<?xml version="1.0" encoding="UTF-8"?>
<functions version="0.1">
	<function name="strcpy" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using strncpy or strlcpy (warning, strncpy is easily misused).  For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="lstrcpy" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="wcscpy" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="_tcscpy" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="_mbscpy" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="StrCpy" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="StrCpyA" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="StrCpyW" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="lstrcpyA" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="lstrcpyW" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="strcpyA" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="strcpyW" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="_tccpy" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="_mbccpy" warning="Does not check for buffer overflows when copying to destination" suggestion="Consider using a function version that stops copying at the end of the buffer. For Microsoft platforms consider using String*Copy, String*CopyEx, or strcpy_s" type="buffer" warning_level="4" />
	<function name="memcpy" warning="Does not check for buffer overflows when copying to destination" suggestion="Make sure destination can always hold the source data" type="buffer" warning_level="2" />
	<function name="CopyMemory" warning="Does not check for buffer overflows when copying to destination" suggestion="Make sure destination can always hold the source data" type="buffer" warning_level="2" />
	<function name="bcopy" warning="Does not check for buffer overflows when copying to destination" suggestion="Make sure destination can always hold the source data" type="buffer" warning_level="2" />
	<function name="strcat" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="lstrcat" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="wcscat" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="_tcscat" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="_mbscat" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="StrCat" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="StrCatA" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="StrCatW" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="lstrcatA" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="lstrcatW" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="StrCatBuffW" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="StrCatBuff" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="StrCatBuffA" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="StrCatChainW" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="strcatA" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="strcatW" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="_tccat" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="_mbccat" warning="Does not check for buffer overflows when concatenating to destination" suggestion="Consider using strncat or strlcat (warning, strncat is easily misused).  For Microsoft platforms consider using String*Cat, String*CatEx, or strcat_s" type="buffer" warning_level="4" />
	<function name="strncpy" warning="Easily used incorrectly; doesn't always \\0-terminate or" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="lstrcpyn" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="wcsncpy" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="_tcsncpy" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="_mbsnbcpy" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="_mbsncpy" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="StrCpyN" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="StrCpyNA" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="StrCpyNW" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="StrNCpy" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="strcpynA" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="StrNCpyA" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="StrNCpyW" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="lstrcpynA" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="lstrcpynW" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="_fstrncpy" warning="Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers" suggestion="For Microsoft platforms consider using String*CopyN, String*CopyNEx, or strncpy_s." type="buffer" warning_level="1" />
	<function name="strncat" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="wcsncat" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="lstrcatn" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="_tcsncat" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="_mbsncat" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="_mbsnbcat" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="StrCatN" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="StrCatNA" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="StrCatNW" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="StrNCat" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="StrNCatA" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="StrNCatW" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="lstrncat" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="lstrcatnA" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="lstrcatnW" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="_fstrncat" warning="Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add)" suggestion="Consider strlcat or automatically resizing strings.  For Microsoft platforms consider using String*CatN, String*CatNEx, or strncat_s" type="buffer" warning_level="1" />
	<function name="strtok" warning="Easily to use incorrectly." suggestion="For Microsoft platforms, consider using strtok_s" type="buffer" warning_level="1" />
	<function name="_tcstok" warning="Easily to use incorrectly." suggestion="For Microsoft platforms, consider using strtok_s" type="buffer" warning_level="1" />
