2022年5月28日 星期六

[研究]Greenbone GSM Trial 21.04.15 VM (OpenVAS/GCE) 弱點掃描工具虛擬機器

[研究]Greenbone GSM Trial  21.04.15 VM (OpenVAS/GCE) 弱點掃描工具虛擬機器

2022-05-28

下載網址

Greenbone Enterprise TRIAL - Greenbone Networks
https://www.greenbone.net/en/testnow/

下載得到 GSM-TRIAL-21.04.15-VMware-Workstation.ova,1.54 GB (1,663,293,440 位元組)






















(完)

相關

[研究]Greenbone GSM Trial  21.04.15 VM (OpenVAS/GCE) 弱點掃描工具虛擬機器
https://shaurong.blogspot.com/2022/05/greenbone-gsm-trial-210415-vm-openvasgce.html

[研究]GVM / OpenVAS 21.4弱點掃描工具安裝(atomic)(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/gvm-openvas-214atomiccentos-stream-8.html

[研究]OpenVAS 21.4弱點掃描工具安裝(Fedora 35)
https://shaurong.blogspot.com/2022/05/openvas-214fedora-35.html

[研究]OpenVAS 21.4安裝(yum) gvm-setup 詳細資訊(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/openvas-214yum-gvm-setup-centos-stream-8.html

[研究] OpenVAS 21.4弱點掃描工具安裝(yum)(CentOS Stream 8)
https://shaurong.blogspot.com/2022/05/openvas-214yumcentos-stream-8.html

[研究] GSM Community Edition v4.2.17 (含 OpenVAS-9) 會掃描的網站路徑https://shaurong.blogspot.com/2018/06/gsm-community-edition-v4217-openvas-9_22.html

[研究] GSM Community Edition v4.2.17 (含 OpenVAS-9) .iso 安裝與試用
http://shaurong.blogspot.com/2018/06/gsm-community-edition-v4217-openvas-9.html

Greenbone Warning: SecInfo Database Missing
https://secinfo.greenbone.net/help/cpes.html?r=1&token=guest

OpenVAS SecInfo Database Missing
http://www.anjing.me/wiki/index.php?title=Openvas#SecInfo_Database_Missing

[研究] OpenVAS 9 安裝與使用(yum)(CentOS 7.5 x64)
http://shaurong.blogspot.com/2018/06/openvas-9-yumcentos-75-x64.html

[研究] OpenVAS 9 (iso)安裝
http://shaurong.blogspot.com/2017/06/openvas-9.html

[研究] OpenVAS-8 DEMO Virtual Appliance 1.0 安裝
http://shaurong.blogspot.com/2015/05/openvas-8-demo-virtual-appliance-10.html

[研究] OpenVAS-7 DEMO Virtual Appliance 2.4 安裝
http://shaurong.blogspot.com/2015/03/openvas-7-demo-virtual-appliance-24.html

[研究] OpenVAS 7 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/11/openvas-7-yumcentos-70-x64.html

[研究] OpenVAS 6 安裝與使用(yum)(CentOS 7.0 x64)
http://shaurong.blogspot.com/2014/08/openvas-6-yumcentos-70-x64.html

[研究] OpenVAS 6.0 beta 5 安裝與使用(yum)(Fedora 20 x64)
http://shaurong.blogspot.com/2014/02/openvas-60-beta-5-yumfedora-20-x64.html

[研究] OpenVAS 安裝與使用(yum)(CentOS 6.5 x64)
http://shaurong.blogspot.com/2014/01/openvas-yumcentos-65-x64.html

[研究][ASP.NET]ELMAH 1.2 SP2 Web.Config 範例

[研究][ASP.NET]ELMAH 1.2 SP2 Web.Config 範例

2022-05-27

ELMAH - Wikipedia
https://en.wikipedia.org/wiki/ELMAH
ELMAH是用於ASP.NET Web服務的開源調試工具。當添加到機器上正在運行的Web應用程序中時,引發的異常將觸發ELMAH工具中的事件處理程序。這些事件處理程序可以包括日誌記錄到各種數據庫後端,可以從Web門戶查看的日誌記錄,以及發送通知電子郵件,推文和RSS文章以向管理員建議問題。

官方網站
https://elmah.github.io/


ELMAH-1.2-sp2-sample-web.config
來源:https://code.google.com/archive/p/elmah/downloads

xxxxx
<?xml version="1.0" encoding="utf-8"?>
<configuration>

    <configSections>
        <sectionGroup name="elmah">
            <!-- NOTE! If you are using ASP.NET 1.x then remove the
                 requirePermission="false" attribute from the section
                 elements below as those are only needed for
                 partially trusted applications in ASP.NET 2.0 -->
            <section name="security" requirePermission="false" type="Elmah.SecuritySectionHandler, Elmah" />
            <section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah" />
            <section name="errorMail" requirePermission="false" type="Elmah.ErrorMailSectionHandler, Elmah" />
            <section name="errorFilter" requirePermission="false" type="Elmah.ErrorFilterSectionHandler, Elmah" />
            <section name="errorTweet" requirePermission="false" type="Elmah.ErrorTweetSectionHandler, Elmah" />
        </sectionGroup>
    </configSections>

    <elmah>
    
        <security allowRemoteAccess="0" />

        <!--
            Use to log errors to Microsoft SQL Server 2000 or later
            using ASP.NET 2.0. Set value of connectionStringName attribute
            to the name of the connection string settings to use from
            the <connectionStrings> section.
        
        <errorLog type="Elmah.SqlErrorLog, Elmah" 
            connectionStringName="..." />
        -->

        <!--
            Use to log errors to Microsoft SQL Server 2000 or later
            using ASP.NET 1.x and adjust the value of connectionString 
            attribute to your settings.

        <errorLog type="Elmah.SqlErrorLog, Elmah" 
            connectionString="Data Source=.;Initial Catalog=ELMAH;Trusted_Connection=True" />
        -->

        <!--
            Use to log errors to MySQL 5.0+. Set value of 
            connectionStringName attribute to the name of the connection 
            string settings to use from the <connectionStrings> section.

        <errorLog type="Elmah.MySqlErrorLog, Elmah" 
            connectionString="..." />
        -->

     <!--
             Use to log errors to a SQL Server Compact 4 database file 
             (requires .NET 3.5 SP1). Set value of connectionStringName 
             attribute to the name of the connection string settings to use 
             from the <connectionStrings> section.
    
          <errorLog type="Elmah.SqlServerCompactErrorLog, Elmah" connectionStringName="..." />

             The format of the connection string should be as follows:
    
          <connectionStrings>
            <add name="..." connectionString="data source=[path to the database file]" />
          </connectionStrings>
    
            Replace the content of the brackets with a file path, for 
            example:
    
          data source=C:\Elmah.sdf
    
             If the database file doesn't exist it is created automatically.
             You can also place the file in the App_Data folder, by using 
             the |DataDirectory| macro:
    
          <connectionStrings>
             <add name="..." connectionString="data source=|DataDirectory|\Elmah.sdf" />
          </connectionStrings>

      -->

      <!--
            Use to log errors to SQLite using ASP.NET 2.0. Set value of 
            connectionStringName attribute to the name of the connection 
            string settings to use from the <connectionStrings> section.
            
        <errorLog type="Elmah.SQLiteErrorLog, Elmah" connectionStringName="..." />
        
            The format of the connection string should be as follows:
            
        <connectionStrings>
          <add name="..." connectionString="data source=[path to the database file]" />
        </connectionStrings>
            
            Replace the content of the brackets with a file path, 
            for example:
            
        data source=C:\Elmah.db
            
            If the database file doesn't exist it is created automatically.
            To specify a path relative to and below the application root, 
            start with the root operator (~) followed by a forward slash 
            (/), as it is common in ASP.NET applications. For example:
            
        data source=~/App_Data/Error.db
        -->

        <!--
            Use to log errors into separate XML files that are stored on 
            disk at the path specified in the logPath attribute.

        <errorLog type="Elmah.XmlFileErrorLog, Elmah" logPath="..." />
        -->

        <!--
            Use to log errors to Oracle using ASP.NET 2.0. Set value of 
            connectionStringName attribute to the name of the connection 
            string settings to use from the <connectionStrings> section.
        
            The schemaOwner parameter is *optional*. Use this if the owner 
            of the ELMAH package (pkg_elmah$error) is not the same user that 
            you are using to connect to the database.
            
        <errorLog type="Elmah.OracleErrorLog, Elmah" 
            schemaOwner="xxx" />
            connectionStringName="..." />
        -->

        <!--
            Use to log errors to Oracle using ASP.NET 1.1 and adjust the 
            value of connectionString attribute to your settings.

            The schemaOwner parameter is *optional*. Use this if the owner 
            of the ELMAH package (pkg_elmah$error) is not the same user that 
            you are using to connect to the database.

        <errorLog type="Elmah.OracleErrorLog, Elmah" 
            schemaOwner="xxx" />
            connectionString="Data Source=xxxx;User ID=username;Password=password" />
        -->

        <!--
            Use to log errors to Microsoft Access using ASP.NET 1.x and 
            adjust the value of connectionString attribute to your settings.
            Use Elmah.mdb as your database.

        <errorLog type="Elmah.AccessErrorLog, Elmah" 
            connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|Elmah.mdb" />
        -->

        <!--
            Use to log errors to Microsoft Access using ASP.NET 2.0. Set 
            value of connectionStringName attribute to the name of the 
            connection string settings to use from the <connectionStrings> 
            section. Use Elmah.mdb as your database.
        
        <errorLog type="Elmah.AccessErrorLog, Elmah" 
            connectionStringName="..." />
        -->
    
    <!--
            Use to log errors to PostgresSQL using ASP.NET 2.0. Set value of 
            connectionString to a valid Npgsql connection string.
        
        <errorLog type="Elmah.PgsqlErrorLog, Elmah" 
            connectionString="Server=...;Port=...;Database=...;User Id=...;Password=...;" />
        -->

        <!--
            Use to send error reports by e-mail and adjust the attributes
            according to settings desired. Note that only the from and
            to attributes are required. The rest are optional and may
            be removed. If the SMTP server does not require authentication,
            you MUST remove the userName and password attributes or
            set them to empty values (resulting in zero-length strings).
            If you are using ELMAH compiled for .NET Framework 1.x, then
            the to attribute may contain multiple recipient addresses,
            each of which must be delimited by a semi-colon (;). If you are 
            using ELMAH compiled for .NET Framework 2.0 or later, then the
            to attribute may contain multiple recipient addresses,
            each of which must be delimited by a comma (,).

        <errorMail 
            from="elmah@example.com" 
            to="admin@example.com" 
            subject="..."
            priority="Low|Normal|High"
            async="true|false"
            smtpPort="25"
            smtpServer="smtp.example.com" 
            useSsl="true|false"
            userName="johndoe"
            password="secret" 
            noYsod="true|false" />
        -->

        <!--
            Use to send short error messages to a Twitter account.
        <errorTweet 
            userName="johndoe" 
            password="secret" />
        -->

        <!--
            Use to prevent errors from being mailed or logged based on
            assertions. An assertion evaluates the current context, 
            resulting in a Boolean outcome. An error is filtered if the 
            assertion results in true. For a more detailed explanation, see:
            
            http://code.google.com/p/elmah/wiki/ErrorFiltering
            
            The example below will filter errors when any of the
            following conditions occur:
            
            - The status code is set to 404 
            - The root/base cause is System.IO.FileNotFoundException
            - The root/base cause is System.Web.HttpRequestValidationException
            - The user agent making the request identifies itself as "crawler"
            - The request is from the local machine
            
            The assertion below is expressed as a JScript expression and is 
            the most generic and simplest of the assertions to use if you 
            are familiar with the JavaScript language. It can work in Medium 
            and Full trust environments.
            
            NOTE: For versions of ELMAH 1.2 SP1 and earlier, use the 
            undocumented `$context` instead of `$` in the expression below 
            to workaround a bug when the expression is evaluated under full 
            trust environments. See issue #278[1] for more details.            
            
            [1] http://code.google.com/p/elmah/issues/detail?id=278

        <errorFilter>
            <test>
                <jscript>
                    <expression>
                    <![CDATA[
                    // @assembly mscorlib
                    // @assembly System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
                    // @import System.IO
                    // @import System.Web

                    $.HttpStatusCode == 404
                    || $.BaseException instanceof FileNotFoundException 
                    || $.BaseException instanceof HttpRequestValidationException
                    /* Using RegExp below (see http://msdn.microsoft.com/en-us/library/h6e2eb7w.aspx) */
                    || $.Context.Request.UserAgent.match(/crawler/i)                      
                    || $.Context.Request.ServerVariables['REMOTE_ADDR'] == '127.0.0.1' // IPv4 only
                    ]]>
                    </expression>
                </jscript>
            </test>
        </errorFilter>
        -->

    </elmah>

    <system.web>

        <httpModules>
            
            <!-- 
                Uncomment the entry below if all of the following are true: 
                1) you are using wildcard mapping in IIS 5.x
                2) you are not using .NET 1.0
                3) you are experiencing HTTP 404 errors when trying to view
                   elmah.axd or elmah.axd/detail?id=* etc
            -->
            <!--<add name="FixIIS5xWildcardMapping" type="Elmah.FixIIS5xWildcardMappingModule, Elmah" />-->

            <!-- 
                Uncomment the entry below if you are using MS AJAX v1.0.x.x
                and want to capture errors during Partial Postbacks
                NB This is not required for the version of AJAX shipped with 
                .NET Framework v3.5!
            -->
            <!--<add name="MsAjaxDeltaErrorLog" type="Elmah.MsAjaxDeltaErrorLogModule, Elmah" />-->

            <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" />
        
            <!-- 
                Uncomment the entries below if error mail reporting and 
                filtering is desired.
            -->
            
            <!--<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" />-->
            <!--<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" />-->
            <!--<add name="ErrorTweet" type="Elmah.ErrorTweetModule, Elmah" />-->

        </httpModules>
        
    </system.web>

    <!-- 
        The <system.webServer> section is required for running ELMAH under 
        Internet Information Services (IIS) 7. It is not necessary for 
        previous version of IIS.
        
        In general, it would be best to include it for all .NET Framework 
        2.0 and above configurations in order to have a more portable 
        solution between various versions of IIS.

        IIS 5.x, IIS 6 require the modules and handlers to be declared in 
        <system.web> whereas IIS 7 needs them declared here and complains if 
        they are in fact declared in <system.web>. Fortunately, the
        <validation validateIntegratedModeConfiguration="false" /> entry 
        tells IIS 7 not to worry about the modules and handlers declared in 
        <system.web>.
        
        If you only ever want to use IIS 7, then do the following:
        
        1. Remove handlers and modules from <system.web>
        2. Remove the <validation validateIntegratedModeConfiguration="false" /> element
    -->

    <system.webServer>
        <validation validateIntegratedModeConfiguration="false" />
        <modules>
            <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" />
            <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" />
            <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" />
            <add name="ErrorTweet" type="Elmah.ErrorTweetModule, Elmah" preCondition="managedHandler" />
        </modules>
    </system.webServer>

    <!-- 
        This entry provides the UI for the error log at elmah.axd below the 
        application path. For example, if your domain is www.example.com and 
        your application is at the root, then you can view the error log by
        visiting the following URL:
                
        http://www.example.com/elmah.axd

        IMPORTANT! To secure this location, consult the following notes:
                
        http://code.google.com/p/elmah/wiki/SecuringErrorLogPages
    -->

    <location path="elmah.axd">  
        <system.web>
            <httpHandlers>
                <add verb="POST,GET,HEAD" 
                     path="elmah.axd" 
                     type="Elmah.ErrorLogPageFactory, Elmah" />
            </httpHandlers>
            <!-- 
                The following entry denies unauthenticated users access to 
                the path from where ELMAH's handlers are accessible. If you 
                have role-based security implemented, you SHOULD consider 
                instead allowing access by a particular role (for example, 
                operators and administrators).
        
                IMPORTANT: If you change the path of the handler then you 
                MUST also change the path in the containing location tag 
                to be the same.

