788 Uncontrolled data used in path expression
    imap/imap.c:2172:29: 788 Uncontrolled data used in path expression
    imap/message.c:1152:24: 790 Uncontrolled data used in path expression
    imap/message.c:2016:31: 789 Uncontrolled data used in path expression
    imap/message.c:2017:31: 789 Uncontrolled data used in path expression
    key/dump.c:227:28: 791 Uncontrolled data used in path expression
    mailcap.c:523:38: 792 Uncontrolled data used in path expression
    maildir/message.c:141:28: 929 Uncontrolled data used in path expression
    @@ -218,10 +219,10 @@ ncrypt/crypt.c:924:20: 801 Uncontrolled data used in path expressi
    ncrypt/crypt.c:1204:46: 798 Uncontrolled data used in path expression
    ncrypt/crypt.c:1234:24: 799 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:426:34: 805 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:569:30: 804 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2183:42: 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2190:34: 908 Uncontrolled data used in path expression
    ncrypt/gpgme_functions.c:641:30: 1070 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:571:30: 804 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2187:42: 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2194:34: 908 Uncontrolled data used in path expression
    ncrypt/gpgme_functions.c:642:30: 1070 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32: 833 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24: 843 Uncontrolled data used in path expression
    ncrypt/pgp.c:776:22: 854 Uncontrolled data used in path expression
    @@ -259,33 +260,33 @@ ncrypt/smime.c:1212:34: 844 Uncontrolled data used in path expressi
    ncrypt/smime.c:1243:24: 845 Uncontrolled data used in path expression
    ncrypt/smime.c:1253:24: 846 Uncontrolled data used in path expression
    ncrypt/smime.c:1266:20: 847 Uncontrolled data used in path expression
    ncrypt/smime.c:1345:28: 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1360:28: 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1394:22: 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1401:20: 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1426:22: 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1448:22: 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1454:22: 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1522:29: 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1530:34: 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1562:22: 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1587:20: 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1595:22: 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1633:22: 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1638:22: 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1720:35: 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1745:34: 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1795:20: 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1846:28: 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1867:22: 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1879:22: 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1898:20: 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2014:22: 1075 Uncontrolled data used in path expression
    ncrypt/smime.c:1346:28: 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1361:28: 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1395:22: 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1402:20: 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1427:22: 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1449:22: 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1455:22: 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1523:29: 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1531:34: 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1563:22: 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1588:20: 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1596:22: 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1634:22: 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1639:22: 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1721:35: 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1746:34: 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1796:20: 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1847:28: 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1868:22: 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1880:22: 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1899:20: 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2015:22: 1075 Uncontrolled data used in path expression
    nntp/newsrc.c:181:47: 371 Uncontrolled data used in path expression
    nntp/newsrc.c:186:45: 580 Uncontrolled data used in path expression
    nntp/newsrc.c:403:26: 579 Uncontrolled data used in path expression
    nntp/newsrc.c:632:30: 860 Uncontrolled data used in path expression
    nntp/nntp.c:2644:41: 861 Uncontrolled data used in path expression
    nntp/newsrc.c:622:30: 860 Uncontrolled data used in path expression
    nntp/nntp.c:2664:41: 861 Uncontrolled data used in path expression
    pager/functions.c:1027:29: 862 Uncontrolled data used in path expression
    pager/message.c:218:34: 863 Uncontrolled data used in path expression
    pager/message.c:264:22: 864 Uncontrolled data used in path expression
    @@ -324,6 +325,9 @@ send/sendlib.c:1083:30: 879 Uncontrolled data used in path expressi

    send/sendmail.c:173:14: 384 Uncontrolled process operation

    mutt_config.c:356:46: 1079 Unused static variable
    send/config.c:51:46: 1080 Unused static variable

    expando/node_conddate.c:95:10: 1043 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:353:9: 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:358:9: 486 Year field changed using an arithmetic operation without checking for leap year
  19. flatcap created this gist Apr 11, 2024.
    39 changes: 39 additions & 0 deletions README.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,39 @@
    Issues:
    https://github.com/neomutt/neomutt/security/code-scanning

    How to use gh api:
    https://docs.github.com/en/rest/code-scanning/code-scanning?apiVersion=2022-11-28#list-code-scanning-alerts-for-a-repository