	<function name="wcstok" warning="Easily to use incorrectly." suggestion="For Microsoft platforms, consider using strtok_s" type="buffer" warning_level="1" />
	<function name="_mbstok" warning="Easily to use incorrectly." suggestion="For Microsoft platforms, consider using strtok_s" type="buffer" warning_level="1" />
	<function name="strccpy" warning="Subject to buffer overflow if buffer is not as big as claimed" suggestion="Ensure that destination buffer is sufficiently large." type="buffer" warning_level="1" />
	<function name="strcadd" warning="Subject to buffer overflow if buffer is not as big as claimed" suggestion="Ensure that destination buffer is sufficiently large." type="buffer" warning_level="1" />
	<function name="gets" warning="Does not check for buffer overflows." suggestion="Use fgets() instead or for Microsoft platforms consider using gets_s." type="buffer" warning_level="5" />
	<function name="_getts" warning="Does not check for buffer overflows." suggestion="Use fgets() instead or for Microsoft platforms consider using gets_s." type="buffer" warning_level="5" />
	<function name="_gettws" warning="Does not check for buffer overflows." suggestion="Use fgets() instead or for Microsoft platforms consider using gets_s." type="buffer" warning_level="5" />
	<function name="sprintf" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="swprintf" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="vswprintf" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="_stprintf" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="wnsprintf" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="wnsprintfA" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="wnsprintfW" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="sprintfW" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="sprintfA" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="wsprintf" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="wsprintfW" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="wsprintfA" warning="Does not check for buffer overflows." suggestion="Use snprintf or vsnprintf.  For Microsoft platforms consider using String*Printf, String*PrintfEx, or sprintf_s." type="buffer" warning_level="4" />
	<function name="printf" warning="If format strings can be influenced by an attacker, they can be exploited." suggestion="Use a constant for the format specification." type="format" warning_level="3" />
	<function name="vprintf" warning="If format strings can be influenced by an attacker, they can be exploited." suggestion="Use a constant for the format specification." type="format" warning_level="4" />
	<function name="vwprintf" warning="If format strings can be influenced by an attacker, they can be exploited." suggestion="Use a constant for the format specification." type="format" warning_level="4" />
	<function name="_vtprintf" warning="If format strings can be influenced by an attacker, they can be exploited." suggestion="Use a constant for the format specification." type="format" warning_level="4" />
	<function name="fprintf" warning="If format strings can be influenced by an attacker, they can be exploited." suggestion="Use a constant for the format specification." type="format" warning_level="4" />
	<function name="vfprintf" warning="If format strings can be influenced by an attacker, they can be exploited." suggestion="Use a constant for the format specification." type="format" warning_level="4" />
	<function name="_ftprintf" warning="If format strings can be influenced by an attacker, they can be exploited." suggestion="Use a constant for the format specification." type="format" warning_level="4" />
	<function name="_vftprintf" warning="If format strings can be influenced by an attacker, they can be exploited." suggestion="Use a constant for the format specification." type="format" warning_level="4" />
	<function name="syslog" warning="If syslog's format strings can be influenced by an attacker they can be exploited." suggestion="Use a constant format string for syslog." type="format" warning_level="4" />
	<function name="snprintf" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use a constant for the format specification.  For Microsoft platforms consider using String*Printf, String*PrintfEx, _snprintf_s, or _snwprintf_s" type="format" warning_level="4" />
	<function name="vsnprintf" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use a constant for the format specification.  For Microsoft platforms consider using String*Printf, String*PrintfEx, _snprintf_s, or _snwprintf_s" type="format" warning_level="4" />
	<function name="_snwprintf" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use a constant for the format specification.  For Microsoft platforms consider using String*Printf, String*PrintfEx, _snprintf_s, or _snwprintf_s" type="format" warning_level="4" />
	<function name="_snprintf" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use a constant for the format specification.  For Microsoft platforms consider using String*Printf, String*PrintfEx, _snprintf_s, or _snwprintf_s" type="format" warning_level="4" />
	<function name="_sntprintf" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use a constant for the format specification.  For Microsoft platforms consider using String*Printf, String*PrintfEx, _snprintf_s, or _snwprintf_s" type="format" warning_level="4" />
	<function name="nsprintf" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use a constant for the format specification.  For Microsoft platforms consider using String*Printf, String*PrintfEx, _snprintf_s, or _snwprintf_s" type="format" warning_level="4" />
	<function name="_vsntprintf" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use a constant for the format specification.  For Microsoft platforms consider using String*Printf, String*PrintfEx, _snprintf_s, or _snwprintf_s" type="format" warning_level="4" />
	<function name="wvsprintf" warning="Does not check for buffer overflows." suggestion="Use String*VPrintf, String*VPrintfEx, or _vstprintf_s" type="format" warning_level="4" />