                For more information, see:
                http://code.google.com/p/elmah/wiki/SecuringErrorLogPages
            -->
            <authorization>
                <deny users="?" />  
            </authorization>  
        </system.web>
        <system.webServer>
            <handlers>
                <add name="ELMAH" 
                     verb="POST,GET,HEAD"
                     path="elmah.axd" 
                     type="Elmah.ErrorLogPageFactory, Elmah"
                     preCondition="integratedMode" />
            </handlers>
        </system.webServer>
    </location>  

</configuration>


下面,errorFilter過濾404錯誤

https://code.google.com/archive/p/elmah/wikis/ErrorFiltering.wiki

<elmah> 
    ... 
    <errorFilter> 
        <test> 
            <equal binding="HttpStatusCode" value="404" type="Int32" /> 
        </test> 
    </errorFilter> 
</elmah>

errorFilter範例
https://elmah.github.io/a/error-filtering/
https://elmah.github.io/a/error-filtering/examples/

留做參考。

(完)


2022年5月27日 星期五

[研究] Nikto2 v2.1.6 - Web Server Scanner 安裝與使用 (CentOS Stream 9)

 [研究] Nikto2 v2.1.6 - Web Server Scanner 安裝與使用 (CentOS Stream 9)

2022-05-27

Nikto - 維基百科,自由的百科全書
https://zh.wikipedia.org/wiki/Nikto

Nikto2 是 Web Server Scanner。

Nikto是一款開源的(GPL)網頁伺服器掃描器,它可以對網頁伺服器進行全面的多種掃描,包含超過3300種有潛在危險的文件/CGIs;超過625種伺服器版本;超過230種特定伺服器問題。掃描項和插件可以自動更新(如果需要)。基於Whisker/libwhisker完成其底層功能。這是一款非常棒的工具,但其軟體本身並不經常更新,最新和最危險的可能檢測不到。

官方網站
http://www.cirt.net/nikto2

Nikto 最新為 v2.1.6 版,釋出時間 2015-07-09。
CentOS Stream 9 Linux 預設 yum 不提供 Nikto安裝,就算安裝了 epel-release 後也如此。
參考官方用 Git 安裝,然後自己安裝 perl 套件 
https://github.com/sullo/nikto

[user1@localhost ~]$ sudo yum info nikto
Last metadata expiration check: 0:00:33 ago on Fri 27 May 2022 08:22:46 PM CST.
Error: No matching Packages to list
[user1@localhost ~]$ 

[user1@localhost ~]$ sudo yum -y install epel-release
Last metadata expiration check: 0:01:28 ago on Fri 27 May 2022 08:22:46 PM CST.
Dependencies resolved.
================================================================================
 Package                 Architecture Version         Repository           Size
================================================================================
Installing:
 epel-release            noarch       9-2.el9         extras-common        17 k
Installing weak dependencies:
 epel-next-release       noarch       9-2.el9         extras-common       8.1 k

Transaction Summary
================================================================================
Install  2 Packages

Total download size: 25 k
Installed size: 26 k
Downloading Packages:
(1/2): epel-next-release-9-2.el9.noarch.rpm      44 kB/s | 8.1 kB     00:00    
(2/2): epel-release-9-2.el9.noarch.rpm           80 kB/s |  17 kB     00:00    
--------------------------------------------------------------------------------
Total                                           9.1 kB/s |  25 kB     00:02     
CentOS Stream 9 - Extras packages               2.1 MB/s | 2.1 kB     00:00    
Importing GPG key 0x1D997668:
 Userid     : "CentOS Extras SIG (https://wiki.centos.org/SpecialInterestGroup) <security@centos.org>"
 Fingerprint: 363F C097 2F64 B699 AED3 968E 1FF6 A217 1D99 7668
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : epel-release-9-2.el9.noarch                            1/2 
  Installing       : epel-next-release-9-2.el9.noarch                       2/2 
  Running scriptlet: epel-next-release-9-2.el9.noarch                       2/2 
  Verifying        : epel-next-release-9-2.el9.noarch                       1/2 
  Verifying        : epel-release-9-2.el9.noarch                            2/2 

Installed:
  epel-next-release-9-2.el9.noarch          epel-release-9-2.el9.noarch         

Complete!
[user1@localhost ~]$ sudo yum -y install epel-release
Extra Packages for Enterprise Linux 9 - x86_64  698 kB/s | 6.4 MB     00:09    
Extra Packages for Enterprise Linux 9 - Next -  571 kB/s | 1.3 MB     00:02    
Last metadata expiration check: 0:00:02 ago on Fri 27 May 2022 08:24:35 PM CST.
Package epel-release-9-2.el9.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[user1@localhost ~]$ sudo yum info nikto
Last metadata expiration check: 0:00:10 ago on Fri 27 May 2022 08:24:35 PM CST.
Error: No matching Packages to list
[user1@localhost ~]$ 


user1@localhost ~]$ git clone https://github.com/sullo/nikto
bash: git: command not found...
Install package 'git-core' to provide command 'git'? [N/y] y


 * Waiting in queue... 
The following packages have to be installed:
 git-core-2.31.1-2.el9.2.x86_64	Core package of git with minimal functionality
Proceed with changes? [N/y] y


 * Waiting in queue... 
 * Waiting for authentication... 
 * Waiting in queue... 
 * Downloading packages... 
 * Requesting data... 
 * Testing changes... 
 * Installing packages... 
Cloning into 'nikto'...
remote: Enumerating objects: 6973, done.
remote: Counting objects: 100% (984/984), done.
remote: Compressing objects: 100% (290/290), done.
remote: Total 6973 (delta 724), reused 921 (delta 693), pack-reused 5989
Receiving objects: 100% (6973/6973), 4.65 MiB | 7.81 MiB/s, done.
Resolving deltas: 100% (5041/5041), done.

[user1@localhost ~]$ cd nikto/program
[user1@localhost program]$ ./nikto.pl -h 192.168.128.140
ERROR: Required module not found: Net::hostent
ERROR: Required module not found: Time::HiRes qw(sleep ualarm gettimeofday tv_interval)
[user1@localhost program]$ perl ./nikto.pl -h 192.168.128.140
ERROR: Required module not found: Net::hostent
ERROR: Required module not found: Time::HiRes qw(sleep ualarm gettimeofday tv_interval)
[user1@localhost program]$ sudo yum -y install perl

測試

先自己用  sudo  yum  -y  install  httpd 安裝 Web Server

用  sudo  service  httpd  restart 啟動,開始測試自己
  (-h 參數表示目的主機;某些版本測自己會出現 Permission denied,測別台才行。)

[user1@localhost program]$ ./nikto.pl -h 192.168.128.140
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.128.140
+ Target Hostname:    192.168.128.140
+ Target Port:        80
+ Start Time:         2022-05-27 20:49:16 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.4.51 (CentOS Stream)
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type.
+ Allowed HTTP Methods: OPTIONS, HEAD, GET, POST, TRACE 
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 8916 requests: 0 error(s) and 6 item(s) reported on remote host
+ End Time:           2022-05-27 20:49:32 (GMT8) (16 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested


      *********************************************************************
      Portions of the server's headers (Apache/2.4.51) are not in
      the Nikto 2.1.6 database or are newer than the known string. Would you like
      to submit this information (*no server specific data*) to CIRT.net
      for a Nikto update (or you may email to sullo@cirt.net) (y/n)? n

[user1@localhost program]$

參數說明

[user1@localhost program]$ ./nikto.pl -Help

   Options:
       -ask+               Whether to ask about submitting updates
                               yes   Ask about each (default)
                               no    Don't ask, don't send
                               auto  Don't ask, just send
       -Cgidirs+           Scan these CGI dirs: "none", "all", or values like "/cgi/ /cgi-a/"
       -config+            Use this config file
       -Display+           Turn on/off display outputs:
                               1     Show redirects
                               2     Show cookies received
                               3     Show all 200/OK responses
                               4     Show URLs which require authentication
                               D     Debug output
                               E     Display all HTTP errors
                               P     Print progress to STDOUT
                               S     Scrub output of IPs and hostnames
                               V     Verbose output
       -dbcheck           Check database and other key files for syntax errors
       -evasion+          Encoding technique:
                               1     Random URI encoding (non-UTF8)
                               2     Directory self-reference (/./)
                               3     Premature URL ending
                               4     Prepend long random string
                               5     Fake parameter
                               6     TAB as request spacer
                               7     Change the case of the URL
                               8     Use Windows directory separator (\)
                               A     Use a carriage return (0x0d) as a request spacer
                               B     Use binary value 0x0b as a request spacer
       -Format+           Save file (-o) format:
                               csv   Comma-separated-value
                               json  JSON Format
                               htm   HTML Format
                               nbe   Nessus NBE format
                               sql   Generic SQL (see docs for schema)
                               txt   Plain text
                               xml   XML Format
                               (if not specified the format will be taken from the file extension passed to -output)
       -Help              This help information
       -host+             Target host/URL
       -404code           Ignore these HTTP codes as negative responses (always). Format is "302,301".
       -404string         Ignore this string in response body content as negative response (always). Can be a regular expression.
       -id+               Host authentication to use, format is id:pass or id:pass:realm
       -key+              Client certificate key file
       -list-plugins      List all available plugins, perform no testing
       -maxtime+          Maximum testing time per host (e.g., 1h, 60m, 3600s)
       -mutate+           Guess additional file names:
                               1     Test all files with all root directories
                               2     Guess for password file names
                               3     Enumerate user names via Apache (/~user type requests)
                               4     Enumerate user names via cgiwrap (/cgi-bin/cgiwrap/~user type requests)
                               5     Attempt to brute force sub-domain names, assume that the host name is the parent domain
                               6     Attempt to guess directory names from the supplied dictionary file
       -mutate-options    Provide information for mutates
       -nointeractive     Disables interactive features
       -nolookup          Disables DNS lookups
       -nossl             Disables the use of SSL
       -no404             Disables nikto attempting to guess a 404 page
       -Option            Over-ride an option in nikto.conf, can be issued multiple times
       -output+           Write output to this file ('.' for auto-name)
       -Pause+            Pause between tests (seconds)
       -Plugins+          List of plugins to run (default: ALL)
       -port+             Port to use (default 80)
       -RSAcert+          Client certificate file
       -root+             Prepend root value to all requests, format is /directory
       -Save              Save positive responses to this directory ('.' for auto-name)
       -ssl               Force ssl mode on port
       -Tuning+           Scan tuning:
                               1     Interesting File / Seen in logs
                               2     Misconfiguration / Default File
                               3     Information Disclosure
                               4     Injection (XSS/Script/HTML)
                               5     Remote File Retrieval - Inside Web Root
                               6     Denial of Service
                               7     Remote File Retrieval - Server Wide
                               8     Command Execution / Remote Shell
                               9     SQL Injection
                               0     File Upload
                               a     Authentication Bypass
                               b     Software Identification
                               c     Remote Source Inclusion
                               d     WebService
                               e     Administrative Console
                               x     Reverse Tuning Options (i.e., include all except specified)
       -timeout+          Timeout for requests (default 10 seconds)
       -Userdbs           Load only user databases, not the standard databases
                               all   Disable standard dbs and load only user dbs
                               tests Disable only db_tests and load udb_tests
       -useragent         Over-rides the default useragent
       -until             Run until the specified time or duration
       -update            Update databases and plugins from CIRT.net
       -url+              Target host/URL (alias of -host)
       -useproxy          Use the proxy defined in nikto.conf, or argument http://server:port
       -Version           Print plugin and database versions
       -vhost+            Virtual host (for Host header)
   		+ requires a value

[user1@localhost program]$ 



(完)

參考
[研究] Nikto2 v2.1.6 - Web Server Scanner 安裝與使用 (CentOS Stream 9)
https://shaurong.blogspot.com/2022/05/nikto2-v216-web-server-scanner-centos.html

[研究] Nikto2 v2.1.6 - Web Server Scanner 安裝與使用 (Fedora 36 x64_86)
https://shaurong.blogspot.com/2022/05/nikto2-v216-web-server-scanner-fedora.html

[研究] Nikto2 v2.1.5 安裝與使用 (CentOS 7.0 x64_86)
http://shaurong.blogspot.tw/2014/08/nikto2-v215-centos-70-x6486.html

[研究] Nikto2 v2.1.5 安裝與使用 (CentOS 6.3 x86)
http://shaurong.blogspot.tw/2012/12/nikto2-v215-centos-63-x86.html

[研究] Nikto2 v2.1.4 安裝與使用 (Fedora 15 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20385

[研究] Nikto2 v2.1.4 Web Scanner 安裝與使用 (CentOS 6.0 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?p=63655

[研究] Nikto2 v2.1.6 - Web Server Scanner 安裝與使用 (Fedora 36 x64_86)

[研究] Nikto2 v2.1.6 - Web Server Scanner 安裝與使用 (Fedora 36 x64_86)

2022-05-27

Nikto - 維基百科,自由的百科全書
https://zh.wikipedia.org/wiki/Nikto

Nikto2 是 Web Server Scanner。

Nikto是一款開源的(GPL)網頁伺服器掃描器,它可以對網頁伺服器進行全面的多種掃描,包含超過3300種有潛在危險的文件/CGIs;超過625種伺服器版本;超過230種特定伺服器問題。掃描項和插件可以自動更新(如果需要)。基於Whisker/libwhisker完成其底層功能。這是一款非常棒的工具,但其軟體本身並不經常更新,最新和最危險的可能檢測不到。

官方網站
http://www.cirt.net/nikto2

Nikto 最新為 v2.1.6 版,釋出時間 2015-07-09。

[user1@fedora ~]$ sudo yum info nikto
Last metadata expiration check: 0:32:14 ago on Fri 27 May 2022 09:15:54 AM CST.
Available Packages
Name         : nikto
Epoch        : 1
Version      : 2.1.6
Release      : 10.fc36
Architecture : noarch
Size         : 332 k
Source       : nikto-2.1.6-10.fc36.src.rpm
Repository   : fedora
Summary      : Web server scanner
URL          : https://www.cirt.net/Nikto2
License      : GPLv2+ and Redistributable, no modification permitted
Description  : Nikto is a web server scanner which performs comprehensive tests against web
             : servers for multiple items, including over 3300 potentially dangerous
             : files/CGIs, versions on over 625 servers, and version specific problems
             : on over 230 servers. Scan items and plugins are frequently updated and
             : can be automatically updated (if desired).