    # Download 4 pages of 100 issues

    gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=1" | json_reformat > s1.json
    gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=2" | json_reformat > s2.json
    gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=3" | json_reformat > s3.json
    gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=4" | json_reformat > s4.json

    # Export some fields

    jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column' s1.json > l1
    jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column' s2.json > l2
    jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column' s3.json > l3
    jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column' s4.json > l4

    # vim quickfix list

    v1

    # 324 Issues

    189 Uncontrolled data used in path expression
    44 For loop variable changed in body
    28 Poorly documented large function
    26 Local variable address stored in non-local memory
    11 Long switch case
    9 Year field changed using an arithmetic operation without checking for leap year
    8 Missing return-value check for a 'scanf'-like function
    3 Nested loops with same variable
    2 File created without restricting permissions
    2 Cleartext transmission of sensitive information
    1 Uncontrolled process operation
    1 Time-of-check time-of-use filesystem race condition

    335 changes: 335 additions & 0 deletions v1
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,335 @@
    ncrypt/smime.c:885:11: 2 Cleartext transmission of sensitive information
    ncrypt/smime.c:920:13: 3 Cleartext transmission of sensitive information

    maildir/message.c:564:10: 930 File created without restricting permissions
    mh/shared.c:83:10: 691 File created without restricting permissions

    compose/functions.c:651:9: 187 For loop variable changed in body
    compose/functions.c:663:9: 188 For loop variable changed in body
    docs/makedoc.c:241:24: 205 For loop variable changed in body
    docs/makedoc.c:263:7: 419 For loop variable changed in body
    docs/makedoc.c:572:17: 415 For loop variable changed in body
    docs/makedoc.c:577:17: 416 For loop variable changed in body
    docs/makedoc.c:761:19: 417 For loop variable changed in body
    docs/makedoc.c:766:19: 418 For loop variable changed in body
    docs/makedoc.c:917:7: 189 For loop variable changed in body
    docs/makedoc.c:922:7: 190 For loop variable changed in body
    docs/makedoc.c:928:7: 191 For loop variable changed in body
    docs/makedoc.c:934:7: 192 For loop variable changed in body
    docs/makedoc.c:940:7: 193 For loop variable changed in body
    docs/makedoc.c:946:7: 194 For loop variable changed in body
    docs/makedoc.c:957:7: 195 For loop variable changed in body
    docs/makedoc.c:968:7: 196 For loop variable changed in body
    docs/makedoc.c:975:7: 197 For loop variable changed in body
    docs/makedoc.c:979:9: 198 For loop variable changed in body
    docs/makedoc.c:989:11: 199 For loop variable changed in body
    docs/makedoc.c:996:9: 414 For loop variable changed in body
    email/parse.c:227:17: 507 For loop variable changed in body
    email/parse.c:640:5: 208 For loop variable changed in body
    email/parse.c:645:5: 209 For loop variable changed in body
    email/rfc2047.c:386:9: 1063 For loop variable changed in body
    email/rfc2231.c:119:7: 571 For loop variable changed in body
    email/url.c:205:9: 572 For loop variable changed in body
    imap/utf7.c:119:7: 213 For loop variable changed in body
    imap/utf7.c:129:27: 214 For loop variable changed in body
    mutt/buffer.c:445:20: 932 For loop variable changed in body
    mutt/file.c:1485:28: 508 For loop variable changed in body
    mutt/file.c:1490:11: 509 For loop variable changed in body
    mutt/path.c:79:13: 217 For loop variable changed in body
    mutt/slist.c:203:7: 218 For loop variable changed in body
    mutt_header.c:330:13: 510 For loop variable changed in body
    ncrypt/gnupgparse.c:281:13: 223 For loop variable changed in body
    ncrypt/gnupgparse.c:287:13: 224 For loop variable changed in body
    ncrypt/gnupgparse.c:293:13: 225 For loop variable changed in body
    ncrypt/gnupgparse.c:360:20: 226 For loop variable changed in body
    ncrypt/gpgme_functions.c:198:7: 227 For loop variable changed in body
    ncrypt/gpgme_functions.c:215:9: 228 For loop variable changed in body
    ncrypt/gpgme_functions.c:223:11: 573 For loop variable changed in body
    ncrypt/smime.c:443:20: 231 For loop variable changed in body
    nntp/complete.c:66:9: 230 For loop variable changed in body
    pattern/pattern.c:120:7: 483 For loop variable changed in body