	<function name="wvsprintfA" warning="Does not check for buffer overflows." suggestion="Use String*VPrintf, String*VPrintfEx, or _vstprintf_s" type="format" warning_level="4" />
	<function name="wvsprintfW" warning="Does not check for buffer overflows." suggestion="Use String*VPrintf, String*VPrintfEx, or _vstprintf_s" type="format" warning_level="4" />
	<function name="vsprintf" warning="Does not check for buffer overflows." suggestion="Use String*VPrintf, String*VPrintfEx, or _vstprintf_s" type="format" warning_level="4" />
	<function name="_vstprintf" warning="Does not check for buffer overflows." suggestion="Use String*VPrintf, String*VPrintfEx, or _vstprintf_s" type="format" warning_level="4" />
	<function name="_vsnprintf" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use String*VPrintf, String*VPrintfEx, or vsntprintf_s" type="format" warning_level="4" />
	<function name="_vsnwprintf" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use String*VPrintf, String*VPrintfEx, or vsntprintf_s" type="format" warning_level="4" />
	<function name="wvnsprintf" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use String*VPrintf, String*VPrintfEx, or vsntprintf_s" type="format" warning_level="4" />
	<function name="wvnsprintfA" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use String*VPrintf, String*VPrintfEx, or vsntprintf_s" type="format" warning_level="4" />
	<function name="wvnsprintfW" warning="If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \\0-terminate." suggestion="Use String*VPrintf, String*VPrintfEx, or vsntprintf_s" type="format" warning_level="4" />
	<function name="scanf" warning="The scanf() family's %s operation, without a limit specification, permits buffer overflows." suggestion="Specify a limit to %s, or use a different input function.  For Microsoft platforms consider using sscanf_s." type="buffer" warning_level="4" />
	<function name="vscanf" warning="The scanf() family's %s operation, without a limit specification, permits buffer overflows." suggestion="Specify a limit to %s, or use a different input function.  For Microsoft platforms consider using sscanf_s." type="buffer" warning_level="4" />
	<function name="wscanf" warning="The scanf() family's %s operation, without a limit specification, permits buffer overflows." suggestion="Specify a limit to %s, or use a different input function.  For Microsoft platforms consider using sscanf_s." type="buffer" warning_level="4" />
	<function name="_tscanf" warning="The scanf() family's %s operation, without a limit specification, permits buffer overflows." suggestion="Specify a limit to %s, or use a different input function.  For Microsoft platforms consider using sscanf_s." type="buffer" warning_level="4" />
	<function name="sscanf" warning="The scanf() family's %s operation, without a limit specification, permits buffer overflows." suggestion="Specify a limit to %s, or use a different input function.  For Microsoft platforms consider using sscanf_s." type="buffer" warning_level="4" />
	<function name="swscanf" warning="The scanf() family's %s operation, without a limit specification, permits buffer overflows." suggestion="Specify a limit to %s, or use a different input function.  For Microsoft platforms consider using sscanf_s." type="buffer" warning_level="4" />
	<function name="_stscanf" warning="The scanf() family's %s operation, without a limit specification, permits buffer overflows." suggestion="Specify a limit to %s, or use a different input function.  For Microsoft platforms consider using sscanf_s." type="buffer" warning_level="4" />
	<function name="fscanf" warning="The scanf() family's %s operation, without a limit specification, permits buffer overflows." suggestion="Specify a limit to %s, or use a different input function." type="buffer" warning_level="4" />
	<function name="vsscanf" warning="The scanf() family's %s operation, without a limit specification, permits buffer overflows." suggestion="Specify a limit to %s, or use a different input function." type="buffer" warning_level="4" />
	<function name="vfscanf" warning="The scanf() family's %s operation, without a limit specification, permits buffer overflows." suggestion="Specify a limit to %s, or use a different input function." type="buffer" warning_level="4" />
	<function name="_ftscanf" warning="The scanf() family's %s operation, without a limit specification, permits buffer overflows." suggestion="Specify a limit to %s, or use a different input function." type="buffer" warning_level="4" />
	<function name="snscanf" warning="This function is easy to use impromperly.  Improper pointer math can lead to a buffer overflow." suggestion="For Microsoft platforms consider using the _snscanf_s function instead." type="buffer" warning_level="4" />
	<function name="snwscanf" warning="This function is easy to use impromperly.  Improper pointer math can lead to a buffer overflow." suggestion="For Microsoft platforms consider using the _snscanf_s function instead." type="buffer" warning_level="4" />
	<function name="_sntscanf" warning="This function is easy to use impromperly.  Improper pointer math can lead to a buffer overflow." suggestion="For Microsoft platforms consider using the _snscanf_s function instead." type="buffer" warning_level="4" />
	<function name="strlen" warning="Does not handle strings that are not \\0-terminated (it could cause a crash if unprotected)." suggestion="For Microsoft platforms consider using String*Length or strnlen_s." type="buffer" warning_level="1" />
	<function name="wcslen" warning="Does not handle strings that are not \\0-terminated (it could cause a crash if unprotected)." suggestion="For Microsoft platforms consider using String*Length or strnlen_s." type="buffer" warning_level="1" />
	<function name="_tcslen" warning="Does not handle strings that are not \\0-terminated (it could cause a crash if unprotected)." suggestion="For Microsoft platforms consider using String*Length or strnlen_s." type="buffer" warning_level="1" />