[user1@fedora ~]$

安裝

[user1@fedora ~]$ sudo yum install -y  nikto
Last metadata expiration check: 0:32:48 ago on Fri 27 May 2022 09:15:54 AM CST.
Dependencies resolved.
============================================================================================================
 Package                       Architecture       Version                         Repository           Size
============================================================================================================
Installing:
 nikto                         noarch             1:2.1.6-10.fc36                 fedora              332 k
Installing dependencies:
 nmap                          x86_64             3:7.92-1.fc36                   fedora              5.5 M
 perl-JSON-PP                  noarch             1:4.07-2.fc36                   fedora               66 k
 perl-Math-BigInt              noarch             1:1.9998.30-1.fc36              updates             199 k
 perl-Math-BigRat              noarch             0.2622-1.fc36                   updates              41 k
 perl-Math-Complex             noarch             1.59-486.fc36                   fedora               52 k
 perl-Time-HiRes               x86_64             4:1.9767-480.fc36               fedora               57 k
 perl-bignum                   noarch             0.65-1.fc36                     updates              50 k
 perl-libwhisker2              noarch             2.5-33.fc36                     fedora               88 k

Transaction Summary
============================================================================================================
Install  9 Packages

Total download size: 6.3 M
Installed size: 27 M
Downloading Packages:
(1/9): nikto-2.1.6-10.fc36.noarch.rpm                                       390 kB/s | 332 kB     00:00    
(2/9): perl-JSON-PP-4.07-2.fc36.noarch.rpm                                   67 kB/s |  66 kB     00:00    
(3/9): perl-Math-Complex-1.59-486.fc36.noarch.rpm                           315 kB/s |  52 kB     00:00    
(4/9): perl-Time-HiRes-1.9767-480.fc36.x86_64.rpm                           298 kB/s |  57 kB     00:00    
(5/9): perl-libwhisker2-2.5-33.fc36.noarch.rpm                              397 kB/s |  88 kB     00:00    
(6/9): perl-Math-BigRat-0.2622-1.fc36.noarch.rpm                            262 kB/s |  41 kB     00:00    
(7/9): perl-Math-BigInt-1.9998.30-1.fc36.noarch.rpm                         711 kB/s | 199 kB     00:00    
(8/9): perl-bignum-0.65-1.fc36.noarch.rpm                                   842 kB/s |  50 kB     00:00    
(9/9): nmap-7.92-1.fc36.x86_64.rpm                                          1.4 MB/s | 5.5 MB     00:03    
------------------------------------------------------------------------------------------------------------
Total                                                                       1.0 MB/s | 6.3 MB     00:06     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                    1/1 
  Installing       : perl-Math-Complex-1.59-486.fc36.noarch                                             1/9 
  Installing       : perl-Math-BigInt-1:1.9998.30-1.fc36.noarch                                         2/9 
  Installing       : perl-JSON-PP-1:4.07-2.fc36.noarch                                                  3/9 
  Installing       : perl-Math-BigRat-0.2622-1.fc36.noarch                                              4/9 
  Installing       : perl-bignum-0.65-1.fc36.noarch                                                     5/9 
  Installing       : perl-libwhisker2-2.5-33.fc36.noarch                                                6/9 
  Installing       : perl-Time-HiRes-4:1.9767-480.fc36.x86_64                                           7/9 
  Installing       : nmap-3:7.92-1.fc36.x86_64                                                          8/9 
  Installing       : nikto-1:2.1.6-10.fc36.noarch                                                       9/9 
  Running scriptlet: nikto-1:2.1.6-10.fc36.noarch                                                       9/9 
  Verifying        : nikto-1:2.1.6-10.fc36.noarch                                                       1/9 
  Verifying        : nmap-3:7.92-1.fc36.x86_64                                                          2/9 
  Verifying        : perl-JSON-PP-1:4.07-2.fc36.noarch                                                  3/9 
  Verifying        : perl-Math-Complex-1.59-486.fc36.noarch                                             4/9 
  Verifying        : perl-Time-HiRes-4:1.9767-480.fc36.x86_64                                           5/9 
  Verifying        : perl-libwhisker2-2.5-33.fc36.noarch                                                6/9 
  Verifying        : perl-Math-BigInt-1:1.9998.30-1.fc36.noarch                                         7/9 
  Verifying        : perl-Math-BigRat-0.2622-1.fc36.noarch                                              8/9 
  Verifying        : perl-bignum-0.65-1.fc36.noarch                                                     9/9 

Installed:
  nikto-1:2.1.6-10.fc36.noarch                        nmap-3:7.92-1.fc36.x86_64                            
  perl-JSON-PP-1:4.07-2.fc36.noarch                   perl-Math-BigInt-1:1.9998.30-1.fc36.noarch           
  perl-Math-BigRat-0.2622-1.fc36.noarch               perl-Math-Complex-1.59-486.fc36.noarch               
  perl-Time-HiRes-4:1.9767-480.fc36.x86_64            perl-bignum-0.65-1.fc36.noarch                       
  perl-libwhisker2-2.5-33.fc36.noarch                

Complete!
[user1@fedora ~]$

2.1.5版的nikto.pl,在2.1.6沒有看到了。

[user1@fedora bin]$ sudo find / -name nikto -print
find: ‘/run/user/1000/doc’: Permission denied
find: ‘/run/user/1000/gvfs’: Permission denied
/etc/nikto
/usr/bin/nikto
/usr/share/doc/nikto
/usr/share/licenses/nikto
/usr/share/nikto
[user1@fedora bin]$ 

參數說明

[user1@fedora ~]$ nikto -h 
Option host requires an argument

       -config+            Use this config file
       -Display+           Turn on/off display outputs
       -dbcheck            check database and other key files for syntax errors
       -Format+            save file (-o) format
       -Help               Extended help information
       -host+              target host
       -id+                Host authentication to use, format is id:pass or id:pass:realm
       -list-plugins       List all available plugins
       -output+            Write output to this file
       -nossl              Disables using SSL
       -no404              Disables 404 checks
       -Plugins+           List of plugins to run (default: ALL)
       -port+              Port to use (default 80)
       -root+              Prepend root value to all requests, format is /directory 
       -ssl                Force ssl mode on port
       -Tuning+            Scan tuning
       -timeout+           Timeout for requests (default 10 seconds)
       -update             Update databases and plugins from CIRT.net
       -Version            Print plugin and database versions
       -vhost+             Virtual host (for Host header)
   		+ requires a value

	Note: This is the short help output. Use -H for full help text.

[user1@fedora ~]$

測試一下自己這台  (-h 參數表示目的主機;某些版本測自己會出現 Permission denied,測別台才行。)

[user1@fedora ~]$ nikto -h 192.168.128.130
- ***** RFIURL is not defined in nikto.conf--no RFI tests will run *****
- Nikto v2.1.6
---------------------------------------------------------------------------
+ Target IP:          192.168.128.130
+ Target Hostname:    192.168.128.130
+ Target Port:        80
+ Start Time:         2022-05-27 09:54:31 (GMT8)
---------------------------------------------------------------------------
+ Server: Apache/2.4.53 (Fedora Linux)
+ Server leaks inodes via ETags, header found with file /, fields: 0x211a 0x5db4c92a77a00 
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ Allowed HTTP Methods: GET, POST, OPTIONS, HEAD, TRACE 
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST

+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3268: /icons/: Directory indexing found.
+ OSVDB-3233: /icons/README: Apache default file found.
+ 5896 requests: 0 error(s) and 9 item(s) reported on remote host
+ End Time:           2022-05-27 09:54:42 (GMT8) (11 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested


      *********************************************************************
      Portions of the server's headers (Apache/2.4.53) are not in
      the Nikto database or are newer than the known string. Would you like
      to submit this information (*no server specific data*) to CIRT.net
      for a Nikto update (or you may email to sullo@cirt.net) (y/n)? n

[user1@fedora ~]$ 



(完)

參考

[研究] Nikto2 v2.1.6 - Web Server Scanner 安裝與使用 (Fedora 36 x64_86)
https://shaurong.blogspot.com/2022/05/nikto2-v216-web-server-scanner-fedora.html

[研究] Nikto2 v2.1.5 安裝與使用 (CentOS 7.0 x64_86)
http://shaurong.blogspot.tw/2014/08/nikto2-v215-centos-70-x6486.html

[研究] Nikto2 v2.1.5 安裝與使用 (CentOS 6.3 x86)
http://shaurong.blogspot.tw/2012/12/nikto2-v215-centos-63-x86.html

[研究] Nikto2 v2.1.4 安裝與使用 (Fedora 15 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?t=20385

[研究] Nikto2 v2.1.4 Web Scanner 安裝與使用 (CentOS 6.0 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?p=63655

[研究] RATS 2.4 (靜態程式原始碼掃描工具)(Fedora 36 x64)

[研究] RATS 2.4 (靜態程式原始碼掃描工具)(Fedora 36 x64)

2022-05-27

Google Code Archive - Long-term storage for Google Code Project Hosting.
Rough Auditing Tool for Security (RATS)
2.4版於Jan 1, 2014釋出。

CERN Computer Security Information
https://security.web.cern.ch/recommendations/en/codetools/rats.shtml

RATS (Rough Auditing Tool for Security)是用來評估程式原始碼潛在弱點的開放原始碼工具。它可以掃描C、C++、Perl、PHP還有Python的原始碼,並標記可能有弱點的程式碼位置,供程式人員之後進一步的檢查。RATS不但可以找出一些特定的弱點,更可以針對這些發現的弱點提出建議以及改進方式。

安裝

[user1@fedora ~]$ sudo yum list | grep rats

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for user1: 
rats.x86_64       2.4-20.fc36             fedora               
[user1@fedora ~]$ sudo yum -y install rats
Last metadata expiration check: 0:02:10 ago on Fri 27 May 2022 09:15:54 AM CST.
Dependencies resolved.
================================================================================
 Package        Architecture     Version                 Repository        Size
================================================================================
Installing:
 rats           x86_64           2.4-20.fc36             fedora           126 k

Transaction Summary
================================================================================
Install  1 Package

Total download size: 126 k
Installed size: 820 k
Downloading Packages:
rats-2.4-20.fc36.x86_64.rpm                     418 kB/s | 126 kB     00:00    
--------------------------------------------------------------------------------
Total                                           110 kB/s | 126 kB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                        1/1 
  Installing       : rats-2.4-20.fc36.x86_64                                1/1 
  Running scriptlet: rats-2.4-20.fc36.x86_64                                1/1 
  Verifying        : rats-2.4-20.fc36.x86_64                                1/1 

Installed:
  rats-2.4-20.fc36.x86_64                                                       

Complete!
[user1@fedora ~]$ rats
Entries in perl database: 33
Entries in ruby database: 46
Entries in python database: 62
Entries in c database: 336
Entries in php database: 55
Total lines analyzed: 0
Total time 0.000009 seconds
0 lines per second
[user1@fedora ~]$


參數

[user1@fedora ~]$ rats -h
RATS v2.4 - Rough Auditing Tool for Security
Copyright 2001, 2002 Secure Software Inc
http://www.securesoftware.com

usage: rats [-adhilrwxR] [--help] [--database|--db]  name1 name2 ... namen

    -a <fun>       report any occurence of function 'fun' in the source file(s)
    -d <filename>  specify an alternate vulnerability database.
    --db
    --database
    -h             display usage information (what you're reading)
    --help
    -i             report functions that accept external input
    --input
    -l <language>  force the specified langauge to be used
    --language <language>
    -r             include references that are not function calls
    --references
    -w <1,2,3>     set warning level (default 2)
    --warning <1,2,3>
    -x             do not load default databases
    -R             don't recurse subdirectories scanning for matching files
    --no-recursion
    --xml          Output in XML.
    --html         Output in HTML.
    --follow-symlinks
                   Follow symlinks and process files found.
    --noheader
		       Don't print initial header in output
    --nofooter
                   Don't show timing information footer at end of analysis
    --quiet
                   Don't print status information regarding what file is being analyzed
    --resultsonly
                   No header, footer, or status information
    --columns
                   Show column number of hte line where the problem occured.
    --context
                   Display the line of code that caused the problem report
[user1@fedora ~]$ 



測試


[user1@fedora ~]$ wget  https://dlcdn.apache.org/httpd/httpd-2.4.53.tar.gz
[user1@fedora ~]$ tar zxvf httpd-2.4.53.tar.gz 