    alias/dlg_alias.c:343:3: 325 Local variable address stored in non-local memory
    alias/dlg_query.c:390:3: 326 Local variable address stored in non-local memory
    browser/dlg_browser.c:1302:3: 605 Local variable address stored in non-local memory
    browser/dlg_browser.c:1303:3: 606 Local variable address stored in non-local memory
    conn/dlg_verifycert.c:191:3: 331 Local variable address stored in non-local memory
    editor/window.c:299:3: 667 Local variable address stored in non-local memory
    email/parse.c:258:9: 334 Local variable address stored in non-local memory
    email/rfc2231.c:234:5: 336 Local variable address stored in non-local memory
    email/thread.c:112:3: 527 Local variable address stored in non-local memory
    history/dlg_history.c:156:3: 666 Local variable address stored in non-local memory
    imap/browse.c:165:3: 341 Local variable address stored in non-local memory
    imap/browse.c:277:5: 340 Local variable address stored in non-local memory
    imap/command.c:688:3: 343 Local variable address stored in non-local memory
    imap/imap.c:1303:3: 344 Local variable address stored in non-local memory
    imap/imap.c:2368:3: 588 Local variable address stored in non-local memory
    mixmaster/dlg_mixmaster.c:148:3: 345 Local variable address stored in non-local memory
    mixmaster/win_chain.c:213:3: 346 Local variable address stored in non-local memory
    mixmaster/win_hosts.c:195:3: 347 Local variable address stored in non-local memory
    mutt/notify.c:210:3: 348 Local variable address stored in non-local memory
    mutt_thread.c:1065:5: 349 Local variable address stored in non-local memory
    ncrypt/dlg_gpgme.c:712:3: 609 Local variable address stored in non-local memory
    ncrypt/dlg_pgp.c:698:3: 608 Local variable address stored in non-local memory
    ncrypt/dlg_smime.c:228:3: 352 Local variable address stored in non-local memory
    pager/dlg_pager.c:351:3: 353 Local variable address stored in non-local memory
    pattern/dlg_pattern.c:348:3: 610 Local variable address stored in non-local memory
    postpone/dlg_postpone.c:222:3: 611 Local variable address stored in non-local memory

    docs/makedoc.c:324:3: 12 Long switch case
    docs/makedoc.c:446:7: 413 Long switch case
    docs/makedoc.c:1194:3: 412 Long switch case
    email/parse.c:687:3: 521 Long switch case
    flags.c:72:3: 575 Long switch case
    muttlib.c:151:5: 513 Long switch case
    ncrypt/gnupgparse.c:173:5: 19 Long switch case
    ncrypt/smime.c:2186:5: 20 Long switch case
    notmuch/notmuch.c:1367:3: 21 Long switch case
    pattern/compile.c:372:5: 23 Long switch case
    pattern/compile.c:935:5: 692 Long switch case

    mutt/date.c:766:8: 245 Missing return-value check for a 'scanf'-like function
    mutt/date.c:766:23: 246 Missing return-value check for a 'scanf'-like function
    mutt/date.c:780:18: 251 Missing return-value check for a 'scanf'-like function
    mutt/date.c:876:21: 239 Missing return-value check for a 'scanf'-like function
    mutt/date.c:878:68: 240 Missing return-value check for a 'scanf'-like function
    mutt/date.c:878:76: 241 Missing return-value check for a 'scanf'-like function
    pop/pop.c:574:8: 261 Missing return-value check for a 'scanf'-like function
    pop/pop.c:606:59: 264 Missing return-value check for a 'scanf'-like function

    postpone/postpone.c:225:24: 356 Nested loops with same variable
    postpone/postpone.c:260:22: 357 Nested loops with same variable
    postpone/postpone.c:297:16: 358 Nested loops with same variable