	<function name="_mbslen" warning="Does not handle strings that are not \\0-terminated (it could cause a crash if unprotected)." suggestion="For Microsoft platforms consider using String*Length or strnlen_s." type="buffer" warning_level="1" />	
	<function name="_mbstrlen" warning="Does not handle strings that are not \\0-terminated (it could cause a crash if unprotected)." suggestion="For Microsoft platforms consider using String*Length or strnlen_s." type="buffer" warning_level="1" />
	<function name="StrLen" warning="Does not handle strings that are not \\0-terminated (it could cause a crash if unprotected)." suggestion="For Microsoft platforms consider using String*Length or strnlen_s." type="buffer" warning_level="1" />
	<function name="lstrlen" warning="Does not handle strings that are not \\0-terminated (it could cause a crash if unprotected)." suggestion="For Microsoft platforms consider using String*Length or strnlen_s." type="buffer" warning_level="1" />
	<function name="MultiByteToWideChar" warning="Requires maximum length in CHARACTERS, not bytes." suggestion="" type="buffer" warning_level="2" />
	<function name="streadd" warning="This function does not protect against buffer overflows." suggestion="Ensure the destination has 4 times the size of the source, to leave room for expansion." type="buffer" warning_level="4" />
	<function name="strecpy" warning="This function does not protect against buffer overflows." suggestion="Ensure the destination has 4 times the size of the source, to leave room for expansion." type="buffer" warning_level="4" />
	<function name="strtrns" warning="This function does not protect against buffer overflows." suggestion="Ensure that destination is at least as long as the source." type="buffer" warning_level="3" />
	<function name="realpath" warning="This function does not protect against buffer overflows, and some implementations can overflow internally." suggestion="Ensure that the destination buffer is at least of size MAXPATHLEN, and to protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN." type="buffer" warning_level="3" />
	<function name="getopt" warning="Some older implementations do not protect against internal buffer overflows." suggestion="Check implementation on installation, or limit the size of all string inputs." type="buffer" warning_level="3" />
	<function name="getopt_long" warning="Some older implementations do not protect against internal buffer overflows." suggestion="Check implementation on installation, or limit the size of all string inputs." type="buffer" warning_level="3" />
	<function name="getwd" warning="This does not protect against buffer overflows by itself, so use with caution." suggestion="Use getcwd instead." type="buffer" warning_level="3" />
	<function name="access" warning="This usually indicates a security flaw.  If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition." suggestion="Set up the correct permissions (e.g., using setuid()) and try to open the file directly." type="race" warning_level="4" />
	<function name="chown" warning="This accepts filename arguments; if an attacker can move those files, a race condition results." suggestion="Use fchown( ) instead." type="race" warning_level="5" />
	<function name="chgrp" warning="This accepts filename arguments; if an attacker can move those files, a race condition results." suggestion="Use fchgrp( ) instead." type="race" warning_level="5" />
	<function name="chmod" warning="This accepts filename arguments; if an attacker can move those files, a race condition results." suggestion="Use fchmod( ) instead." type="race" warning_level="5" />
	<function name="vfork" warning="On some old systems, vfork() permits race conditions, and it's very difficult to use correctly." suggestion="Use fork() instead." type="race" warning_level="2" />
	<function name="readlink" warning="This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results.  Also, it does not terminate with ASCII NUL." suggestion="Reconsider approach." type="race" warning_level="5" />
	<function name="tmpfile" warning="Function tmpfile() has a security flaw on some systems (e.g., older System V systems)." suggestion="" type="tmpfile" warning_level="2" />
	<function name="tmpnam" warning="Temporary file race condition." suggestion="" type="tmpfile" warning_level="3" />
	<function name="tempnam" warning="Temporary file race condition." suggestion="" type="tmpfile" warning_level="3" />
	<function name="mktemp" warning="Temporary file race condition." suggestion="" type="tmpfile" warning_level="4" />
	<function name="mkstemp" warning="Potential for temporary file vulnerability in some circumstances.  Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library." suggestion="" type="tmpfile" warning_level="2" />
	<function name="fopen" warning="Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?" suggestion="" type="misc" warning_level="2" />
	<function name="open" warning="Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?" suggestion="" type="misc" warning_level="2" />
	<function name="umask" warning="Ensure that umask is given most restrictive possible setting (e.g., 066 or 077)." suggestion="" type="access" warning_level="1" />
	<function name="GetTempFileName" warning="Temporary file race condition in certain cases (e.g., if run as SYSTEM in many versions of Windows)." suggestion="" type="tmpfile" warning_level="3" />
	<function name="execl" warning="This causes a new program to execute and is difficult to use safely." suggestion="Try using a library call that implements the same functionality if available." type="shell" warning_level="4" />
	<function name="execlp" warning="This causes a new program to execute and is difficult to use safely." suggestion="Try using a library call that implements the same functionality if available." type="shell" warning_level="4" />
	<function name="execle" warning="This causes a new program to execute and is difficult to use safely." suggestion="Try using a library call that implements the same functionality if available." type="shell" warning_level="4" />
	<function name="execv" warning="This causes a new program to execute and is difficult to use safely." suggestion="Try using a library call that implements the same functionality if available." type="shell" warning_level="4" />