[user1@fedora ~]$ rats httpd-2.4.53
Entries in perl database: 33
Entries in ruby database: 46
Entries in python database: 62
Entries in c database: 336
Entries in php database: 55
Analyzing httpd-2.4.53/test/conftest.py
Analyzing httpd-2.4.53/test/test-writev.c
Analyzing httpd-2.4.53/test/pyhttpd/curl.py
httpd-2.4.53/test/pyhttpd/curl.py:26: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/curl.py:30: warning: bad token `@'
Analyzing httpd-2.4.53/test/pyhttpd/env.py
httpd-2.4.53/test/pyhttpd/env.py:168: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:263: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:267: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:271: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:275: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:279: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:283: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:287: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:291: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:295: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:299: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:303: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:307: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:311: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:315: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:319: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:323: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:327: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:331: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:335: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:339: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:343: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:347: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:351: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:358: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:362: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/env.py:366: warning: bad token `@'
Analyzing httpd-2.4.53/test/pyhttpd/log.py
httpd-2.4.53/test/pyhttpd/log.py:39: warning: bad token `@'
Analyzing httpd-2.4.53/test/pyhttpd/certs.py
httpd-2.4.53/test/pyhttpd/certs.py:65: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:73: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:95: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:99: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:103: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:112: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:116: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:120: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:124: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:131: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:142: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:146: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:193: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:271: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:281: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:305: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:317: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:349: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:375: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:395: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:419: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:442: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/certs.py:460: warning: bad token `@'
Analyzing httpd-2.4.53/test/pyhttpd/conf.py
httpd-2.4.53/test/pyhttpd/conf.py:178: warning: bad token `@'
Analyzing httpd-2.4.53/test/pyhttpd/nghttp.py
httpd-2.4.53/test/pyhttpd/nghttp.py:23: warning: bad token `@'
Analyzing httpd-2.4.53/test/pyhttpd/__init__.py
Analyzing httpd-2.4.53/test/pyhttpd/result.py
httpd-2.4.53/test/pyhttpd/result.py:28: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/result.py:32: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/result.py:36: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/result.py:40: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/result.py:44: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/result.py:49: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/result.py:53: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/result.py:57: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/result.py:61: warning: bad token `@'
httpd-2.4.53/test/pyhttpd/result.py:65: warning: bad token `@'
Analyzing httpd-2.4.53/test/pyhttpd/htdocs/test1/009.py
Analyzing httpd-2.4.53/test/pyhttpd/htdocs/test1/007/007.py
Analyzing httpd-2.4.53/test/test_limits.c
Analyzing httpd-2.4.53/test/test_parser.c
Analyzing httpd-2.4.53/test/test_find.c
Analyzing httpd-2.4.53/test/time-sem.c
Analyzing httpd-2.4.53/test/cls.c
Analyzing httpd-2.4.53/test/modules/core/conftest.py
httpd-2.4.53/test/modules/core/conftest.py:17: warning: bad token `@'
httpd-2.4.53/test/modules/core/conftest.py:32: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/core/__init__.py
Analyzing httpd-2.4.53/test/modules/core/test_001_encoding.py
httpd-2.4.53/test/modules/core/test_001_encoding.py:10: warning: bad token `@'
httpd-2.4.53/test/modules/core/test_001_encoding.py:30: warning: bad token `@'
httpd-2.4.53/test/modules/core/test_001_encoding.py:45: warning: bad token `@'
httpd-2.4.53/test/modules/core/test_001_encoding.py:60: warning: bad token `@'
httpd-2.4.53/test/modules/core/test_001_encoding.py:84: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_004_post.py
httpd-2.4.53/test/modules/http2/test_004_post.py:16: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_004_post.py:60: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_004_post.py:65: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_004_post.py:105: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_004_post.py:111: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_004_post.py:134: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_004_post.py:140: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_004_post.py:146: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_502_proxy_port.py
httpd-2.4.53/test/modules/http2/test_502_proxy_port.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/conftest.py
httpd-2.4.53/test/modules/http2/conftest.py:30: warning: bad token `@'
httpd-2.4.53/test/modules/http2/conftest.py:45: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_500_proxy.py
httpd-2.4.53/test/modules/http2/test_500_proxy.py:11: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_006_assets.py
httpd-2.4.53/test/modules/http2/test_006_assets.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_102_require.py
httpd-2.4.53/test/modules/http2/test_102_require.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/env.py
Analyzing httpd-2.4.53/test/modules/http2/test_103_upgrade.py
httpd-2.4.53/test/modules/http2/test_103_upgrade.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_401_early_hints.py
httpd-2.4.53/test/modules/http2/test_401_early_hints.py:9: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_202_trailer.py
httpd-2.4.53/test/modules/http2/test_202_trailer.py:18: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_200_header_invalid.py
httpd-2.4.53/test/modules/http2/test_200_header_invalid.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_700_load_get.py
httpd-2.4.53/test/modules/http2/test_700_load_get.py:6: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_700_load_get.py:10: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_700_load_get.py:28: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_700_load_get.py:45: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_001_httpd_alive.py
httpd-2.4.53/test/modules/http2/test_001_httpd_alive.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_100_conn_reuse.py
httpd-2.4.53/test/modules/http2/test_100_conn_reuse.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_003_get.py
httpd-2.4.53/test/modules/http2/test_003_get.py:9: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_003_get.py:141: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_003_get.py:156: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_003_get.py:182: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_003_get.py:193: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_201_header_conditional.py
httpd-2.4.53/test/modules/http2/test_201_header_conditional.py:8: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_201_header_conditional.py:42: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_600_h2proxy.py
httpd-2.4.53/test/modules/http2/test_600_h2proxy.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/__init__.py
Analyzing httpd-2.4.53/test/modules/http2/test_101_ssl_reneg.py
httpd-2.4.53/test/modules/http2/test_101_ssl_reneg.py:7: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_101_ssl_reneg.py:10: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_002_curl_basics.py
httpd-2.4.53/test/modules/http2/test_002_curl_basics.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_400_push.py
httpd-2.4.53/test/modules/http2/test_400_push.py:10: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_005_files.py
httpd-2.4.53/test/modules/http2/test_005_files.py:22: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/mod_h2test/mod_h2test.c
Analyzing httpd-2.4.53/test/modules/http2/htdocs/cgi/hello.py
Analyzing httpd-2.4.53/test/modules/http2/htdocs/cgi/env.py
Analyzing httpd-2.4.53/test/modules/http2/htdocs/cgi/upload.py
Analyzing httpd-2.4.53/test/modules/http2/htdocs/cgi/necho.py
Analyzing httpd-2.4.53/test/modules/http2/htdocs/cgi/mnot164.py
Analyzing httpd-2.4.53/test/modules/http2/htdocs/cgi/hecho.py
Analyzing httpd-2.4.53/test/modules/http2/htdocs/cgi/echo.py
Analyzing httpd-2.4.53/test/modules/http2/htdocs/cgi/echohd.py
Analyzing httpd-2.4.53/test/modules/http2/test_104_padding.py
httpd-2.4.53/test/modules/http2/test_104_padding.py:13: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_501_proxy_serverheader.py
httpd-2.4.53/test/modules/http2/test_501_proxy_serverheader.py:6: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_501_proxy_serverheader.py:9: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_300_interim.py
httpd-2.4.53/test/modules/http2/test_300_interim.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_710_load_post_static.py
httpd-2.4.53/test/modules/http2/test_710_load_post_static.py:9: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_106_shutdown.py
httpd-2.4.53/test/modules/http2/test_106_shutdown.py:16: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_711_load_post_cgi.py
httpd-2.4.53/test/modules/http2/test_711_load_post_cgi.py:9: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_105_timeout.py
httpd-2.4.53/test/modules/http2/test_105_timeout.py:114: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_105_timeout.py:129: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/http2/test_712_buffering.py
httpd-2.4.53/test/modules/http2/test_712_buffering.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_712_buffering.py:17: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_712_buffering.py:39: warning: bad token `@'
httpd-2.4.53/test/modules/http2/test_712_buffering.py:50: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_11_md.py
httpd-2.4.53/test/modules/tls/test_11_md.py:11: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/conftest.py
httpd-2.4.53/test/modules/tls/conftest.py:21: warning: bad token `@'
httpd-2.4.53/test/modules/tls/conftest.py:36: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/env.py
httpd-2.4.53/test/modules/tls/env.py:128: warning: bad token `@'
httpd-2.4.53/test/modules/tls/env.py:132: warning: bad token `@'
httpd-2.4.53/test/modules/tls/env.py:172: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_13_proxy.py
httpd-2.4.53/test/modules/tls/test_13_proxy.py:10: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_13_proxy.py:29: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_15_proxy_tls.py
httpd-2.4.53/test/modules/tls/test_15_proxy_tls.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_15_proxy_tls.py:62: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_15_proxy_tls.py:77: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_07_alpn.py
httpd-2.4.53/test/modules/tls/test_07_alpn.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_07_alpn.py:20: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_09_timeout.py
httpd-2.4.53/test/modules/tls/test_09_timeout.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_09_timeout.py:20: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_14_proxy_ssl.py
httpd-2.4.53/test/modules/tls/test_14_proxy_ssl.py:9: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_14_proxy_ssl.py:57: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_14_proxy_ssl.py:70: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_06_ciphers.py
httpd-2.4.53/test/modules/tls/test_06_ciphers.py:12: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_06_ciphers.py:21: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_06_ciphers.py:60: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_06_ciphers.py:85: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_06_ciphers.py:87: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_06_ciphers.py:112: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_06_ciphers.py:114: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_06_ciphers.py:138: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_06_ciphers.py:140: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/conf.py
Analyzing httpd-2.4.53/test/modules/tls/test_08_vars.py
httpd-2.4.53/test/modules/tls/test_08_vars.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_08_vars.py:39: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_08_vars.py:52: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/__init__.py
Analyzing httpd-2.4.53/test/modules/tls/test_04_get.py
httpd-2.4.53/test/modules/tls/test_04_get.py:22: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_04_get.py:35: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_04_get.py:55: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_03_sni.py
httpd-2.4.53/test/modules/tls/test_03_sni.py:10: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_03_sni.py:18: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_02_conf.py
httpd-2.4.53/test/modules/tls/test_02_conf.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_02_conf.py:16: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_02_conf.py:60: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_02_conf.py:84: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_02_conf.py:102: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_02_conf.py:112: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_02_conf.py:128: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_01_apache.py
httpd-2.4.53/test/modules/tls/test_01_apache.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_12_cauth.py
httpd-2.4.53/test/modules/tls/test_12_cauth.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_12_cauth.py:16: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_12_cauth.py:21: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_12_cauth.py:26: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_12_cauth.py:29: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_12_cauth.py:35: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_17_proxy_machine_cert.py
httpd-2.4.53/test/modules/tls/test_17_proxy_machine_cert.py:10: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_17_proxy_machine_cert.py:14: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_17_proxy_machine_cert.py:18: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_17_proxy_machine_cert.py:22: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_17_proxy_machine_cert.py:61: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_05_proto.py
httpd-2.4.53/test/modules/tls/test_05_proto.py:13: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_05_proto.py:28: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/htdocs/b.mod-tls.test/vars.py
Analyzing httpd-2.4.53/test/modules/tls/htdocs/b.mod-tls.test/resp-jitter.py
Analyzing httpd-2.4.53/test/modules/tls/htdocs/b.mod-tls.test/dir1/vars.py
Analyzing httpd-2.4.53/test/modules/tls/htdocs/a.mod-tls.test/vars.py
Analyzing httpd-2.4.53/test/modules/tls/test_10_session_id.py
httpd-2.4.53/test/modules/tls/test_10_session_id.py:13: warning: bad token `@'
httpd-2.4.53/test/modules/tls/test_10_session_id.py:38: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/tls/test_16_proxy_mixed.py
httpd-2.4.53/test/modules/tls/test_16_proxy_mixed.py:8: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_602_roundtrip.py
httpd-2.4.53/test/modules/md/test_602_roundtrip.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_602_roundtrip.py:12: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_602_roundtrip.py:16: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_602_roundtrip.py:23: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_920_status.py
httpd-2.4.53/test/modules/md/test_920_status.py:15: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_920_status.py:19: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_920_status.py:25: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_730_static.py
httpd-2.4.53/test/modules/md/test_730_static.py:9: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_730_static.py:13: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_730_static.py:22: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_740_acme_errors.py
httpd-2.4.53/test/modules/md/test_740_acme_errors.py:8: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_740_acme_errors.py:12: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_740_acme_errors.py:21: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/conftest.py
httpd-2.4.53/test/modules/md/conftest.py:24: warning: bad token `@'
httpd-2.4.53/test/modules/md/conftest.py:39: warning: bad token `@'
httpd-2.4.53/test/modules/md/conftest.py:76: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_100_reg_add.py
httpd-2.4.53/test/modules/md/test_100_reg_add.py:8: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_100_reg_add.py:9: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_100_reg_add.py:13: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_100_reg_add.py:93: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_100_reg_add.py:101: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_100_reg_add.py:148: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_752_zerossl.py
httpd-2.4.53/test/modules/md/test_752_zerossl.py:37: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_752_zerossl.py:40: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_752_zerossl.py:48: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_120_reg_list.py
httpd-2.4.53/test/modules/md/test_120_reg_list.py:10: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_120_reg_list.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_120_reg_list.py:15: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_110_reg_update.py
httpd-2.4.53/test/modules/md/test_110_reg_update.py:8: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_110_reg_update.py:9: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_110_reg_update.py:16: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_110_reg_update.py:52: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_110_reg_update.py:89: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_110_reg_update.py:114: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_110_reg_update.py:214: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_110_reg_update.py:224: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_110_reg_update.py:269: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_702_auto.py
httpd-2.4.53/test/modules/md/test_702_auto.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_702_auto.py:15: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_702_auto.py:24: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_702_auto.py:147: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_702_auto.py:551: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_702_auto.py:594: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_702_auto.py:677: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_702_auto.py:678: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/http_challenge_foobar.py
Analyzing httpd-2.4.53/test/modules/md/test_910_cleanups.py
httpd-2.4.53/test/modules/md/test_910_cleanups.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_910_cleanups.py:15: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_910_cleanups.py:24: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_202_acmev2_regs.py
httpd-2.4.53/test/modules/md/test_202_acmev2_regs.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_202_acmev2_regs.py:12: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_202_acmev2_regs.py:16: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_202_acmev2_regs.py:24: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_202_acmev2_regs.py:30: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_202_acmev2_regs.py:63: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/msg_fail_on.py
Analyzing httpd-2.4.53/test/modules/md/test_001_store.py
httpd-2.4.53/test/modules/md/test_001_store.py:14: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_001_store.py:17: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_300_conf_validate.py
httpd-2.4.53/test/modules/md/test_300_conf_validate.py:13: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_300_conf_validate.py:17: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_300_conf_validate.py:211: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_300_conf_validate.py:225: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_300_conf_validate.py:236: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_300_conf_validate.py:247: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_300_conf_validate.py:256: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_300_conf_validate.py:311: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_300_conf_validate.py:325: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_801_stapling.py
httpd-2.4.53/test/modules/md/test_801_stapling.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_801_stapling.py:13: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_801_stapling.py:16: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_801_stapling.py:31: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/md_conf.py
Analyzing httpd-2.4.53/test/modules/md/test_800_must_staple.py
httpd-2.4.53/test/modules/md/test_800_must_staple.py:9: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_800_must_staple.py:14: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_800_must_staple.py:22: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_800_must_staple.py:53: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_800_must_staple.py:69: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_800_must_staple.py:70: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/__init__.py
Analyzing httpd-2.4.53/test/modules/md/message.py
Analyzing httpd-2.4.53/test/modules/md/notify.py
Analyzing httpd-2.4.53/test/modules/md/test_720_wildcard.py
httpd-2.4.53/test/modules/md/test_720_wildcard.py:10: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_720_wildcard.py:14: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_720_wildcard.py:23: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/md_cert_util.py
httpd-2.4.53/test/modules/md/md_cert_util.py:26: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_cert_util.py:65: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_cert_util.py:87: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_cert_util.py:92: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_cert_util.py:186: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_cert_util.py:222: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_810_ec.py
httpd-2.4.53/test/modules/md/test_810_ec.py:10: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_810_ec.py:14: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_810_ec.py:23: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_810_ec.py:92: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_810_ec.py:93: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_751_sectigo.py
httpd-2.4.53/test/modules/md/test_751_sectigo.py:39: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_751_sectigo.py:40: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_751_sectigo.py:43: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_751_sectigo.py:51: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/md_acme.py
httpd-2.4.53/test/modules/md/md_acme.py:25: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_acme.py:29: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_acme.py:33: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_502_acmev2_drive.py
httpd-2.4.53/test/modules/md/test_502_acmev2_drive.py:16: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_502_acmev2_drive.py:17: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_502_acmev2_drive.py:21: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_502_acmev2_drive.py:29: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_502_acmev2_drive.py:399: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_502_acmev2_drive.py:440: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_741_setup_errors.py
httpd-2.4.53/test/modules/md/test_741_setup_errors.py:10: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_741_setup_errors.py:14: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_741_setup_errors.py:23: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/dns01.py
Analyzing httpd-2.4.53/test/modules/md/test_310_conf_store.py
httpd-2.4.53/test/modules/md/test_310_conf_store.py:15: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_310_conf_store.py:16: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_310_conf_store.py:20: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_310_conf_store.py:25: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_310_conf_store.py:38: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_310_conf_store.py:418: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_310_conf_store.py:453: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_310_conf_store.py:469: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_310_conf_store.py:725: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_750_eab.py
httpd-2.4.53/test/modules/md/test_750_eab.py:11: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_750_eab.py:15: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_750_eab.py:23: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_010_store_migrate.py
httpd-2.4.53/test/modules/md/test_010_store_migrate.py:10: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_010_store_migrate.py:13: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/md_certs.py
httpd-2.4.53/test/modules/md/md_certs.py:65: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:84: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:88: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:92: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:101: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:105: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:109: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:113: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:127: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:131: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:174: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:239: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:249: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:273: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:285: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:317: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:343: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:363: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:387: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:410: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_certs.py:428: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/test_900_notify.py
httpd-2.4.53/test/modules/md/test_900_notify.py:12: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_900_notify.py:19: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_900_notify.py:25: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/md_env.py
httpd-2.4.53/test/modules/md/md_env.py:66: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_env.py:70: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_env.py:74: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_env.py:78: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_env.py:82: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_env.py:86: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_env.py:147: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_env.py:151: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_env.py:155: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_env.py:159: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_env.py:163: warning: bad token `@'
httpd-2.4.53/test/modules/md/md_env.py:167: warning: bad token `@'
Analyzing httpd-2.4.53/test/modules/md/notifail.py
Analyzing httpd-2.4.53/test/modules/md/test_901_message.py
httpd-2.4.53/test/modules/md/test_901_message.py:12: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_901_message.py:16: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_901_message.py:25: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_901_message.py:107: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_901_message.py:189: warning: bad token `@'
httpd-2.4.53/test/modules/md/test_901_message.py:218: warning: bad token `@'
Analyzing httpd-2.4.53/test/test_select.c
Analyzing httpd-2.4.53/server/util_charset.c
Analyzing httpd-2.4.53/server/provider.c
Analyzing httpd-2.4.53/server/core_filters.c
Analyzing httpd-2.4.53/server/log.c
Analyzing httpd-2.4.53/server/util_expr_eval.c
Analyzing httpd-2.4.53/server/util_script.c
Analyzing httpd-2.4.53/server/ssl.c
Analyzing httpd-2.4.53/server/mpm_common.c
Analyzing httpd-2.4.53/server/mpm_fdqueue.c
Analyzing httpd-2.4.53/server/request.c
Analyzing httpd-2.4.53/server/util_cfgtree.c
Analyzing httpd-2.4.53/server/util.c
Analyzing httpd-2.4.53/server/scoreboard.c
Analyzing httpd-2.4.53/server/eoc_bucket.c
Analyzing httpd-2.4.53/server/listen.c
Analyzing httpd-2.4.53/server/util_md5.c
Analyzing httpd-2.4.53/server/util_mutex.c
Analyzing httpd-2.4.53/server/util_expr_scan.c
Analyzing httpd-2.4.53/server/util_pcre.c
Analyzing httpd-2.4.53/server/error_bucket.c
Analyzing httpd-2.4.53/server/buildmark.c
Analyzing httpd-2.4.53/server/core.c
Analyzing httpd-2.4.53/server/util_debug.c
Analyzing httpd-2.4.53/server/util_xml.c
Analyzing httpd-2.4.53/server/util_cookies.c
Analyzing httpd-2.4.53/server/main.c
Analyzing httpd-2.4.53/server/connection.c
Analyzing httpd-2.4.53/server/protocol.c
Analyzing httpd-2.4.53/server/util_expr_parse.c
Analyzing httpd-2.4.53/server/mpm/mpmt_os2/mpmt_os2_child.c
Analyzing httpd-2.4.53/server/mpm/mpmt_os2/mpmt_os2.c
Analyzing httpd-2.4.53/server/mpm/netware/mpm_netware.c
Analyzing httpd-2.4.53/server/mpm/prefork/prefork.c
Analyzing httpd-2.4.53/server/mpm/worker/worker.c
Analyzing httpd-2.4.53/server/mpm/event/event.c
Analyzing httpd-2.4.53/server/mpm/winnt/nt_eventlog.c
Analyzing httpd-2.4.53/server/mpm/winnt/child.c
Analyzing httpd-2.4.53/server/mpm/winnt/mpm_winnt.c
Analyzing httpd-2.4.53/server/mpm/winnt/service.c
Analyzing httpd-2.4.53/server/config.c
Analyzing httpd-2.4.53/server/eor_bucket.c
Analyzing httpd-2.4.53/server/util_fcgi.c
Analyzing httpd-2.4.53/server/mpm_unix.c
Analyzing httpd-2.4.53/server/gen_test_char.c
Analyzing httpd-2.4.53/server/util_filter.c
Analyzing httpd-2.4.53/server/util_time.c
Analyzing httpd-2.4.53/server/util_ebcdic.c
Analyzing httpd-2.4.53/server/vhost.c
Analyzing httpd-2.4.53/server/util_regex.c
Analyzing httpd-2.4.53/support/httxt2dbm.c
Analyzing httpd-2.4.53/support/htdigest.c
Analyzing httpd-2.4.53/support/rotatelogs.c
Analyzing httpd-2.4.53/support/checkgid.c
Analyzing httpd-2.4.53/support/htpasswd.c
Analyzing httpd-2.4.53/support/htcacheclean.c
Analyzing httpd-2.4.53/support/fcgistarter.c
Analyzing httpd-2.4.53/support/passwd_common.c
Analyzing httpd-2.4.53/support/htdbm.c
Analyzing httpd-2.4.53/support/SHA1/htpasswd-sha1.pl
Analyzing httpd-2.4.53/support/SHA1/convert-sha1.pl
Analyzing httpd-2.4.53/support/suexec.c
Analyzing httpd-2.4.53/support/list_hooks.pl
Analyzing httpd-2.4.53/support/win32/wintty.c
Analyzing httpd-2.4.53/support/win32/ApacheMonitor.c
Analyzing httpd-2.4.53/support/logresolve.c
Analyzing httpd-2.4.53/support/ab.c
Analyzing httpd-2.4.53/os/os2/util_os2.c
Analyzing httpd-2.4.53/os/netware/modules.c
Analyzing httpd-2.4.53/os/netware/util_nw.c
Analyzing httpd-2.4.53/os/unix/unixd.c
Analyzing httpd-2.4.53/os/bs2000/ebcdic.c
Analyzing httpd-2.4.53/os/bs2000/os.c
Analyzing httpd-2.4.53/os/win32/modules.c
Analyzing httpd-2.4.53/os/win32/ap_regkey.c
Analyzing httpd-2.4.53/os/win32/util_win32.c
Analyzing httpd-2.4.53/build/cpR_noreplace.pl
Analyzing httpd-2.4.53/build/default.pl
Analyzing httpd-2.4.53/modules/filters/mod_substitute.c
Analyzing httpd-2.4.53/modules/filters/mod_deflate.c
Analyzing httpd-2.4.53/modules/filters/mod_request.c
Analyzing httpd-2.4.53/modules/filters/mod_charset_lite.c
Analyzing httpd-2.4.53/modules/filters/sed0.c
Analyzing httpd-2.4.53/modules/filters/mod_reflector.c
Analyzing httpd-2.4.53/modules/filters/mod_xml2enc.c
Analyzing httpd-2.4.53/modules/filters/regexp.c
Analyzing httpd-2.4.53/modules/filters/mod_reqtimeout.c
Analyzing httpd-2.4.53/modules/filters/mod_proxy_html.c
Analyzing httpd-2.4.53/modules/filters/mod_ext_filter.c
Analyzing httpd-2.4.53/modules/filters/mod_sed.c
Analyzing httpd-2.4.53/modules/filters/sed1.c
Analyzing httpd-2.4.53/modules/filters/mod_ratelimit.c
Analyzing httpd-2.4.53/modules/filters/mod_filter.c
Analyzing httpd-2.4.53/modules/filters/mod_data.c
Analyzing httpd-2.4.53/modules/filters/mod_include.c
Analyzing httpd-2.4.53/modules/filters/mod_buffer.c
Analyzing httpd-2.4.53/modules/filters/mod_brotli.c
Analyzing httpd-2.4.53/modules/database/mod_dbd.c
Analyzing httpd-2.4.53/modules/cluster/mod_heartbeat.c
Analyzing httpd-2.4.53/modules/cluster/mod_heartmonitor.c
Analyzing httpd-2.4.53/modules/ssl/ssl_util.c
Analyzing httpd-2.4.53/modules/ssl/ssl_engine_log.c
Analyzing httpd-2.4.53/modules/ssl/ssl_util_ocsp.c
Analyzing httpd-2.4.53/modules/ssl/ssl_engine_kernel.c
Analyzing httpd-2.4.53/modules/ssl/mod_ssl.c
Analyzing httpd-2.4.53/modules/ssl/ssl_engine_pphrase.c
Analyzing httpd-2.4.53/modules/ssl/ssl_engine_mutex.c
Analyzing httpd-2.4.53/modules/ssl/ssl_scache.c
Analyzing httpd-2.4.53/modules/ssl/ssl_engine_io.c
Analyzing httpd-2.4.53/modules/ssl/ssl_util_ssl.c
Analyzing httpd-2.4.53/modules/ssl/ssl_engine_vars.c
Analyzing httpd-2.4.53/modules/ssl/ssl_engine_init.c
Analyzing httpd-2.4.53/modules/ssl/ssl_util_stapling.c
Analyzing httpd-2.4.53/modules/ssl/ssl_engine_config.c
Analyzing httpd-2.4.53/modules/ssl/ssl_engine_ocsp.c
Analyzing httpd-2.4.53/modules/ssl/ssl_engine_rand.c
Analyzing httpd-2.4.53/modules/loggers/mod_log_config.c
Analyzing httpd-2.4.53/modules/loggers/mod_log_debug.c
Analyzing httpd-2.4.53/modules/loggers/mod_logio.c
Analyzing httpd-2.4.53/modules/loggers/mod_log_forensic.c
Analyzing httpd-2.4.53/modules/echo/mod_echo.c
Analyzing httpd-2.4.53/modules/core/mod_so.c
Analyzing httpd-2.4.53/modules/core/mod_watchdog.c
Analyzing httpd-2.4.53/modules/core/mod_macro.c
Analyzing httpd-2.4.53/modules/proxy/ajp_header.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_connect.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_scgi.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_ftp.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_express.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_fcgi.c
Analyzing httpd-2.4.53/modules/proxy/ajp_utils.c
Analyzing httpd-2.4.53/modules/proxy/balancers/mod_lbmethod_heartbeat.c
Analyzing httpd-2.4.53/modules/proxy/balancers/mod_lbmethod_byrequests.c
Analyzing httpd-2.4.53/modules/proxy/balancers/mod_lbmethod_bytraffic.c
Analyzing httpd-2.4.53/modules/proxy/balancers/mod_lbmethod_bybusyness.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_fdpass.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_http.c
Analyzing httpd-2.4.53/modules/proxy/proxy_util.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_hcheck.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_balancer.c
Analyzing httpd-2.4.53/modules/proxy/ajp_link.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_uwsgi.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_ajp.c
Analyzing httpd-2.4.53/modules/proxy/mod_proxy_wstunnel.c
Analyzing httpd-2.4.53/modules/proxy/ajp_msg.c
Analyzing httpd-2.4.53/modules/cache/mod_socache_memcache.c
Analyzing httpd-2.4.53/modules/cache/mod_cache_socache.c
Analyzing httpd-2.4.53/modules/cache/mod_socache_redis.c
Analyzing httpd-2.4.53/modules/cache/cache_util.c