    address/address.c:480:5: 577 Poorly documented large function
    attach/recvattach.c:433:6: 693 Poorly documented large function
    browser/dlg_browser.c:839:5: 602 Poorly documented large function
    convert/content_info.c:49:6: 285 Poorly documented large function
    docs/makedoc.c:318:12: 287 Poorly documented large function
    docs/makedoc.c:886:12: 286 Poorly documented large function
    enriched.c:121:13: 478 Poorly documented large function
    envelope/window.c:543:12: 427 Poorly documented large function
    handler.c:1129:12: 697 Poorly documented large function
    history/history.c:204:13: 290 Poorly documented large function
    index/functions.c:1348:12: 292 Poorly documented large function
    index/functions.c:1466:12: 291 Poorly documented large function
    mbox/mbox.c:182:27: 293 Poorly documented large function
    mutt/filter.c:62:7: 659 Poorly documented large function
    mutt_thread.c:237:13: 294 Poorly documented large function
    ncrypt/crypt.c:1133:5: 695 Poorly documented large function
    ncrypt/crypt_gpgme.c:3488:14: 296 Poorly documented large function
    ncrypt/pgp.c:1466:7: 295 Poorly documented large function
    notmuch/notmuch.c:2231:22: 298 Poorly documented large function
    pager/pager.c:131:12: 526 Poorly documented large function
    pattern/exec.c:823:13: 299 Poorly documented large function
    pop/auth.c:523:5: 300 Poorly documented large function
    recvcmd.c:949:6: 694 Poorly documented large function
    send/send.c:236:12: 301 Poorly documented large function
    send/send.c:1227:12: 574 Poorly documented large function
    send/sendlib.c:453:14: 284 Poorly documented large function
    send/smtp.c:623:12: 303 Poorly documented large function
    version.c:393:6: 696 Poorly documented large function