	<function name="execvp" warning="This causes a new program to execute and is difficult to use safely." suggestion="Try using a library call that implements the same functionality if available." type="shell" warning_level="4" />
	<function name="system" warning="This causes a new program to execute and is difficult to use safely." suggestion="Try using a library call that implements the same functionality if available." type="shell" warning_level="4" />
	<function name="popen" warning="This causes a new program to execute and is difficult to use safely." suggestion="Try using a library call that implements the same functionality if available." type="shell" warning_level="4" />
	<function name="WinExec" warning="This causes a new program to execute and is difficult to use safely." suggestion="Try using a library call that implements the same functionality if available." type="shell" warning_level="4" />
	<function name="ShellExecute" warning="This causes a new program to execute and is difficult to use safely." suggestion="Try using a library call that implements the same functionality if available." type="shell" warning_level="4" />
	<function name="CreateProcessAsUser" warning="This causes a new process to execute and is difficult to use safely." suggestion="Especially watch out for embedded spaces.  The biggest problem involves 'first' param NULL, second param with embedded space. Windows." type="shell" warning_level="3" />
	<function name="CreateProcessWithLogon" warning="This causes a new process to execute and is difficult to use safely." suggestion="Especially watch out for embedded spaces.  The biggest problem involves 'first' param NULL, second param with embedded space. Windows." type="shell" warning_level="3" />
	<function name="CreateProcess" warning="This causes a new process to execute and is difficult to use safely." suggestion="Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run." type="shell" warning_level="3" />
	<function name="atoi" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)." type="integer" warning_level="2" />
	<function name="atol" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)." type="integer" warning_level="2" />
	<function name="_itoa" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).  For Microsoft platforms, consider using _itoa_s or _itow_s instead." type="integer" warning_level="2" />
	<function name="_itow" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).  For Microsoft platforms, consider using _itoa_s or _itow_s instead." type="integer" warning_level="2" />
	<function name="_i64toa" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).  For Microsoft platforms, consider using _itoa_s or _itow_s instead." type="integer" warning_level="2" />
	<function name="_i64tow" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).  For Microsoft platforms, consider using _itoa_s or _itow_s instead." type="integer" warning_level="2" />
	<function name="_ui64toa" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).  For Microsoft platforms, consider using _itoa_s or _itow_s instead." type="integer" warning_level="2" />
	<function name="_ui64tot" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).  For Microsoft platforms, consider using _itoa_s or _itow_s instead." type="integer" warning_level="2" />
	<function name="_ui64tow" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).  For Microsoft platforms, consider using _itoa_s or _itow_s instead." type="integer" warning_level="2" />
	<function name="_ultoa" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).  For Microsoft platforms, consider using _itoa_s or _itow_s instead." type="integer" warning_level="2" />
	<function name="_ultot" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).  For Microsoft platforms, consider using _itoa_s or _itow_s instead." type="integer" warning_level="2" />
	<function name="_ultow" warning="Unless checked, the resulting number can exceed the expected range." suggestion="If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).  For Microsoft platforms, consider using _itoa_s or _itow_s instead." type="integer" warning_level="2" />
	<function name="drand48" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="erand48" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="jrand48" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="lcong48" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="lrand48" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="mrand48" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="nrand48" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="random" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="seed48" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="setstate" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="srand" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="strfry" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="srandom" warning="This function is not sufficiently random for security-related functions such as key and nonce creation." suggestion="Use a more secure technique for acquiring random values." type="random" warning_level="3" />
	<function name="crypt" warning="Function crypt is a poor one-way hashing algorithm; since it only accepts passwords of 8 characters or less, and only a two-byte salt, it is excessively vulnerable to dictionary attacks given today's faster computing equipment." suggestion="Use a different algorithm, such as SHA-1, with a larger non-repeating salt." type="crypto" warning_level="4" />
	<function name="EVP_des_ecb" warning="DES only supports a 56-bit keysize, which is too small given today's computers." suggestion="Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES." type="crypto" warning_level="4" />
	<function name="EVP_des_cbc" warning="DES only supports a 56-bit keysize, which is too small given today's computers." suggestion="Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES." type="crypto" warning_level="4" />