Analyzing httpd-2.4.53/modules/cache/mod_file_cache.c
Analyzing httpd-2.4.53/modules/cache/mod_socache_dbm.c
Analyzing httpd-2.4.53/modules/cache/cache_storage.c
Analyzing httpd-2.4.53/modules/cache/mod_socache_shmcb.c
Analyzing httpd-2.4.53/modules/cache/mod_cache.c
Analyzing httpd-2.4.53/modules/cache/mod_cache_disk.c
Analyzing httpd-2.4.53/modules/cache/mod_socache_dc.c
Analyzing httpd-2.4.53/modules/test/mod_optional_hook_import.c
Analyzing httpd-2.4.53/modules/test/mod_dialup.c
Analyzing httpd-2.4.53/modules/test/mod_optional_fn_export.c
Analyzing httpd-2.4.53/modules/test/mod_optional_fn_import.c
Analyzing httpd-2.4.53/modules/test/mod_optional_hook_export.c
Analyzing httpd-2.4.53/modules/ldap/util_ldap_cache_mgr.c
Analyzing httpd-2.4.53/modules/ldap/util_ldap_cache.c
Analyzing httpd-2.4.53/modules/ldap/util_ldap.c
Analyzing httpd-2.4.53/modules/debugging/mod_dumpio.c
Analyzing httpd-2.4.53/modules/debugging/mod_bucketeer.c
Analyzing httpd-2.4.53/modules/lua/mod_lua.c
Analyzing httpd-2.4.53/modules/lua/lua_dbd.c
Analyzing httpd-2.4.53/modules/lua/lua_vmprep.c
Analyzing httpd-2.4.53/modules/lua/lua_apr.c
Analyzing httpd-2.4.53/modules/lua/lua_config.c
Analyzing httpd-2.4.53/modules/lua/lua_passwd.c
Analyzing httpd-2.4.53/modules/lua/lua_request.c
Analyzing httpd-2.4.53/modules/aaa/mod_authn_dbd.c
Analyzing httpd-2.4.53/modules/aaa/mod_auth_basic.c
Analyzing httpd-2.4.53/modules/aaa/mod_auth_form.c
Analyzing httpd-2.4.53/modules/aaa/mod_auth_digest.c
Analyzing httpd-2.4.53/modules/aaa/mod_allowmethods.c
Analyzing httpd-2.4.53/modules/aaa/mod_authn_socache.c
Analyzing httpd-2.4.53/modules/aaa/mod_authz_groupfile.c
Analyzing httpd-2.4.53/modules/aaa/mod_authn_dbm.c
Analyzing httpd-2.4.53/modules/aaa/mod_authz_owner.c
Analyzing httpd-2.4.53/modules/aaa/mod_authz_user.c
Analyzing httpd-2.4.53/modules/aaa/mod_authnz_fcgi.c
Analyzing httpd-2.4.53/modules/aaa/mod_authn_file.c
Analyzing httpd-2.4.53/modules/aaa/mod_access_compat.c
Analyzing httpd-2.4.53/modules/aaa/mod_authz_dbd.c
Analyzing httpd-2.4.53/modules/aaa/mod_authnz_ldap.c
Analyzing httpd-2.4.53/modules/aaa/mod_authz_core.c
Analyzing httpd-2.4.53/modules/aaa/mod_authn_core.c
Analyzing httpd-2.4.53/modules/aaa/mod_authn_anon.c
Analyzing httpd-2.4.53/modules/aaa/mod_authz_dbm.c
Analyzing httpd-2.4.53/modules/aaa/mod_authz_host.c
Analyzing httpd-2.4.53/modules/http2/h2_alt_svc.c
Analyzing httpd-2.4.53/modules/http2/h2_bucket_beam.c
Analyzing httpd-2.4.53/modules/http2/h2_h2.c
Analyzing httpd-2.4.53/modules/http2/h2_conn.c
Analyzing httpd-2.4.53/modules/http2/h2_push.c
Analyzing httpd-2.4.53/modules/http2/h2_stream.c
Analyzing httpd-2.4.53/modules/http2/h2_conn_io.c
Analyzing httpd-2.4.53/modules/http2/mod_http2.c
Analyzing httpd-2.4.53/modules/http2/h2_request.c
Analyzing httpd-2.4.53/modules/http2/h2_util.c
Analyzing httpd-2.4.53/modules/http2/h2_session.c
Analyzing httpd-2.4.53/modules/http2/h2_config.c
Analyzing httpd-2.4.53/modules/http2/h2_ctx.c
Analyzing httpd-2.4.53/modules/http2/h2_bucket_eos.c
Analyzing httpd-2.4.53/modules/http2/h2_proxy_session.c
Analyzing httpd-2.4.53/modules/http2/h2_switch.c
Analyzing httpd-2.4.53/modules/http2/h2_from_h1.c
Analyzing httpd-2.4.53/modules/http2/h2_headers.c
Analyzing httpd-2.4.53/modules/http2/h2_workers.c
Analyzing httpd-2.4.53/modules/http2/h2_proxy_util.c
Analyzing httpd-2.4.53/modules/http2/h2_filter.c
Analyzing httpd-2.4.53/modules/http2/mod_proxy_http2.c
Analyzing httpd-2.4.53/modules/http2/h2_mplx.c
Analyzing httpd-2.4.53/modules/http2/h2_task.c
Analyzing httpd-2.4.53/modules/tls/tls_conf.c
Analyzing httpd-2.4.53/modules/tls/tls_proto.c
Analyzing httpd-2.4.53/modules/tls/tls_var.c
Analyzing httpd-2.4.53/modules/tls/tls_core.c
Analyzing httpd-2.4.53/modules/tls/tls_cache.c
Analyzing httpd-2.4.53/modules/tls/tls_filter.c
Analyzing httpd-2.4.53/modules/tls/tls_util.c
Analyzing httpd-2.4.53/modules/tls/tls_ocsp.c
Analyzing httpd-2.4.53/modules/tls/tls_cert.c
Analyzing httpd-2.4.53/modules/tls/mod_tls.c
Analyzing httpd-2.4.53/modules/http/http_filters.c
Analyzing httpd-2.4.53/modules/http/http_etag.c
Analyzing httpd-2.4.53/modules/http/http_protocol.c
Analyzing httpd-2.4.53/modules/http/byterange_filter.c
Analyzing httpd-2.4.53/modules/http/http_request.c
Analyzing httpd-2.4.53/modules/http/http_core.c
Analyzing httpd-2.4.53/modules/http/chunk_filter.c
Analyzing httpd-2.4.53/modules/http/mod_mime.c
Analyzing httpd-2.4.53/modules/examples/mod_case_filter.c
Analyzing httpd-2.4.53/modules/examples/mod_example_hooks.c
Analyzing httpd-2.4.53/modules/examples/mod_example_ipc.c
Analyzing httpd-2.4.53/modules/examples/mod_case_filter_in.c
Analyzing httpd-2.4.53/modules/arch/netware/mod_nw_ssl.c
Analyzing httpd-2.4.53/modules/arch/netware/libprews.c
Analyzing httpd-2.4.53/modules/arch/netware/mod_netware.c
Analyzing httpd-2.4.53/modules/arch/unix/mod_unixd.c
Analyzing httpd-2.4.53/modules/arch/unix/mod_systemd.c
Analyzing httpd-2.4.53/modules/arch/unix/mod_privileges.c
Analyzing httpd-2.4.53/modules/arch/win32/mod_isapi.c
Analyzing httpd-2.4.53/modules/arch/win32/mod_win32.c
Analyzing httpd-2.4.53/modules/md/md_crypt.c
Analyzing httpd-2.4.53/modules/md/md_status.c
Analyzing httpd-2.4.53/modules/md/md_acme_acct.c
Analyzing httpd-2.4.53/modules/md/mod_md.c
Analyzing httpd-2.4.53/modules/md/md_acme_authz.c
Analyzing httpd-2.4.53/modules/md/md_http.c
Analyzing httpd-2.4.53/modules/md/md_acme_drive.c
Analyzing httpd-2.4.53/modules/md/md_result.c
Analyzing httpd-2.4.53/modules/md/md_time.c
Analyzing httpd-2.4.53/modules/md/md_store.c
Analyzing httpd-2.4.53/modules/md/md_log.c
Analyzing httpd-2.4.53/modules/md/md_core.c
Analyzing httpd-2.4.53/modules/md/md_store_fs.c
Analyzing httpd-2.4.53/modules/md/md_acme_order.c
Analyzing httpd-2.4.53/modules/md/md_event.c
Analyzing httpd-2.4.53/modules/md/mod_md_drive.c
Analyzing httpd-2.4.53/modules/md/md_acme.c
Analyzing httpd-2.4.53/modules/md/mod_md_ocsp.c
Analyzing httpd-2.4.53/modules/md/md_curl.c
Analyzing httpd-2.4.53/modules/md/md_ocsp.c
Analyzing httpd-2.4.53/modules/md/md_util.c
Analyzing httpd-2.4.53/modules/md/mod_md_os.c
Analyzing httpd-2.4.53/modules/md/md_acmev2_drive.c
Analyzing httpd-2.4.53/modules/md/mod_md_status.c
Analyzing httpd-2.4.53/modules/md/md_jws.c
Analyzing httpd-2.4.53/modules/md/mod_md_config.c
Analyzing httpd-2.4.53/modules/md/md_json.c
Analyzing httpd-2.4.53/modules/md/md_reg.c
Analyzing httpd-2.4.53/modules/mappers/mod_userdir.c
Analyzing httpd-2.4.53/modules/mappers/mod_speling.c
Analyzing httpd-2.4.53/modules/mappers/mod_negotiation.c
Analyzing httpd-2.4.53/modules/mappers/mod_rewrite.c
Analyzing httpd-2.4.53/modules/mappers/mod_dir.c
Analyzing httpd-2.4.53/modules/mappers/mod_vhost_alias.c
Analyzing httpd-2.4.53/modules/mappers/mod_alias.c
Analyzing httpd-2.4.53/modules/mappers/mod_actions.c
Analyzing httpd-2.4.53/modules/mappers/mod_imagemap.c
Analyzing httpd-2.4.53/modules/generators/mod_cgid.c
Analyzing httpd-2.4.53/modules/generators/mod_autoindex.c
Analyzing httpd-2.4.53/modules/generators/mod_info.c
Analyzing httpd-2.4.53/modules/generators/mod_cgi.c
Analyzing httpd-2.4.53/modules/generators/mod_asis.c
Analyzing httpd-2.4.53/modules/generators/mod_suexec.c
Analyzing httpd-2.4.53/modules/generators/mod_status.c
Analyzing httpd-2.4.53/modules/dav/lock/locks.c
Analyzing httpd-2.4.53/modules/dav/lock/mod_dav_lock.c
Analyzing httpd-2.4.53/modules/dav/main/util.c
Analyzing httpd-2.4.53/modules/dav/main/std_liveprop.c
Analyzing httpd-2.4.53/modules/dav/main/liveprop.c
Analyzing httpd-2.4.53/modules/dav/main/props.c
Analyzing httpd-2.4.53/modules/dav/main/util_lock.c
Analyzing httpd-2.4.53/modules/dav/main/mod_dav.c
Analyzing httpd-2.4.53/modules/dav/main/providers.c
Analyzing httpd-2.4.53/modules/dav/fs/mod_dav_fs.c
Analyzing httpd-2.4.53/modules/dav/fs/repos.c
Analyzing httpd-2.4.53/modules/dav/fs/dbm.c
Analyzing httpd-2.4.53/modules/dav/fs/lock.c
Analyzing httpd-2.4.53/modules/metadata/mod_ident.c
Analyzing httpd-2.4.53/modules/metadata/mod_mime_magic.c
Analyzing httpd-2.4.53/modules/metadata/mod_remoteip.c
Analyzing httpd-2.4.53/modules/metadata/mod_expires.c
Analyzing httpd-2.4.53/modules/metadata/mod_cern_meta.c
Analyzing httpd-2.4.53/modules/metadata/mod_usertrack.c
Analyzing httpd-2.4.53/modules/metadata/mod_setenvif.c
Analyzing httpd-2.4.53/modules/metadata/mod_version.c
Analyzing httpd-2.4.53/modules/metadata/mod_env.c
Analyzing httpd-2.4.53/modules/metadata/mod_unique_id.c
Analyzing httpd-2.4.53/modules/metadata/mod_headers.c
Analyzing httpd-2.4.53/modules/slotmem/mod_slotmem_shm.c
Analyzing httpd-2.4.53/modules/slotmem/mod_slotmem_plain.c
Analyzing httpd-2.4.53/modules/session/mod_session.c
Analyzing httpd-2.4.53/modules/session/mod_session_dbd.c
Analyzing httpd-2.4.53/modules/session/mod_session_crypto.c
Analyzing httpd-2.4.53/modules/session/mod_session_cookie.c
httpd-2.4.53/test/test-writev.c:54: High: fixed size local buffer
httpd-2.4.53/test/test_limits.c:188: High: fixed size local buffer
httpd-2.4.53/test/test_parser.c:63: High: fixed size local buffer
httpd-2.4.53/test/test_find.c:61: High: fixed size local buffer
httpd-2.4.53/test/test_find.c:62: High: fixed size local buffer
httpd-2.4.53/test/cls.c:97: High: fixed size local buffer
httpd-2.4.53/test/cls.c:98: High: fixed size local buffer
httpd-2.4.53/test/cls.c:102: High: fixed size local buffer
httpd-2.4.53/test/modules/http2/mod_h2test/mod_h2test.c:79: High: fixed size local buffer
httpd-2.4.53/test/modules/http2/mod_h2test/mod_h2test.c:153: High: fixed size local buffer
httpd-2.4.53/server/log.c:723: High: fixed size local buffer
httpd-2.4.53/server/log.c:809: High: fixed size local buffer
httpd-2.4.53/server/log.c:950: High: fixed size local buffer
httpd-2.4.53/server/log.c:1043: High: fixed size local buffer
httpd-2.4.53/server/log.c:1137: High: fixed size local buffer
httpd-2.4.53/server/log.c:1472: High: fixed size local buffer
httpd-2.4.53/server/log.c:1474: High: fixed size local buffer
httpd-2.4.53/server/log.c:1605: High: fixed size local buffer
httpd-2.4.53/server/log.c:1711: High: fixed size local buffer
httpd-2.4.53/server/util_script.c:463: High: fixed size local buffer
httpd-2.4.53/server/util.c:124: High: fixed size local buffer
httpd-2.4.53/server/util.c:125: High: fixed size local buffer
httpd-2.4.53/server/util.c:977: High: fixed size local buffer
httpd-2.4.53/server/util.c:3379: High: fixed size local buffer
httpd-2.4.53/server/util_md5.c:56: High: fixed size local buffer
httpd-2.4.53/server/util_md5.c:127: High: fixed size local buffer
httpd-2.4.53/server/util_md5.c:153: High: fixed size local buffer
httpd-2.4.53/server/util_expr_scan.c:862: High: fixed size local buffer
httpd-2.4.53/server/util_pcre.c:96: High: fixed size local buffer
httpd-2.4.53/server/core.c:3507: High: fixed size local buffer
httpd-2.4.53/server/core.c:4168: High: fixed size local buffer
httpd-2.4.53/server/core.c:4286: High: fixed size local buffer
httpd-2.4.53/server/core.c:5401: High: fixed size local buffer
httpd-2.4.53/server/util_xml.c:42: High: fixed size local buffer
httpd-2.4.53/server/main.c:329: High: fixed size local buffer
httpd-2.4.53/server/main.c:362: High: fixed size local buffer
httpd-2.4.53/server/connection.c:151: High: fixed size local buffer
httpd-2.4.53/server/protocol.c:2175: High: fixed size local buffer
httpd-2.4.53/server/util_expr_parse.c:1061: High: fixed size local buffer
httpd-2.4.53/server/util_expr_parse.c:1297: High: fixed size local buffer
httpd-2.4.53/server/mpm/mpmt_os2/mpmt_os2.c:331: High: fixed size local buffer
httpd-2.4.53/server/mpm/mpmt_os2/mpmt_os2.c:332: High: fixed size local buffer
httpd-2.4.53/server/mpm/prefork/prefork.c:1226: High: fixed size local buffer
httpd-2.4.53/server/mpm/worker/worker.c:1930: High: fixed size local buffer
httpd-2.4.53/server/mpm/event/event.c:1456: High: fixed size local buffer
httpd-2.4.53/server/mpm/winnt/nt_eventlog.c:33: High: fixed size local buffer
httpd-2.4.53/server/mpm/winnt/nt_eventlog.c:35: High: fixed size local buffer
httpd-2.4.53/server/mpm/winnt/child.c:94: High: fixed size local buffer
httpd-2.4.53/server/mpm/winnt/mpm_winnt.c:548: High: fixed size local buffer
httpd-2.4.53/server/mpm/winnt/mpm_winnt.c:1020: High: fixed size local buffer
httpd-2.4.53/server/mpm/winnt/service.c:122: High: fixed size local buffer
httpd-2.4.53/server/mpm/winnt/service.c:564: High: fixed size local buffer
httpd-2.4.53/server/mpm/winnt/service.c:611: High: fixed size local buffer
httpd-2.4.53/server/mpm/winnt/service.c:747: High: fixed size local buffer
httpd-2.4.53/server/config.c:898: High: fixed size local buffer
httpd-2.4.53/server/mpm_unix.c:698: High: fixed size local buffer
httpd-2.4.53/server/mpm_unix.c:873: High: fixed size local buffer
httpd-2.4.53/server/vhost.c:286: High: fixed size local buffer
httpd-2.4.53/server/vhost.c:439: High: fixed size local buffer
httpd-2.4.53/server/vhost.c:587: High: fixed size local buffer
httpd-2.4.53/support/httxt2dbm.c:112: High: fixed size local buffer
httpd-2.4.53/support/htdigest.c:136: High: fixed size local buffer
httpd-2.4.53/support/htdigest.c:137: High: fixed size local buffer
httpd-2.4.53/support/htdigest.c:138: High: fixed size local buffer
httpd-2.4.53/support/htdigest.c:139: High: fixed size local buffer
httpd-2.4.53/support/htdigest.c:199: High: fixed size local buffer
httpd-2.4.53/support/htdigest.c:200: High: fixed size local buffer
httpd-2.4.53/support/htdigest.c:201: High: fixed size local buffer
httpd-2.4.53/support/htdigest.c:202: High: fixed size local buffer
httpd-2.4.53/support/htdigest.c:203: High: fixed size local buffer
httpd-2.4.53/support/htdigest.c:204: High: fixed size local buffer
httpd-2.4.53/support/rotatelogs.c:90: High: fixed size local buffer
httpd-2.4.53/support/rotatelogs.c:276: High: fixed size local buffer
httpd-2.4.53/support/rotatelogs.c:278: High: fixed size local buffer
httpd-2.4.53/support/rotatelogs.c:451: High: fixed size local buffer
httpd-2.4.53/support/rotatelogs.c:563: High: fixed size local buffer
httpd-2.4.53/support/htpasswd.c:76: High: fixed size local buffer
httpd-2.4.53/support/htpasswd.c:282: High: fixed size local buffer
httpd-2.4.53/support/htpasswd.c:287: High: fixed size local buffer
httpd-2.4.53/support/htcacheclean.c:1243: High: fixed size local buffer
httpd-2.4.53/support/htcacheclean.c:1244: High: fixed size local buffer
httpd-2.4.53/support/htcacheclean.c:1247: High: fixed size local buffer
httpd-2.4.53/support/fcgistarter.c:46: High: fixed size local buffer
httpd-2.4.53/support/passwd_common.c:74: High: fixed size local buffer
httpd-2.4.53/support/passwd_common.c:122: High: fixed size local buffer
httpd-2.4.53/support/passwd_common.c:182: High: fixed size local buffer
httpd-2.4.53/support/htdbm.c:249: High: fixed size local buffer
httpd-2.4.53/support/htdbm.c:315: High: fixed size local buffer
httpd-2.4.53/support/suexec.c:281: High: fixed size local buffer
httpd-2.4.53/support/suexec.c:282: High: fixed size local buffer
httpd-2.4.53/support/win32/wintty.c:66: High: fixed size local buffer
httpd-2.4.53/support/win32/wintty.c:84: High: fixed size local buffer
httpd-2.4.53/support/win32/wintty.c:245: High: fixed size local buffer
httpd-2.4.53/support/win32/wintty.c:364: High: fixed size local buffer
httpd-2.4.53/support/ab.c:254: High: fixed size local buffer
httpd-2.4.53/support/ab.c:413: High: fixed size local buffer
httpd-2.4.53/support/ab.c:591: High: fixed size local buffer
httpd-2.4.53/support/ab.c:607: High: fixed size local buffer
httpd-2.4.53/support/ab.c:651: High: fixed size local buffer
httpd-2.4.53/support/ab.c:1183: High: fixed size local buffer
httpd-2.4.53/support/ab.c:1530: High: fixed size local buffer
httpd-2.4.53/support/ab.c:1598: High: fixed size local buffer
httpd-2.4.53/support/ab.c:1933: High: fixed size local buffer
httpd-2.4.53/support/ab.c:1945: High: fixed size local buffer
httpd-2.4.53/support/ab.c:2258: High: fixed size local buffer
httpd-2.4.53/support/ab.c:2291: High: fixed size local buffer
httpd-2.4.53/os/unix/unixd.c:701: High: fixed size local buffer
httpd-2.4.53/os/bs2000/os.c:101: High: fixed size local buffer
httpd-2.4.53/os/win32/ap_regkey.c:269: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_deflate.c:373: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_charset_lite.c:92: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_charset_lite.c:476: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_charset_lite.c:764: High: fixed size local buffer
httpd-2.4.53/modules/filters/sed0.c:205: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_xml2enc.c:445: High: fixed size local buffer
httpd-2.4.53/modules/filters/regexp.c:139: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_proxy_html.c:130: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_ext_filter.c:399: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_ext_filter.c:647: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_ext_filter.c:744: High: fixed size local buffer
httpd-2.4.53/modules/filters/sed1.c:351: High: fixed size local buffer
httpd-2.4.53/modules/filters/sed1.c:714: High: fixed size local buffer
httpd-2.4.53/modules/filters/sed1.c:1004: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_data.c:42: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_data.c:135: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_data.c:136: High: fixed size local buffer
httpd-2.4.53/modules/filters/mod_include.c:507: High: fixed size local buffer
httpd-2.4.53/modules/cluster/mod_heartbeat.c:49: High: fixed size local buffer
httpd-2.4.53/modules/cluster/mod_heartmonitor.c:272: High: fixed size local buffer
httpd-2.4.53/modules/cluster/mod_heartmonitor.c:574: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_util.c:154: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_util.c:380: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_util.c:406: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_log.c:102: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_log.c:132: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_util_ocsp.c:75: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_kernel.c:956: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_kernel.c:1149: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_kernel.c:2049: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_kernel.c:2050: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_scache.c:118: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_scache.c:151: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_io.c:332: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_io.c:1721: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_io.c:2321: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_io.c:2335: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_vars.c:364: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_init.c:1588: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_util_stapling.c:269: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_util_stapling.c:329: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_util_stapling.c:449: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_rand.c:47: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_rand.c:140: High: fixed size local buffer
httpd-2.4.53/modules/ssl/ssl_engine_rand.c:168: High: fixed size local buffer
httpd-2.4.53/modules/loggers/mod_log_config.c:258: High: fixed size local buffer
httpd-2.4.53/modules/loggers/mod_log_config.c:604: High: fixed size local buffer
httpd-2.4.53/modules/loggers/mod_log_config.c:612: High: fixed size local buffer
httpd-2.4.53/modules/loggers/mod_log_config.c:1027: High: fixed size local buffer
httpd-2.4.53/modules/loggers/mod_log_debug.c:202: High: fixed size local buffer
httpd-2.4.53/modules/core/mod_so.c:151: High: fixed size local buffer
httpd-2.4.53/modules/core/mod_so.c:275: High: fixed size local buffer
httpd-2.4.53/modules/core/mod_macro.c:141: High: fixed size local buffer
httpd-2.4.53/modules/core/mod_macro.c:457: High: fixed size local buffer
httpd-2.4.53/modules/proxy/ajp_header.c:51: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy.c:3210: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_connect.c:162: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_scgi.c:179: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:185: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:288: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:381: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:382: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:435: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:812: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:851: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:1004: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:1782: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:1783: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:1784: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:1785: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:1786: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:1787: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ftp.c:1924: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_fcgi.c:60: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_fcgi.c:297: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_fcgi.c:299: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_fcgi.c:328: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_fcgi.c:545: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_fcgi.c:550: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_fcgi.c:1041: High: fixed size local buffer
httpd-2.4.53/modules/proxy/balancers/mod_lbmethod_heartbeat.c:128: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_http.c:84: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_http.c:278: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_http.c:302: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_http.c:1001: High: fixed size local buffer
httpd-2.4.53/modules/proxy/proxy_util.c:143: High: fixed size local buffer
httpd-2.4.53/modules/proxy/proxy_util.c:179: High: fixed size local buffer
httpd-2.4.53/modules/proxy/proxy_util.c:797: High: fixed size local buffer
httpd-2.4.53/modules/proxy/proxy_util.c:1253: High: fixed size local buffer
httpd-2.4.53/modules/proxy/proxy_util.c:2841: High: fixed size local buffer
httpd-2.4.53/modules/proxy/proxy_util.c:2865: High: fixed size local buffer
httpd-2.4.53/modules/proxy/proxy_util.c:2899: High: fixed size local buffer
httpd-2.4.53/modules/proxy/proxy_util.c:2900: High: fixed size local buffer
httpd-2.4.53/modules/proxy/proxy_util.c:2958: High: fixed size local buffer
httpd-2.4.53/modules/proxy/proxy_util.c:3103: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_hcheck.c:696: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_balancer.c:755: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_balancer.c:756: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_balancer.c:757: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_balancer.c:1448: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_balancer.c:1720: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_uwsgi.c:62: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_uwsgi.c:285: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_uwsgi.c:461: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ajp.c:32: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_ajp.c:744: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_wstunnel.c:65: High: fixed size local buffer
httpd-2.4.53/modules/proxy/mod_proxy_wstunnel.c:330: High: fixed size local buffer
httpd-2.4.53/modules/cache/mod_socache_memcache.c:204: High: fixed size local buffer
httpd-2.4.53/modules/cache/mod_socache_memcache.c:236: High: fixed size local buffer
httpd-2.4.53/modules/cache/mod_socache_memcache.c:270: High: fixed size local buffer
httpd-2.4.53/modules/cache/mod_socache_redis.c:217: High: fixed size local buffer
httpd-2.4.53/modules/cache/mod_socache_redis.c:247: High: fixed size local buffer
httpd-2.4.53/modules/cache/mod_socache_redis.c:281: High: fixed size local buffer
httpd-2.4.53/modules/cache/cache_util.c:285: High: fixed size local buffer
httpd-2.4.53/modules/cache/cache_util.c:426: High: fixed size local buffer
httpd-2.4.53/modules/cache/cache_util.c:878: High: fixed size local buffer
httpd-2.4.53/modules/cache/cache_util.c:879: High: fixed size local buffer
httpd-2.4.53/modules/cache/cache_util.c:882: High: fixed size local buffer
httpd-2.4.53/modules/cache/cache_util.c:920: High: fixed size local buffer
httpd-2.4.53/modules/cache/mod_file_cache.c:108: High: fixed size local buffer
httpd-2.4.53/modules/cache/mod_file_cache.c:109: High: fixed size local buffer
httpd-2.4.53/modules/cache/mod_cache_disk.c:715: High: fixed size local buffer
httpd-2.4.53/modules/cache/mod_cache_disk.c:779: High: fixed size local buffer
httpd-2.4.53/modules/ldap/util_ldap_cache_mgr.c:653: High: fixed size local buffer
httpd-2.4.53/modules/ldap/util_ldap_cache_mgr.c:695: High: fixed size local buffer
httpd-2.4.53/modules/ldap/util_ldap_cache_mgr.c:697: High: fixed size local buffer
httpd-2.4.53/modules/ldap/util_ldap_cache.c:82: High: fixed size local buffer
httpd-2.4.53/modules/ldap/util_ldap_cache.c:223: High: fixed size local buffer
httpd-2.4.53/modules/ldap/util_ldap_cache.c:293: High: fixed size local buffer
httpd-2.4.53/modules/debugging/mod_dumpio.c:68: High: fixed size local buffer
httpd-2.4.53/modules/lua/mod_lua.c:782: High: fixed size local buffer
httpd-2.4.53/modules/lua/mod_lua.c:909: High: fixed size local buffer
httpd-2.4.53/modules/lua/lua_passwd.c:50: High: fixed size local buffer
httpd-2.4.53/modules/lua/lua_passwd.c:90: High: fixed size local buffer
httpd-2.4.53/modules/lua/lua_request.c:288: High: fixed size local buffer
httpd-2.4.53/modules/lua/lua_request.c:970: High: fixed size local buffer
httpd-2.4.53/modules/lua/lua_request.c:2067: High: fixed size local buffer
httpd-2.4.53/modules/lua/lua_request.c:2189: High: fixed size local buffer
httpd-2.4.53/modules/lua/lua_request.c:2426: High: fixed size local buffer
httpd-2.4.53/modules/lua/lua_request.c:2495: High: fixed size local buffer
httpd-2.4.53/modules/lua/lua_request.c:2516: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_auth_digest.c:118: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_auth_digest.c:164: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_auth_digest.c:1084: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_auth_digest.c:1427: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authn_socache.c:370: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authn_socache.c:415: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_fcgi.c:271: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_fcgi.c:273: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_fcgi.c:301: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_fcgi.c:494: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_fcgi.c:495: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_fcgi.c:807: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authn_file.c:64: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authn_file.c:119: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_ldap.c:473: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_ldap.c:655: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_ldap.c:803: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_ldap.c:1030: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_ldap.c:1152: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_ldap.c:1280: High: fixed size local buffer
httpd-2.4.53/modules/aaa/mod_authnz_ldap.c:1807: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_push.c:71: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_push.c:484: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_stream.c:176: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_conn_io.c:62: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_request.c:152: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_util.c:1884: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_session.c:214: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_session.c:336: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_session.c:426: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_session.c:588: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_session.c:1000: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_proxy_session.c:264: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_proxy_session.c:342: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_proxy_session.c:464: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_from_h1.c:462: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_from_h1.c:612: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_from_h1.c:805: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_proxy_util.c:657: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_proxy_util.c:955: High: fixed size local buffer
httpd-2.4.53/modules/http2/mod_proxy_http2.c:58: High: fixed size local buffer
httpd-2.4.53/modules/http2/mod_proxy_http2.c:107: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_task.c:56: High: fixed size local buffer
httpd-2.4.53/modules/http2/h2_task.c:338: High: fixed size local buffer
httpd-2.4.53/modules/tls/tls_util.c:70: High: fixed size local buffer
httpd-2.4.53/modules/http/http_etag.c:98: High: fixed size local buffer
httpd-2.4.53/modules/http/http_request.c:244: High: fixed size local buffer
httpd-2.4.53/modules/http/chunk_filter.c:63: High: fixed size local buffer
httpd-2.4.53/modules/http/mod_mime.c:432: High: fixed size local buffer
httpd-2.4.53/modules/arch/netware/mod_nw_ssl.c:113: High: fixed size local buffer
httpd-2.4.53/modules/arch/netware/mod_nw_ssl.c:121: High: fixed size local buffer
httpd-2.4.53/modules/arch/netware/mod_nw_ssl.c:251: High: fixed size local buffer
httpd-2.4.53/modules/arch/netware/mod_nw_ssl.c:869: High: fixed size local buffer
httpd-2.4.53/modules/arch/unix/mod_systemd.c:75: High: fixed size local buffer
httpd-2.4.53/modules/arch/win32/mod_isapi.c:892: High: fixed size local buffer
httpd-2.4.53/modules/arch/win32/mod_win32.c:433: High: fixed size local buffer
httpd-2.4.53/modules/md/md_crypt.c:86: High: fixed size local buffer
httpd-2.4.53/modules/md/md_crypt.c:98: High: fixed size local buffer
httpd-2.4.53/modules/md/md_crypt.c:110: High: fixed size local buffer
httpd-2.4.53/modules/md/md_crypt.c:1821: High: fixed size local buffer
httpd-2.4.53/modules/md/md_status.c:330: High: fixed size local buffer
httpd-2.4.53/modules/md/md_status.c:384: High: fixed size local buffer
httpd-2.4.53/modules/md/mod_md.c:94: High: fixed size local buffer
httpd-2.4.53/modules/md/md_acme_drive.c:657: High: fixed size local buffer
httpd-2.4.53/modules/md/md_result.c:163: High: fixed size local buffer
httpd-2.4.53/modules/md/md_result.c:168: High: fixed size local buffer
httpd-2.4.53/modules/md/md_time.c:56: High: fixed size local buffer
httpd-2.4.53/modules/md/md_time.c:57: High: fixed size local buffer
httpd-2.4.53/modules/md/md_ocsp.c:125: High: fixed size local buffer
httpd-2.4.53/modules/md/md_util.c:466: High: fixed size local buffer
httpd-2.4.53/modules/md/md_util.c:1069: High: fixed size local buffer
httpd-2.4.53/modules/md/mod_md_status.c:206: High: fixed size local buffer
httpd-2.4.53/modules/md/mod_md_status.c:207: High: fixed size local buffer
httpd-2.4.53/modules/md/mod_md_status.c:229: High: fixed size local buffer
httpd-2.4.53/modules/md/mod_md_status.c:230: High: fixed size local buffer
httpd-2.4.53/modules/md/mod_md_status.c:330: High: fixed size local buffer
httpd-2.4.53/modules/md/md_json.c:459: High: fixed size local buffer
httpd-2.4.53/modules/md/md_json.c:1261: High: fixed size local buffer
httpd-2.4.53/modules/mappers/mod_negotiation.c:940: High: fixed size local buffer
httpd-2.4.53/modules/mappers/mod_rewrite.c:737: High: fixed size local buffer
httpd-2.4.53/modules/mappers/mod_rewrite.c:1306: High: fixed size local buffer
httpd-2.4.53/modules/mappers/mod_dir.c:227: High: fixed size local buffer
httpd-2.4.53/modules/mappers/mod_vhost_alias.c:258: High: fixed size local buffer
httpd-2.4.53/modules/mappers/mod_vhost_alias.c:261: High: fixed size local buffer
httpd-2.4.53/modules/mappers/mod_actions.c:54: High: fixed size local buffer
httpd-2.4.53/modules/mappers/mod_imagemap.c:573: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_cgid.c:1074: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_cgid.c:1110: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_cgid.c:1119: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_cgid.c:1610: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_cgid.c:1882: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_autoindex.c:950: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_autoindex.c:1196: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_autoindex.c:1482: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_autoindex.c:1761: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_autoindex.c:1774: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_autoindex.c:1849: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_autoindex.c:1866: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_autoindex.c:2094: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_cgi.c:169: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_cgi.c:205: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_cgi.c:228: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_cgi.c:237: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_cgi.c:935: High: fixed size local buffer
httpd-2.4.53/modules/generators/mod_cgi.c:1157: High: fixed size local buffer
httpd-2.4.53/modules/dav/lock/locks.c:216: High: fixed size local buffer
httpd-2.4.53/modules/dav/lock/locks.c:296: High: fixed size local buffer
httpd-2.4.53/modules/dav/main/util_lock.c:82: High: fixed size local buffer
httpd-2.4.53/modules/dav/fs/repos.c:1933: High: fixed size local buffer
httpd-2.4.53/modules/dav/fs/dbm.c:93: High: fixed size local buffer
httpd-2.4.53/modules/dav/fs/dbm.c:330: High: fixed size local buffer
httpd-2.4.53/modules/dav/fs/lock.c:277: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_ident.c:165: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_ident.c:166: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:159: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:160: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:161: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:167: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:190: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:192: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:193: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:194: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:195: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:196: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:197: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:198: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:200: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:201: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:202: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:203: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:204: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:205: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:589: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:603: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:824: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:917: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:1695: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:1975: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:2049: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_mime_magic.c:2120: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_remoteip.c:84: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_remoteip.c:131: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_remoteip.c:278: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_remoteip.c:323: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_remoteip.c:390: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_remoteip.c:500: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_remoteip.c:775: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_cern_meta.c:210: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_usertrack.c:103: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_unique_id.c:43: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_unique_id.c:213: High: fixed size local buffer
httpd-2.4.53/modules/metadata/mod_headers.c:361: High: fixed size local buffer
httpd-2.4.53/modules/slotmem/mod_slotmem_shm.c:158: High: fixed size local buffer
httpd-2.4.53/modules/slotmem/mod_slotmem_shm.c:204: High: fixed size local buffer
httpd-2.4.53/modules/slotmem/mod_slotmem_shm.c:205: High: fixed size local buffer
httpd-2.4.53/modules/slotmem/mod_slotmem_shm.c:206: High: fixed size local buffer
httpd-2.4.53/modules/session/mod_session_crypto.c:189: High: fixed size local buffer
httpd-2.4.53/modules/session/mod_session_crypto.c:374: High: fixed size local buffer
httpd-2.4.53/modules/session/mod_session_crypto.c:738: High: fixed size local buffer
Extra care should be taken to ensure that character arrays that are allocated
on the stack are used safely.  They are prime targets for buffer overflow
attacks.

