Home / curl / curl
Repository Analysis

curl/curl

A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, MQTTS, POP3, POP3S, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features

2.0 Likely human-written View on GitHub
2.0
Adjusted Score
2.0
Raw Score
100%
Time Factor
2026-05-28
Last Push
42,015
Stars
C
Language
428,943
Lines of Code
2127
Files
773
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 0HIGH 0MEDIUM 48LOW 725

Pattern Findings

773 matches across 12 categories. Click a row to expand file-level details.

Over-Commented Block648 hits · 632 pts
SeverityFileLineSnippet
LOWCMakeLists.txt1#***************************************************************************
LOWCMakeLists.txt2301 else()
LOWCMakeLists.txt2341 # LIBCURL_PC_CFLAGS_PRIVATE
LOWCMakeLists.txt2381 # CMAKE_MINIMUM_REQUIRED_VERSION
LOWCMakeLists.txt2401 # USE_GNUTLS
LOWappveyor.sh1#!/usr/bin/env bash
LOWappveyor.yml1#***************************************************************************
LOWappveyor.yml141 - '.github/**/*'
LOWCMake/CurlTests.c21 * SPDX-License-Identifier: curl
LOWCMake/CurlTests.c101}
LOWCMake/CurlTests.c201#ifdef HAVE_IOCTL_FIONBIO
LOWCMake/CurlTests.c221 if(0 != ioctl(0, FIONBIO, &flags))
LOWCMake/CurlTests.c241#endif
LOWCMake/CurlTests.c341
LOWCMake/CurlTests.c361{
LOWinclude/curl/mprintf.h41#ifdef __MINGW_PRINTF_FORMAT /* mingw-w64 3.0.0+. Needs stdio.h. */
LOWinclude/curl/curl.h61
LOWinclude/curl/curl.h121
LOWinclude/curl/curl.h681#define CURLE_SSL_PEER_CERTIFICATE CURLE_PEER_FAILED_VERIFICATION
LOWinclude/curl/curl.h701#define CURLE_FTP_QUOTE_ERROR CURLE_QUOTE_ERROR
LOWinclude/curl/curl.h841 /* functionality removed since 8.8.0 */
LOWinclude/curl/curl.h981#define CURLFTPSSL_TRY CURLUSESSL_TRY
LOWinclude/curl/curl.h1081#define CURLPROTO_FTPS (1L << 3)
LOWinclude/curl/curl.h1101#define CURLPROTO_RTMPS (1L << 23)
LOWinclude/curl/curl.h2341#define CURL_RTSPREQ_OPTIONS 1L
LOWinclude/curl/curl.h2361 .netrc is queried. */
LOWinclude/curl/curl.h3181#define CURL_VERSION_NTLM (1<<4) /* NTLM auth is supported */
LOWinclude/curl/curl.h3201#define CURL_VERSION_PSL (1<<20) /* Mozilla's Public Suffix List, used
LOWinclude/curl/system.h61# define CURL_TYPEOF_CURL_OFF_T __int64
LOWinclude/curl/system.h81# endif
LOWinclude/curl/system.h101# endif
LOWinclude/curl/system.h121# ifndef __LP64
LOWinclude/curl/system.h141# define CURL_SUFFIX_CURL_OFF_T i64
LOWinclude/curl/system.h161# define CURL_SUFFIX_CURL_OFF_TU UL
LOWinclude/curl/system.h181#elif defined(__MVS__)
LOWinclude/curl/system.h201# ifdef _LONG_LONG
LOWinclude/curl/system.h221# define CURL_FORMAT_CURL_OFF_T "ld"
LOWinclude/curl/system.h241 defined(__sparcv8plus))
LOWinclude/curl/system.h261# define CURL_TYPEOF_CURL_OFF_T long long
LOWinclude/curl/system.h281# define CURL_FORMAT_CURL_OFF_TU "llu"
LOWinclude/curl/system.h301# include <inttypes.h>
LOWinclude/curl/system.h321 defined(__sparc__) || defined(__mips__) || defined(__sh__) || \
LOWinclude/curl/system.h341# define CURL_FORMAT_CURL_OFF_T "ld"
LOWinclude/curl/system.h361# define CURL_SUFFIX_CURL_OFF_TU ULL
LOWinclude/curl/urlapi.h81 CURLUPART_ZONEID /* added in 7.65.0 */
LOWprojects/OS400/makefile.sh1#!/bin/sh
LOWprojects/OS400/makefile.sh21#
LOWprojects/OS400/initscript.sh1#!/bin/sh
LOWprojects/OS400/initscript.sh101# OS/400 specific definitions.
LOWprojects/OS400/make-tests.sh1#!/bin/sh
LOWprojects/OS400/ccsidcurl.c21 * SPDX-License-Identifier: curl
LOWprojects/OS400/ccsidcurl.c41#include "url.h"
LOWprojects/OS400/make-src.sh1#!/bin/sh
LOWprojects/OS400/make-include.sh1#!/bin/sh
LOWprojects/OS400/make-docs.sh1#!/bin/sh
LOWprojects/OS400/make-docs.sh61# Man page is useless as OS/400 has no man command.
LOWprojects/OS400/os400sys.c21 * SPDX-License-Identifier: curl
LOWprojects/OS400/os400sys.c41#include <errno.h>
LOWprojects/OS400/make-lib.sh1#!/bin/sh
LOWprojects/vms/curl_crtl_init.c281 do_not_set_default("DECC$POSIX_STYLE_UID", TRUE);
588 more matches not shown…
Self-Referential Comments22 hits · 66 pts
SeverityFileLineSnippet
MEDIUMprojects/OS400/makefile.sh50# Create the OS/400 library if it does not exist.
MEDIUMprojects/OS400/makefile.sh58# Create the DOCS source file if it does not exist.
MEDIUMprojects/OS400/makefile.sh88# Create the RPGXAMPLES source file if it does not exist.
MEDIUMprojects/OS400/make-src.sh89# Create the IFS command.