	<function name="EVP_des_cfb" warning="DES only supports a 56-bit keysize, which is too small given today's computers." suggestion="Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES." type="crypto" warning_level="4" />
	<function name="EVP_des_ofb" warning="DES only supports a 56-bit keysize, which is too small given today's computers." suggestion="Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES." type="crypto" warning_level="4" />
	<function name="EVP_desx_cbc" warning="DES only supports a 56-bit keysize, which is too small given today's computers." suggestion="Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES." type="crypto" warning_level="4" />
	<function name="EVP_rc4_40" warning="These keysizes are too small given today's computers." suggestion="Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES." type="crypto" warning_level="4" />
	<function name="EVP_rc2_40_cbc" warning="These keysizes are too small given today's computers." suggestion="Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES." type="crypto" warning_level="4" />
	<function name="EVP_rc2_64_cbc" warning="These keysizes are too small given today's computers." suggestion="Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES." type="crypto" warning_level="4" />
	<function name="chroot" warning="chroot can be very helpful, but is hard to use correctly." suggestion="Make sure the program immediately chdir('/'), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root." type="misc" warning_level="3" />
	<function name="getenv" warning="Environment variables are untrustable input if they can be set by an attacker.  They can have any content and length, and the same variable can be set more than once." suggestion="Check environment variables carefully before using them." type="buffer" warning_level="1" />
	<function name="curl_getenv" warning="Environment variables are untrustable input if they can be set by an attacker.  They can have any content and length, and the same variable can be set more than once." suggestion="Check environment variables carefully before using them." type="buffer" warning_level="1" />
	<function name="g_get_home_dir" warning="This function is synonymous with getenv('HOME'); it returns untrustable input if the environment can be set by an attacker.  It can have any content and length, and the same variable can be set more than once." suggestion="Check environment variables carefully before using them." type="buffer" warning_level="3" />
	<function name="g_get_tmp_dir" warning="This function is synonymous with getenv('TMP'); it returns untrustable input if the environment can be set by an attacker.  It can have any content and length, and the same variable can be set more than once." suggestion="Check environment variables carefully before using them." type="buffer" warning_level="3" />
	<function name="RpcImpersonateClient" warning="If this call fails, the program could fail to drop heightened privileges." suggestion="Make sure the return value is checked, and do not continue if a failure is reported." type="access" warning_level="4" />
	<function name="ImpersonateLoggedOnUser" warning="If this call fails, the program could fail to drop heightened privileges." suggestion="Make sure the return value is checked, and do not continue if a failure is reported." type="access" warning_level="4" />
	<function name="CoImpersonateClient" warning="If this call fails, the program could fail to drop heightened privileges." suggestion="Make sure the return value is checked, and do not continue if a failure is reported." type="access" warning_level="4" />
	<function name="ImpersonateNamedPipeClient" warning="If this call fails, the program could fail to drop heightened privileges." suggestion="Make sure the return value is checked, and do not continue if a failure is reported." type="access" warning_level="4" />
	<function name="ImpersonateDdeClientWindow" warning="If this call fails, the program could fail to drop heightened privileges." suggestion="Make sure the return value is checked, and do not continue if a failure is reported." type="access" warning_level="4" />
	<function name="ImpersonateSecurityContext" warning="If this call fails, the program could fail to drop heightened privileges." suggestion="Make sure the return value is checked, and do not continue if a failure is reported." type="access" warning_level="4" />
	<function name="SetThreadToken" warning="If this call fails, the program could fail to drop heightened privileges." suggestion="Make sure the return value is checked, and do not continue if a failure is reported." type="access" warning_level="4" />
	<function name="InitializeCriticalSection" warning="Exceptions can be thrown in low-memory situations." suggestion="Use InitializeCriticalSectionAndSpinCount instead." type="misc" warning_level="3" />
	<function name="EnterCriticalSection" warning="On some versions of Windows, exceptions can be thrown in low-memory situations." suggestion="Use InitializeCriticalSectionAndSpinCount instead." type="misc" warning_level="3" />
	<function name="LoadLibrary" warning="Ensure that the full path to the library is specified, or current directory may be used." suggestion="Use registry entry or GetWindowsDirectory to find library path, if you aren't already." type="misc" warning_level="3" />
	<function name="LoadLibraryEx" warning="Ensure that the full path to the library is specified, or current directory may be used." suggestion="Use registry entry or GetWindowsDirectory to find library path, if you aren't already." type="misc" warning_level="3" />
	<function name="SetSecurityDescriptorDacl" warning="Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access" suggestion="" type="misc" warning_level="5" />
	<function name="AddAccessAllowedAce" warning="This doesn't set the inheritance bits in the access control entry (ACE) header." suggestion="Make sure that you set inheritance by hand if you wish it to inherit." type="misc" warning_level="3" />