httpd-2.4.53/test/pyhttpd/log.py:14: High: compile
httpd-2.4.53/test/pyhttpd/log.py:15: High: compile
httpd-2.4.53/test/pyhttpd/log.py:16: High: compile
httpd-2.4.53/test/pyhttpd/log.py:17: High: compile
httpd-2.4.53/test/modules/http2/env.py:92: High: compile
httpd-2.4.53/test/modules/http2/env.py:93: High: compile
httpd-2.4.53/test/modules/http2/env.py:94: High: compile
httpd-2.4.53/test/modules/http2/env.py:95: High: compile
httpd-2.4.53/test/modules/md/conftest.py:56: High: compile
httpd-2.4.53/test/modules/md/conftest.py:57: High: compile
httpd-2.4.53/test/modules/md/conftest.py:58: High: compile
httpd-2.4.53/test/modules/md/conftest.py:59: High: compile
httpd-2.4.53/test/modules/md/conftest.py:60: High: compile
httpd-2.4.53/test/modules/md/conftest.py:61: High: compile
httpd-2.4.53/test/modules/md/conftest.py:62: High: compile
httpd-2.4.53/test/modules/md/conftest.py:66: High: compile
httpd-2.4.53/test/modules/md/md_env.py:572: High: compile
httpd-2.4.53/test/modules/md/md_env.py:578: High: compile
httpd-2.4.53/test/modules/md/md_env.py:583: High: compile
Argument 1 to this function call should be checked to ensure that it does not
come from an untrusted source without first verifying that it contains nothing
dangerous.