    mutt/file.c:244:3: 6 Time-of-check time-of-use filesystem race condition

    alias/alias.c:524:30: 894 Uncontrolled data used in path expression
    attach/cid.c:127:35: 727 Uncontrolled data used in path expression
    attach/cid.c:186:33: 725 Uncontrolled data used in path expression
    attach/cid.c:197:28: 726 Uncontrolled data used in path expression
    attach/mutt_attach.c:88:33: 774 Uncontrolled data used in path expression
    attach/mutt_attach.c:208:44: 772 Uncontrolled data used in path expression
    attach/mutt_attach.c:219:34: 773 Uncontrolled data used in path expression
    attach/mutt_attach.c:489:37: 763 Uncontrolled data used in path expression
    attach/mutt_attach.c:493:46: 764 Uncontrolled data used in path expression
    attach/mutt_attach.c:545:52: 765 Uncontrolled data used in path expression
    attach/mutt_attach.c:553:40: 766 Uncontrolled data used in path expression
    attach/mutt_attach.c:628:40: 767 Uncontrolled data used in path expression
    attach/mutt_attach.c:646:41: 768 Uncontrolled data used in path expression
    attach/mutt_attach.c:650:48: 769 Uncontrolled data used in path expression
    attach/mutt_attach.c:660:46: 770 Uncontrolled data used in path expression
    attach/mutt_attach.c:718:22: 771 Uncontrolled data used in path expression
    attach/mutt_attach.c:785:36: 756 Uncontrolled data used in path expression
    attach/mutt_attach.c:798:48: 757 Uncontrolled data used in path expression
    attach/mutt_attach.c:800:36: 758 Uncontrolled data used in path expression
    attach/mutt_attach.c:823:39: 759 Uncontrolled data used in path expression
    attach/mutt_attach.c:829:48: 760 Uncontrolled data used in path expression
    attach/mutt_attach.c:837:29: 902 Uncontrolled data used in path expression
    attach/mutt_attach.c:866:22: 762 Uncontrolled data used in path expression
    attach/mutt_attach.c:996:39: 901 Uncontrolled data used in path expression
    attach/mutt_attach.c:1166:37: 748 Uncontrolled data used in path expression
    attach/mutt_attach.c:1172:46: 749 Uncontrolled data used in path expression
    attach/mutt_attach.c:1184:31: 899 Uncontrolled data used in path expression
    attach/mutt_attach.c:1220:24: 751 Uncontrolled data used in path expression
    attach/mutt_attach.c:1240:44: 752 Uncontrolled data used in path expression
    attach/mutt_attach.c:1247:31: 900 Uncontrolled data used in path expression
    attach/mutt_attach.c:1280:24: 754 Uncontrolled data used in path expression
    attach/recvattach.c:249:46: 746 Uncontrolled data used in path expression
    attach/recvattach.c:257:22: 747 Uncontrolled data used in path expression
    attach/recvattach.c:353:46: 745 Uncontrolled data used in path expression
    attach/recvattach.c:415:45: 744 Uncontrolled data used in path expression
    attach/recvattach.c:506:51: 897 Uncontrolled data used in path expression
    attach/recvattach.c:507:68: 898 Uncontrolled data used in path expression
    attach/recvattach.c:568:44: 739 Uncontrolled data used in path expression
    attach/recvattach.c:573:24: 740 Uncontrolled data used in path expression
    attach/recvattach.c:581:24: 741 Uncontrolled data used in path expression
    attach/recvattach.c:615:36: 733 Uncontrolled data used in path expression
    attach/recvattach.c:629:36: 734 Uncontrolled data used in path expression
    attach/recvattach.c:649:39: 735 Uncontrolled data used in path expression
    attach/recvattach.c:652:48: 736 Uncontrolled data used in path expression
    attach/recvattach.c:660:29: 896 Uncontrolled data used in path expression
    attach/recvattach.c:679:22: 738 Uncontrolled data used in path expression
    attach/recvattach.c:849:50: 730 Uncontrolled data used in path expression
    attach/recvattach.c:858:37: 895 Uncontrolled data used in path expression
    attach/recvattach.c:867:28: 732 Uncontrolled data used in path expression
    bcache/bcache.c:191:30: 729 Uncontrolled data used in path expression
    bcache/bcache.c:237:30: 728 Uncontrolled data used in path expression
    color/dump.c:455:30: 775 Uncontrolled data used in path expression
    commands.c:251:29: 781 Uncontrolled data used in path expression
    commands.c:858:34: 780 Uncontrolled data used in path expression
    commands.c:917:36: 779 Uncontrolled data used in path expression
    commands.c:1597:34: 778 Uncontrolled data used in path expression
    compose/functions.c:1488:30: 777 Uncontrolled data used in path expression
    compose/functions.c:1914:51: 776 Uncontrolled data used in path expression
    convert/content_info.c:218:24: 903 Uncontrolled data used in path expression
    docs/makedoc.c:1433:16: 363 Uncontrolled data used in path expression
    editmsg.c:187:24: 904 Uncontrolled data used in path expression
    gui/global.c:105:30: 783 Uncontrolled data used in path expression
    handler.c:567:29: 786 Uncontrolled data used in path expression