	<function name="getlogin" warning="It's often easy to fool getlogin.  Sometimes it does not work at all, because some program messed up the utmp file.  Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it.  Avoid getlogin() for security-related purposes." suggestion="Use getpwuid(geteuid()) and extract the desired information instead." type="misc" warning_level="4" />
	<function name="cuserid" warning="Exactly what cuserid() does is poorly defined (e.g., some systems use the effective uid, like Linux, while others like System V use the real uid). Thus, you can't trust what it does. It's certainly not portable (The cuserid function was included in the 1988 version of POSIX, but removed from the 1990 version).  Also, if passed a non-null parameter, there's a risk of a buffer overflow if the passed-in buffer is not at least L_cuserid characters long." suggestion="Use getpwuid(geteuid()) and extract the desired information instead." type="misc" warning_level="4" />
	<function name="getpw" warning="This function is dangerous; it may overflow the provided buffer. It extracts data from a 'protected' area, but most systems have many commands to let users modify the protected area, and it's not always clear what their limits are.  Best to avoid using this function altogether." suggestion="Use getpwuid() instead." type="buffer" warning_level="4" />
	<function name="getpass" warning="This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2.  What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.)." suggestion="Make the specific calls to do exactly what you want.  If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space." type="misc" warning_level="4" />
	<function name="gsignal" warning="These functions are considered obsolete on most systems, and very non-portable (Linux-based systems handle them radically different, basically if gsignal/ssignal were the same as raise/signal respectively, while System V considers them a separate set and obsolete)." suggestion="Switch to raise/signal, or some other signalling approach." type="obsolete" warning_level="2" />
	<function name="ssignal" warning="These functions are considered obsolete on most systems, and very non-portable (Linux-based systems handle them radically different, basically if gsignal/ssignal were the same as raise/signal respectively, while System V considers them a separate set and obsolete)." suggestion="Switch to raise/signal, or some other signalling approach." type="obsolete" warning_level="2" />
	<function name="memalign" warning="On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable.  Also note that memalign() may not check that the boundary parameter is correct." suggestion="Use posix_memalign instead (defined in POSIX's 1003.1d).  Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3.  In some cases, malloc()'s alignment may be sufficient." type="free" warning_level="1" />
	<function name="ulimit" warning="This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete)." suggestion="Use getrlimit(2), setrlimit(2), and sysconf(3) instead." type="obsolete" warning_level="1" />
	<function name="usleep" warning="This C routine is considered obsolete (as opposed to the shell command by the same name).   The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified." suggestion="Use nanosleep(2) or setitimer(2) instead." type="obsolete" warning_level="1" />
	<function name="recv" warning="Function accepts input from outside program." suggestion="Make sure input data is filtered, especially if an attacker could manipulate it." type="input" warning_level="0" />
	<function name="recvfrom" warning="Function accepts input from outside program." suggestion="Make sure input data is filtered, especially if an attacker could manipulate it." type="input" warning_level="0" />
	<function name="recvmsg" warning="Function accepts input from outside program." suggestion="Make sure input data is filtered, especially if an attacker could manipulate it." type="input" warning_level="0" />
	<function name="fread" warning="Function accepts input from outside program." suggestion="Make sure input data is filtered, especially if an attacker could manipulate it." type="input" warning_level="0" />
	<function name="readv" warning="Function accepts input from outside program." suggestion="Make sure input data is filtered, especially if an attacker could manipulate it." type="input" warning_level="0" />
	<function name="Makepath" warning="This function is dangerous; it may overflow the provided buffer." suggestion="Consider replacing this function with _makepath_s." type="buffer" warning_level="4" />
	<function name="_tmakepath" warning="This function is dangerous; it may overflow the provided buffer." suggestion="Consider replacing this function with _makepath_s." type="buffer" warning_level="4" />
	<function name="_makepath" warning="This function is dangerous; it may overflow the provided buffer." suggestion="Consider replacing this function with _makepath_s." type="buffer" warning_level="4" />
	<function name="_wmakepath" warning="This function is dangerous; it may overflow the provided buffer." suggestion="Consider replacing this function with _makepath_s." type="buffer" warning_level="4" />
	<function name="_splitpath" warning="This function is dangerous; it may overflow the provided buffer." suggestion="Consider replacing this function with _splitpath_s." type="buffer" warning_level="4" />
	<function name="_tsplitpath" warning="This function is dangerous; it may overflow the provided buffer." suggestion="Consider replacing this function with _splitpath_s." type="buffer" warning_level="4" />
	<function name="_wsplitpath" warning="This function is dangerous; it may overflow the provided buffer." suggestion="Consider replacing this function with _splitpath_s." type="buffer" warning_level="4" />