httpd-2.4.53/test/test_limits.c:94: High: getopt
Truncate all input strings to a reasonable length 
before passing them to this function

httpd-2.4.53/test/test_limits.c:123: High: gethostbyname
httpd-2.4.53/modules/arch/netware/mod_nw_ssl.c:196: High: gethostbyname
DNS results can easily be forged by an attacker (or 
arbitrarily set to large values, etc), and should not be trusted.

httpd-2.4.53/test/test_parser.c:67: High: gets
httpd-2.4.53/test/test_find.c:67: High: gets
httpd-2.4.53/test/test_find.c:71: High: gets
Gets is unsafe!! No bounds checking is performed, buffer
      is easily overflowable by user. Use fgets(buf, size, stdin) instead.

httpd-2.4.53/test/time-sem.c:148: High: printf
httpd-2.4.53/server/main.c:132: High: printf
httpd-2.4.53/server/main.c:227: High: printf
httpd-2.4.53/server/main.c:231: High: printf
httpd-2.4.53/server/main.c:235: High: printf
httpd-2.4.53/server/main.c:239: High: printf
httpd-2.4.53/server/main.c:243: High: printf
httpd-2.4.53/server/main.c:247: High: printf
httpd-2.4.53/server/main.c:251: High: printf
httpd-2.4.53/support/htpasswd.c:387: High: printf
httpd-2.4.53/support/win32/wintty.c:142: High: printf
httpd-2.4.53/support/ab.c:958: High: printf
httpd-2.4.53/support/ab.c:973: High: printf
httpd-2.4.53/support/ab.c:975: High: printf
httpd-2.4.53/support/ab.c:977: High: printf
httpd-2.4.53/support/ab.c:1111: High: printf
httpd-2.4.53/support/ab.c:1113: High: printf
httpd-2.4.53/support/ab.c:1115: High: printf
httpd-2.4.53/support/ab.c:1117: High: printf
httpd-2.4.53/support/ab.c:1140: High: printf
httpd-2.4.53/support/ab.c:1141: High: printf
httpd-2.4.53/support/ab.c:1142: High: printf
httpd-2.4.53/support/ab.c:1143: High: printf
httpd-2.4.53/support/ab.c:1155: High: printf
httpd-2.4.53/support/ab.c:1158: High: printf
httpd-2.4.53/support/ab.c:1235: High: printf
httpd-2.4.53/support/ab.c:1261: High: printf
httpd-2.4.53/support/ab.c:1265: High: printf
httpd-2.4.53/support/ab.c:1269: High: printf
httpd-2.4.53/support/ab.c:1323: High: printf
httpd-2.4.53/support/ab.c:1328: High: printf
httpd-2.4.53/support/ab.c:1334: High: printf
Check to be sure that the non-constant format string passed as argument 1 to
this function call does not come from an untrusted source that could have added
formatting characters that the code is not prepared to handle.

httpd-2.4.53/test/cls.c:123: High: sprintf
Check to be sure that the format string passed as argument 2 to this function
call does not come from an untrusted source that could have added formatting
characters that the code is not prepared to handle.  Additionally, the format
string could contain `%s' without precision that could result in a buffer
overflow.