    handler.c:661:24: 787 Uncontrolled data used in path expression
    handler.c:1374:39: 784 Uncontrolled data used in path expression
    handler.c:1429:38: 905 Uncontrolled data used in path expression
    help.c:489:26: 1064 Uncontrolled data used in path expression
    imap/imap.c:2171:29: 788 Uncontrolled data used in path expression
    imap/message.c:1152:24: 790 Uncontrolled data used in path expression
    imap/message.c:2016:31: 789 Uncontrolled data used in path expression
    key/dump.c:227:28: 791 Uncontrolled data used in path expression
    mailcap.c:523:38: 792 Uncontrolled data used in path expression
    maildir/message.c:141:28: 929 Uncontrolled data used in path expression
    main.c:1088:35: 1065 Uncontrolled data used in path expression
    main.c:1111:34: 1066 Uncontrolled data used in path expression
    main.c:1133:33: 1067 Uncontrolled data used in path expression
    main.c:1243:42: 1068 Uncontrolled data used in path expression
    main.c:1259:34: 1069 Uncontrolled data used in path expression
    mbox/mbox.c:1125:17: 795 Uncontrolled data used in path expression
    mbox/mbox.c:1259:24: 907 Uncontrolled data used in path expression
    mutt_body.c:69:39: 797 Uncontrolled data used in path expression
    ncrypt/crypt.c:851:34: 800 Uncontrolled data used in path expression
    ncrypt/crypt.c:924:20: 801 Uncontrolled data used in path expression
    ncrypt/crypt.c:1204:46: 798 Uncontrolled data used in path expression
    ncrypt/crypt.c:1234:24: 799 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:426:34: 805 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:569:30: 804 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2183:42: 802 Uncontrolled data used in path expression
    ncrypt/crypt_gpgme.c:2190:34: 908 Uncontrolled data used in path expression
    ncrypt/gpgme_functions.c:641:30: 1070 Uncontrolled data used in path expression
    ncrypt/pgp.c:544:32: 833 Uncontrolled data used in path expression
    ncrypt/pgp.c:722:24: 843 Uncontrolled data used in path expression
    ncrypt/pgp.c:776:22: 854 Uncontrolled data used in path expression
    ncrypt/pgp.c:816:42: 823 Uncontrolled data used in path expression
    ncrypt/pgp.c:823:34: 909 Uncontrolled data used in path expression
    ncrypt/pgp.c:907:34: 821 Uncontrolled data used in path expression
    ncrypt/pgp.c:957:20: 822 Uncontrolled data used in path expression
    ncrypt/pgp.c:977:34: 819 Uncontrolled data used in path expression
    ncrypt/pgp.c:994:20: 820 Uncontrolled data used in path expression
    ncrypt/pgp.c:1047:32: 817 Uncontrolled data used in path expression
    ncrypt/pgp.c:1104:20: 818 Uncontrolled data used in path expression
    ncrypt/pgp.c:1349:34: 814 Uncontrolled data used in path expression
    ncrypt/pgp.c:1356:31: 815 Uncontrolled data used in path expression
    ncrypt/pgp.c:1442:58: 816 Uncontrolled data used in path expression
    ncrypt/pgp.c:1603:34: 812 Uncontrolled data used in path expression
    ncrypt/pgp.c:1620:28: 813 Uncontrolled data used in path expression
    ncrypt/pgp.c:1750:37: 807 Uncontrolled data used in path expression
    ncrypt/pgp.c:1795:38: 809 Uncontrolled data used in path expression
    ncrypt/pgp.c:1817:22: 810 Uncontrolled data used in path expression
    ncrypt/pgp.c:1832:20: 811 Uncontrolled data used in path expression
    ncrypt/pgp_functions.c:128:34: 806 Uncontrolled data used in path expression
    ncrypt/pgpkey.c:279:34: 808 Uncontrolled data used in path expression
    ncrypt/smime.c:496:30: 859 Uncontrolled data used in path expression
    ncrypt/smime.c:966:28: 851 Uncontrolled data used in path expression
    ncrypt/smime.c:1000:29: 852 Uncontrolled data used in path expression
    ncrypt/smime.c:1004:22: 853 Uncontrolled data used in path expression
    ncrypt/smime.c:1016:22: 855 Uncontrolled data used in path expression
    ncrypt/smime.c:1022:20: 856 Uncontrolled data used in path expression
    ncrypt/smime.c:1044:22: 857 Uncontrolled data used in path expression
    ncrypt/smime.c:1049:22: 858 Uncontrolled data used in path expression
    ncrypt/smime.c:1077:34: 849 Uncontrolled data used in path expression
    ncrypt/smime.c:1120:22: 850 Uncontrolled data used in path expression
    ncrypt/smime.c:1184:22: 848 Uncontrolled data used in path expression
    ncrypt/smime.c:1212:34: 844 Uncontrolled data used in path expression
    ncrypt/smime.c:1243:24: 845 Uncontrolled data used in path expression
    ncrypt/smime.c:1253:24: 846 Uncontrolled data used in path expression
    ncrypt/smime.c:1266:20: 847 Uncontrolled data used in path expression
    ncrypt/smime.c:1345:28: 836 Uncontrolled data used in path expression
    ncrypt/smime.c:1360:28: 837 Uncontrolled data used in path expression
    ncrypt/smime.c:1394:22: 838 Uncontrolled data used in path expression
    ncrypt/smime.c:1401:20: 839 Uncontrolled data used in path expression
    ncrypt/smime.c:1426:22: 840 Uncontrolled data used in path expression