	<function name="IsBadWritePtr" warning="This function can mask errors, and there are no replacement functions. You should rewrite the code to avoid using these APIs. If you need to avoid a crash, wrap your usage of the pointer with __try/__except. Doing this can easily hide bugs; you should do this only in areas where it is absolutely critical to avoid a crash (such as crash recovery code) and where you have a reasonable explanation for why the data you're looking at might be invalid. You should also not catch all exceptions, but only types that you know about. Catching all exceptions is just as bad as using IsBad*Ptr." suggestion="For IsBadWritePtr, filling the destination buffer using memset is a preferred way to validate that output buffers are valid and large enough to hold the amount of space that the caller claims they provided." type="pointer" warning_level="3" />
	<function name="IsBadHugeWritePtr" warning="This function can mask errors, and there are no replacement functions. You should rewrite the code to avoid using these APIs. If you need to avoid a crash, wrap your usage of the pointer with __try/__except. Doing this can easily hide bugs; you should do this only in areas where it is absolutely critical to avoid a crash (such as crash recovery code) and where you have a reasonable explanation for why the data you're looking at might be invalid. You should also not catch all exceptions, but only types that you know about. Catching all exceptions is just as bad as using IsBad*Ptr." suggestion="" type="pointer" warning_level="3" />
	<function name="IsBadReadPtr" warning="This function can mask errors, and there are no replacement functions. You should rewrite the code to avoid using these APIs. If you need to avoid a crash, wrap your usage of the pointer with __try/__except. Doing this can easily hide bugs; you should do this only in areas where it is absolutely critical to avoid a crash (such as crash recovery code) and where you have a reasonable explanation for why the data you're looking at might be invalid. You should also not catch all exceptions, but only types that you know about. Catching all exceptions is just as bad as using IsBad*Ptr." suggestion="" type="pointer" warning_level="3" />
	<function name="IsBadHugeReadPtr" warning="This function can mask errors, and there are no replacement functions. You should rewrite the code to avoid using these APIs. If you need to avoid a crash, wrap your usage of the pointer with __try/__except. Doing this can easily hide bugs; you should do this only in areas where it is absolutely critical to avoid a crash (such as crash recovery code) and where you have a reasonable explanation for why the data you're looking at might be invalid. You should also not catch all exceptions, but only types that you know about. Catching all exceptions is just as bad as using IsBad*Ptr." suggestion="" type="pointer" warning_level="3" />
	<function name="IsBadCodePtr" warning="This function can mask errors, and there are no replacement functions. You should rewrite the code to avoid using these APIs. If you need to avoid a crash, wrap your usage of the pointer with __try/__except. Doing this can easily hide bugs; you should do this only in areas where it is absolutely critical to avoid a crash (such as crash recovery code) and where you have a reasonable explanation for why the data you're looking at might be invalid. You should also not catch all exceptions, but only types that you know about. Catching all exceptions is just as bad as using IsBad*Ptr." suggestion="" type="pointer" warning_level="3" />
	<function name="IsBadStringPtr" warning="This function can mask errors, and there are no replacement functions. You should rewrite the code to avoid using these APIs. If you need to avoid a crash, wrap your usage of the pointer with __try/__except. Doing this can easily hide bugs; you should do this only in areas where it is absolutely critical to avoid a crash (such as crash recovery code) and where you have a reasonable explanation for why the data you're looking at might be invalid. You should also not catch all exceptions, but only types that you know about. Catching all exceptions is just as bad as using IsBad*Ptr." suggestion="" type="pointer" warning_level="3" />
	<function name="CharToOem" warning="This function coverts and copies data without regard for the destination buffer size." suggestion="Consider replacing this function with WideCharToMultiByte" type="buffer" warning_level="4" />
	<function name="CharToOemA" warning="This function coverts and copies data without regard for the destination buffer size." suggestion="Consider replacing this function with WideCharToMultiByte" type="buffer" warning_level="4" />
	<function name="CharToOemW" warning="This function coverts and copies data without regard for the destination buffer size." suggestion="Consider replacing this function with WideCharToMultiByte" type="buffer" warning_level="4" />
	<function name="OemToChar" warning="This function coverts and copies data without regard for the destination buffer size." suggestion="Consider replacing this function with WideCharToMultiByte" type="buffer" warning_level="4" />
	<function name="OemToCharA" warning="This function coverts and copies data without regard for the destination buffer size." suggestion="Consider replacing this function with WideCharToMultiByte" type="buffer" warning_level="4" />
	<function name="OemToCharW" warning="This function coverts and copies data without regard for the destination buffer size." suggestion="Consider replacing this function with WideCharToMultiByte" type="buffer" warning_level="4" />
	<function name="CharToOemBuffA" warning="This function coverts and copies data without regard for the destination buffer size." suggestion="Consider replacing this function with WideCharToMultiByte" type="buffer" warning_level="4" />
	<function name="CharToOemBuffW" warning="This function coverts and copies data without regard for the destination buffer size." suggestion="Consider replacing this function with WideCharToMultiByte" type="buffer" warning_level="4" />
	<function name="alloca" warning="alloca may fail in low memory conditions." suggestion="Consider replacing with WideChar" type="pointers" warning_level="3" />
	<function name="_alloca" warning="alloca may fail in low memory conditions." suggestion="Consider replacing with WideChar" type="pointers" warning_level="3" />
</functions>