httpd-2.4.53/server/log.c:1118: High: strcpy
httpd-2.4.53/server/request.c:1242: High: strcpy
httpd-2.4.53/server/mpm/winnt/mpm_winnt.c:594: High: strcpy
httpd-2.4.53/server/util_regex.c:177: High: strcpy
httpd-2.4.53/support/htdigest.c:270: High: strcpy
httpd-2.4.53/support/htpasswd.c:425: High: strcpy
httpd-2.4.53/support/ab.c:1913: High: strcpy
httpd-2.4.53/modules/filters/mod_charset_lite.c:494: High: strcpy
httpd-2.4.53/modules/filters/mod_xml2enc.c:298: High: strcpy
httpd-2.4.53/modules/loggers/mod_log_forensic.c:214: High: strcpy
httpd-2.4.53/modules/proxy/mod_proxy.c:994: High: strcpy
httpd-2.4.53/modules/proxy/proxy_util.c:1035: High: strcpy
httpd-2.4.53/modules/proxy/proxy_util.c:1042: High: strcpy
httpd-2.4.53/modules/proxy/proxy_util.c:1048: High: strcpy
httpd-2.4.53/modules/proxy/proxy_util.c:1056: High: strcpy
httpd-2.4.53/modules/proxy/mod_proxy_balancer.c:1154: High: strcpy
httpd-2.4.53/modules/proxy/mod_proxy_balancer.c:1160: High: strcpy
httpd-2.4.53/modules/proxy/mod_proxy_balancer.c:1224: High: strcpy
httpd-2.4.53/modules/proxy/mod_proxy_balancer.c:1230: High: strcpy
httpd-2.4.53/modules/ldap/util_ldap_cache_mgr.c:125: High: strcpy
httpd-2.4.53/modules/aaa/mod_authn_socache.c:276: High: strcpy
httpd-2.4.53/modules/http2/h2_util.c:74: High: strcpy
httpd-2.4.53/modules/http2/h2_proxy_util.c:943: High: strcpy
httpd-2.4.53/modules/tls/tls_cert.c:97: High: strcpy
httpd-2.4.53/modules/tls/tls_cert.c:109: High: strcpy
httpd-2.4.53/modules/arch/netware/mod_nw_ssl.c:555: High: strcpy
httpd-2.4.53/modules/arch/netware/mod_nw_ssl.c:605: High: strcpy
httpd-2.4.53/modules/arch/win32/mod_isapi.c:521: High: strcpy
httpd-2.4.53/modules/arch/win32/mod_isapi.c:524: High: strcpy
httpd-2.4.53/modules/arch/win32/mod_isapi.c:556: High: strcpy
httpd-2.4.53/modules/arch/win32/mod_isapi.c:560: High: strcpy
httpd-2.4.53/modules/arch/win32/mod_isapi.c:580: High: strcpy
httpd-2.4.53/modules/generators/mod_cgid.c:943: High: strcpy
httpd-2.4.53/modules/dav/main/mod_dav.c:1901: High: strcpy
httpd-2.4.53/modules/metadata/mod_remoteip.c:798: High: strcpy
httpd-2.4.53/modules/metadata/mod_headers.c:655: High: strcpy
Check to be sure that argument 2 passed to this function call will not copy
more data than can be handled, resulting in a buffer overflow.

httpd-2.4.53/server/log.c:1124: High: syslog
Truncate all input strings to a reasonable length 
before passing them to this function

httpd-2.4.53/server/log.c:1558: High: strcat
httpd-2.4.53/modules/metadata/mod_headers.c:656: High: strcat
Check to be sure that argument 2 passed to this function call will not copy
more data than can be handled, resulting in a buffer overflow.

httpd-2.4.53/server/util_expr_eval.c:1030: High: getenv
httpd-2.4.53/server/util_expr_eval.c:1036: High: getenv
httpd-2.4.53/server/util_script.c:97: High: getenv
httpd-2.4.53/server/util_script.c:111: High: getenv
httpd-2.4.53/server/util_script.c:216: High: getenv
httpd-2.4.53/server/core.c:1411: High: getenv
httpd-2.4.53/server/mpm/winnt/mpm_winnt.c:1044: High: getenv
httpd-2.4.53/server/config.c:492: High: getenv
httpd-2.4.53/modules/filters/mod_include.c:707: High: getenv
httpd-2.4.53/modules/ssl/ssl_engine_vars.c:335: High: getenv
httpd-2.4.53/modules/ssl/ssl_engine_init.c:451: High: getenv
httpd-2.4.53/modules/arch/netware/mod_nw_ssl.c:1133: High: getenv
httpd-2.4.53/modules/mappers/mod_rewrite.c:1894: High: getenv
httpd-2.4.53/modules/metadata/mod_env.c:99: High: getenv
httpd-2.4.53/modules/slotmem/mod_slotmem_shm.c:288: High: getenv
Environment variables are highly untrustable input. They may be of any length, and contain any data. Do not make any assumptions regarding content or length. If at all possible avoid using them, and if it is necessary, sanitize them and truncate them to a reasonable length.

httpd-2.4.53/server/mpm/winnt/service.c:759: High: fprintf
httpd-2.4.53/server/mpm/winnt/service.c:1209: High: fprintf
httpd-2.4.53/server/mpm/winnt/service.c:1234: High: fprintf
httpd-2.4.53/server/mpm/winnt/service.c:1238: High: fprintf
httpd-2.4.53/support/rotatelogs.c:110: High: fprintf
httpd-2.4.53/support/rotatelogs.c:130: High: fprintf
httpd-2.4.53/support/ab.c:427: High: fprintf
httpd-2.4.53/support/ab.c:438: High: fprintf
httpd-2.4.53/support/ab.c:449: High: fprintf
httpd-2.4.53/support/ab.c:1191: High: fprintf
httpd-2.4.53/support/ab.c:1631: High: fprintf
httpd-2.4.53/support/ab.c:1923: High: fprintf
httpd-2.4.53/support/ab.c:2102: High: fprintf
httpd-2.4.53/support/ab.c:2173: High: fprintf
Check to be sure that the non-constant format string passed as argument 2 to
this function call does not come from an untrusted source that could have added
formatting characters that the code is not prepared to handle.

httpd-2.4.53/server/mpm/winnt/service.c:779: High: wcscpy
Check to be sure that argument 2 passed to this function call will not copy
more data than can be handled, resulting in a buffer overflow.

httpd-2.4.53/support/suexec.c:193: High: vfprintf
Check to be sure that the non-constant format string passed as argument 2 to
this function call does not come from an untrusted source that could have added
formatting characters that the code is not prepared to handle.

httpd-2.4.53/support/suexec.c:628: High: umask
httpd-2.4.53/modules/generators/mod_cgid.c:633: High: umask
httpd-2.4.53/modules/generators/mod_cgid.c:635: High: umask
umask() can easily be used to create files with unsafe priviledges.  It should be set to restrictive values.

httpd-2.4.53/support/win32/wintty.c:269: High: CreateProcess
Many program execution commands under Windows will search
the path for a program if you do not explicitly specify a full path to the 
file. This can allow trojans to be executed instead.  Also, be sure to
specify a file extension, since otherwise multiple extensions will be tried
by the operating system, providing another opportunity for trojans.

httpd-2.4.53/support/win32/wintty.c:269: High: CreateProcess
Argument 3 to this function call should be checked to ensure that it does not
come from an untrusted source without first verifying that it contains nothing
dangerous.

httpd-2.4.53/support/win32/ApacheMonitor.c:235: High: ShellExecute
httpd-2.4.53/support/win32/ApacheMonitor.c:1205: High: ShellExecute
httpd-2.4.53/support/win32/ApacheMonitor.c:1412: High: ShellExecute
Many program execution commands under Windows will search
the path for a program if you do not explicitly specify a full path to the 
file. This can allow trojans to be executed instead.  Also, be sure to
specify a file extension, since otherwise multiple extensions will be tried
by the operating system, providing another opportunity for trojans.

httpd-2.4.53/support/win32/ApacheMonitor.c:351: High: _tcscpy
httpd-2.4.53/support/win32/ApacheMonitor.c:362: High: _tcscpy
httpd-2.4.53/support/win32/ApacheMonitor.c:786: High: _tcscpy
httpd-2.4.53/support/win32/ApacheMonitor.c:801: High: _tcscpy
httpd-2.4.53/support/win32/ApacheMonitor.c:828: High: _tcscpy
httpd-2.4.53/support/win32/ApacheMonitor.c:834: High: _tcscpy
httpd-2.4.53/support/win32/ApacheMonitor.c:876: High: _tcscpy
httpd-2.4.53/support/win32/ApacheMonitor.c:1572: High: _tcscpy
Check to be sure that argument 2 passed to this function call will not copy
more data than can be handled, resulting in a buffer overflow.

httpd-2.4.53/support/win32/ApacheMonitor.c:787: High: _tcscat
httpd-2.4.53/support/win32/ApacheMonitor.c:830: High: _tcscat
httpd-2.4.53/support/win32/ApacheMonitor.c:831: High: _tcscat
Check to be sure that argument 2 passed to this function call will not copy
more data than can be handled, resulting in a buffer overflow.

httpd-2.4.53/support/win32/ApacheMonitor.c:1209: High: WinExec
httpd-2.4.53/support/win32/ApacheMonitor.c:1416: High: WinExec
Many program execution commands under Windows will search
the path for a program if you do not explicitly specify a full path to the 
file. This can allow trojans to be executed instead.  Also, be sure to
specify a file extension, since otherwise multiple extensions will be tried
by the operating system, providing another opportunity for trojans.

httpd-2.4.53/support/win32/ApacheMonitor.c:1275: High: EnterCriticalSection
httpd-2.4.53/support/win32/ApacheMonitor.c:1301: High: EnterCriticalSection
This function can throw exceptions in low memory 
conditions.  Use InitialCriticalSectionAndSpinCount instead.

httpd-2.4.53/os/win32/util_win32.c:95: High: LoadLibrary
LoadLibrary will search several places for a library if
no path is specified, allowing trojan DLL's to be inserted elsewhere even
if the intended DLL is correctly protected from overwriting. Make sure to specify the full path.

httpd-2.4.53/modules/proxy/proxy_util.c:2965: High: sscanf
httpd-2.4.53/modules/ldap/util_ldap_cache_mgr.c:699: High: sscanf
Check to be sure that the format string passed as argument 2 to this function
call does not come from an untrusted source that could have added formatting
characters that the code is not prepared to handle.  Additionally, the format
string could contain `%s' without precision that could result in a buffer
overflow.

httpd-2.4.53/modules/ldap/util_ldap_cache_mgr.c:699: High: sscanf
Check to be sure that the non-constant format string passed as argument 2 to
this function call does not come from an untrusted source that could have added
formatting characters that the code is not prepared to handle.

httpd-2.4.53/modules/aaa/mod_authn_socache.c:277: High: strncat
Consider using strlcat() instead.

httpd-2.4.53/modules/aaa/mod_authn_socache.c:277: High: strncat
Check to be sure that argument 1 passed to this function call will not copy
more data than can be handled, resulting in a buffer overflow.

httpd-2.4.53/test/pyhttpd/env.py:162: Medium: stat
A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists.  This is
the first line where a check has occured.
The following line(s) contain uses that may match up with this check:
163 (chmod)

httpd-2.4.53/test/test_limits.c:190: Medium: read
httpd-2.4.53/server/mpm_unix.c:546: Medium: read
httpd-2.4.53/modules/generators/mod_cgid.c:356: Medium: read
Check buffer boundaries if calling this function in a loop 
and make sure you are not in danger of writing past the allocated space.

httpd-2.4.53/test/modules/tls/htdocs/b.mod-tls.test/resp-jitter.py:7: Medium: seed
Standard random number generators should not be used to 
generate randomness used for security reasons.  For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.

httpd-2.4.53/test/modules/tls/htdocs/b.mod-tls.test/resp-jitter.py:8: Medium: randint
httpd-2.4.53/test/modules/tls/htdocs/b.mod-tls.test/resp-jitter.py:16: Medium: randint
Standard random number generators should not be used to 
generate randomness used for security reasons.  For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.

httpd-2.4.53/test/modules/tls/htdocs/b.mod-tls.test/resp-jitter.py:20: Medium: uniform
Standard random number generators should not be used to 
generate randomness used for security reasons.  For security sensitive randomness a crytographic randomness generator that provides sufficient entropy should be used.

httpd-2.4.53/test/modules/md/md_env.py:374: Medium: lstat
A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists.  This is
the first line where a check has occured.
The following line(s) contain uses that may match up with this check:
302 (open), 378 (listdir)

httpd-2.4.53/server/util.c:3162: Medium: realloc
httpd-2.4.53/server/util_expr_scan.c:2654: Medium: realloc
httpd-2.4.53/modules/filters/mod_proxy_html.c:205: Medium: realloc
Don't use on memory intended to be secure, because the old structure will not be zeroed out.

httpd-2.4.53/server/mpm/mpmt_os2/mpmt_os2_child.c:462: Medium: signal
httpd-2.4.53/server/mpm/mpmt_os2/mpmt_os2.c:361: Medium: signal
When setting signal handlers, do not use the same function to handle multiple signals. There exists the possibility a race condition will result if 2 or more different signals are sent to the process at nearly the same time. Also, when writing signal handlers, it is best to do as little as possible in them. The best strategy is to use the signal handler to set a flag, that another part of the program tests and performs the appropriate action(s) when it is set.
See also: http://razor.bindview.com/publish/papers/signals.txt

httpd-2.4.53/server/mpm/event/event.c:3472: Medium: srand
httpd-2.4.53/support/ab.c:593: Medium: srand
httpd-2.4.53/modules/ssl/ssl_engine_init.c:2326: Medium: srand
Standard random number generators should not be used to 
generate randomness used for security reasons.  For security sensitive 
randomness a crytographic randomness generator that provides sufficient
entropy should be used.

httpd-2.4.53/support/passwd_common.c:228: Medium: crypt
httpd-2.4.53/support/passwd_common.c:240: Medium: crypt
httpd-2.4.53/modules/lua/lua_passwd.c:123: Medium: crypt
httpd-2.4.53/modules/lua/lua_passwd.c:135: Medium: crypt
Standard random number generators should not be used to 
generate randomness used for security reasons.  For security sensitive 
randomness a crytographic randomness generator that provides sufficient
entropy should be used.

httpd-2.4.53/support/suexec.c:574: Medium: lstat
A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists.  This is
the first line where a check has occured.
The following line(s) contain uses that may match up with this check:
672 (execv)

httpd-2.4.53/support/list_hooks.pl:64: Medium: open
The filename argument of open should be carefully checked if it is being created with any user-supplied string as a compontent of it. Strings should be checked for occurences of path backtracking/relative path components (../ as an example), or nulls, which may cause the underlying C call to interpret the filename to open differently than expected. It is also important to make sure that the final filename does not end in a "|", as this will cause the path to be executed.

httpd-2.4.53/support/ab.c:668: Medium: X509_NAME_oneline
httpd-2.4.53/support/ab.c:672: Medium: X509_NAME_oneline
httpd-2.4.53/modules/ssl/ssl_engine_kernel.c:1432: Medium: X509_NAME_oneline
httpd-2.4.53/modules/ssl/ssl_engine_vars.c:457: Medium: X509_NAME_oneline
Allow the function to dynamically allocate the buffer.
If you insist on a fixed buffer, then double check that your buffer is as big
as you specify.

httpd-2.4.53/modules/ssl/ssl_engine_kernel.c:1434: Medium: OPENSSL_free
httpd-2.4.53/modules/ssl/ssl_util_ssl.c:181: Medium: OPENSSL_free
httpd-2.4.53/modules/ssl/ssl_engine_vars.c:459: Medium: OPENSSL_free
httpd-2.4.53/modules/ssl/ssl_engine_vars.c:782: Medium: OPENSSL_free
httpd-2.4.53/modules/md/md_crypt.c:775: Medium: OPENSSL_free
httpd-2.4.53/modules/md/md_crypt.c:1134: Medium: OPENSSL_free
httpd-2.4.53/modules/md/md_crypt.c:1135: Medium: OPENSSL_free
httpd-2.4.53/modules/md/md_crypt.c:1223: Medium: OPENSSL_free
httpd-2.4.53/modules/md/md_crypt.c:1256: Medium: OPENSSL_free
httpd-2.4.53/modules/md/md_ocsp.c:104: Medium: OPENSSL_free
httpd-2.4.53/modules/md/md_ocsp.c:538: Medium: OPENSSL_free
httpd-2.4.53/modules/md/md_ocsp.c:539: Medium: OPENSSL_free
Does the memory need to be cleaned before freeing?

httpd-2.4.53/modules/ssl/ssl_engine_kernel.c:2354: Medium: ERR_error_string
httpd-2.4.53/modules/md/md_crypt.c:633: Medium: ERR_error_string
httpd-2.4.53/modules/md/md_crypt.c:679: Medium: ERR_error_string
Use ERR_error_string_n() instead

Total lines analyzed: 292116
Total time 0.210806 seconds
1385710 lines per second
[user1@fedora ~]$ 



(完)

相關

[研究] RATS 2.4 (靜態程式原始碼掃描工具)(Fedora 36 x64)
https://shaurong.blogspot.com/2022/05/rats-24-fedora-36-x64.html

[研究] RATS 2.1 (靜態程式原始碼掃描工具)(Fedora 10 x86)
http://forum.icst.org.tw/phpbb/viewtopic.php?f=25&t=16051