    ncrypt/smime.c:1448:22: 841 Uncontrolled data used in path expression
    ncrypt/smime.c:1454:22: 842 Uncontrolled data used in path expression
    ncrypt/smime.c:1522:29: 828 Uncontrolled data used in path expression
    ncrypt/smime.c:1530:34: 829 Uncontrolled data used in path expression
    ncrypt/smime.c:1562:22: 830 Uncontrolled data used in path expression
    ncrypt/smime.c:1587:20: 831 Uncontrolled data used in path expression
    ncrypt/smime.c:1595:22: 832 Uncontrolled data used in path expression
    ncrypt/smime.c:1633:22: 834 Uncontrolled data used in path expression
    ncrypt/smime.c:1638:22: 835 Uncontrolled data used in path expression
    ncrypt/smime.c:1720:35: 825 Uncontrolled data used in path expression
    ncrypt/smime.c:1745:34: 910 Uncontrolled data used in path expression
    ncrypt/smime.c:1795:20: 827 Uncontrolled data used in path expression
    ncrypt/smime.c:1846:28: 1071 Uncontrolled data used in path expression
    ncrypt/smime.c:1867:22: 1072 Uncontrolled data used in path expression
    ncrypt/smime.c:1879:22: 1073 Uncontrolled data used in path expression
    ncrypt/smime.c:1898:20: 1074 Uncontrolled data used in path expression
    ncrypt/smime.c:2014:22: 1075 Uncontrolled data used in path expression
    nntp/newsrc.c:181:47: 371 Uncontrolled data used in path expression
    nntp/newsrc.c:186:45: 580 Uncontrolled data used in path expression
    nntp/newsrc.c:403:26: 579 Uncontrolled data used in path expression
    nntp/newsrc.c:632:30: 860 Uncontrolled data used in path expression
    nntp/nntp.c:2644:41: 861 Uncontrolled data used in path expression
    pager/functions.c:1027:29: 862 Uncontrolled data used in path expression
    pager/message.c:218:34: 863 Uncontrolled data used in path expression
    pager/message.c:264:22: 864 Uncontrolled data used in path expression
    pattern/exec.c:717:26: 865 Uncontrolled data used in path expression
    pop/pop.c:1035:33: 867 Uncontrolled data used in path expression
    postpone/postpone.c:410:38: 868 Uncontrolled data used in path expression
    recvcmd.c:510:34: 875 Uncontrolled data used in path expression
    recvcmd.c:629:43: 876 Uncontrolled data used in path expression
    recvcmd.c:640:22: 956 Uncontrolled data used in path expression
    recvcmd.c:701:30: 872 Uncontrolled data used in path expression
    recvcmd.c:775:35: 874 Uncontrolled data used in path expression
    recvcmd.c:1012:28: 869 Uncontrolled data used in path expression
    recvcmd.c:1104:39: 870 Uncontrolled data used in path expression
    recvcmd.c:1114:22: 955 Uncontrolled data used in path expression
    rfc3676.c:492:34: 375 Uncontrolled data used in path expression
    rfc3676.c:505:34: 873 Uncontrolled data used in path expression
    send/body.c:339:30: 911 Uncontrolled data used in path expression
    send/send.c:1506:34: 888 Uncontrolled data used in path expression
    send/send.c:1552:25: 889 Uncontrolled data used in path expression
    send/send.c:1558:29: 890 Uncontrolled data used in path expression
    send/send.c:2083:45: 380 Uncontrolled data used in path expression
    send/send.c:2091:49: 381 Uncontrolled data used in path expression
    send/send.c:2513:40: 1076 Uncontrolled data used in path expression
    send/send.c:2522:32: 884 Uncontrolled data used in path expression
    send/send.c:3003:32: 880 Uncontrolled data used in path expression
    send/sendlib.c:113:26: 913 Uncontrolled data used in path expression
    send/sendlib.c:221:38: 887 Uncontrolled data used in path expression
    send/sendlib.c:269:57: 912 Uncontrolled data used in path expression
    send/sendlib.c:288:28: 1077 Uncontrolled data used in path expression
    send/sendlib.c:338:22: 1078 Uncontrolled data used in path expression
    send/sendlib.c:474:24: 885 Uncontrolled data used in path expression
    send/sendlib.c:855:34: 881 Uncontrolled data used in path expression
    send/sendlib.c:892:53: 882 Uncontrolled data used in path expression
    send/sendlib.c:897:62: 883 Uncontrolled data used in path expression
    send/sendlib.c:1083:30: 879 Uncontrolled data used in path expression

    send/sendmail.c:173:14: 384 Uncontrolled process operation

    expando/node_conddate.c:95:10: 1043 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:353:9: 319 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:358:9: 486 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:369:11: 321 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:383:11: 322 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:591:8: 522 Year field changed using an arithmetic operation without checking for leap year
    mutt/date.c:756:8: 318 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:233:11: 324 Year field changed using an arithmetic operation without checking for leap year
    pattern/compile.c:347:8: 323 Year field changed using an arithmetic operation without checking for leap year