MEDIUMprojects/OS400/make-src.sh101# Create the CL interface program.
MEDIUMprojects/OS400/make-src.sh112# Create the CL command.
MEDIUMprojects/OS400/make-include.sh34# Create the OS/400 source program file for the header files.
MEDIUMprojects/OS400/make-include.sh45# Create the IFS directory for the header files.
MEDIUMprojects/OS400/make-lib.sh120# Create the service program exportation file in DB2 member if needed.
MEDIUMtests/runner.pm25# This module contains entry points to run a single test. runner_init
MEDIUMtests/runner.pm188 # Create a separate process in multiprocess mode
MEDIUMtests/globalconfig.pm25# This module contains global variables used in multiple modules in the test
MEDIUMtests/util.py69 # Create the test filename
MEDIUMtests/servers.pm25# This module contains functions that are useful for managing the lifecycle of
MEDIUMtests/servers.pm176# Create a server socket on a random (unused) port, then close it and
MEDIUMtests/servers.pm194# Initialize configuration variables
MEDIUMtests/devtest.pl69# This function is currently required to be here by servers.pm
MEDIUMtests/ftpserver.pl1146# This function is dumb (so far) and just removes the quotes if present.
MEDIUMtests/testutil.pm25# This module contains miscellaneous functions needed in several parts of
MEDIUMtests/runtests.pl30# The following sections need to be modified:
MEDIUMtests/http/testenv/h2o.py277 # Create a simple test file
MEDIUMtests/libtest/test613.pl47 # Create the files in alphabetical order, to increase the chances
AI Slop Vocabulary15 hits · 48 pts
SeverityFileLineSnippet
MEDIUMtests/runner.pm1103 # Test harness ssh server does not have this synchronization mechanism,
MEDIUMtests/serverhelp.pm70# Just for convenience, test harness uses 'https' and 'httptls' literals as
MEDIUMtests/globalconfig.pm26# harness but not really "owned" by any one.
MEDIUMtests/servers.pm1015# Just for convenience, test harness uses 'https' and 'httptls' literals
MEDIUMtests/devtest.pl27# runtests.pl harness. Do not try to use this unless you know what you are
MEDIUMtests/devtest.pl119# Initialize the test harness to run tests
MEDIUMtests/secureserver.pl27# harness. Actually just a layer that runs stunnel properly using the
MEDIUMtests/secureserver.pl28# non-secure test harness servers.
MEDIUMtests/sshserver.pl26# Starts sshd for use in the SCP and SFTP curl test harness tests.
MEDIUMtests/testcurl.pl753 # build test harness programs for selected cross-compiles
MEDIUMtests/runtests.pl29# are able to run curl but are unable to run the test harness.
MEDIUMtests/runtests.pl740 # Test harness currently uses a non-stunnel server in order to
MEDIUMtests/runtests.pl743 # 'httptls' may be included in the test harness protocols array
MEDIUMtests/runtests.pl745 # harness server.
LOWtests/libtest/test613.pl143 # Unexpected format; just pass it through and let the test fail
Decorative Section Separators10 hits · 36 pts
SeverityFileLineSnippet
MEDIUMprojects/vms/make_gnv_curl_install.sh24#==========================================================================
MEDIUMprojects/vms/gnv_curl_configure.sh22#==========================================================================
MEDIUMtests/ftpserver.pl2946#----------------------------------------------------------------------
MEDIUMtests/ftpserver.pl2947#----------------------------------------------------------------------
MEDIUMtests/ftpserver.pl2949#----------------------------------------------------------------------
MEDIUMtests/ftpserver.pl2950#----------------------------------------------------------------------
MEDIUMscripts/checksrc.pl627 # ------------------------------------------------------------
MEDIUMscripts/checksrc.pl630 # ------------------------------------------------------------
MEDIUMscripts/checksrc.pl656 # ------------------------------------------------------------
MEDIUMscripts/checksrc.pl659 # ------------------------------------------------------------
Unused Imports25 hits · 25 pts
SeverityFileLineSnippet
LOWtests/negtelnetserver.py26
LOWtests/negtelnetserver.py26
LOWtests/negtelnetserver.py26
LOWtests/negtelnetserver.py26
LOWtests/smbserver.py40
LOWtests/dictserver.py29
LOWtests/dictserver.py29
LOWtests/dictserver.py29
LOWtests/dictserver.py29
LOWtests/http/testenv/__init__.py33
LOWtests/http/testenv/__init__.py33
LOWtests/http/testenv/__init__.py33
LOWtests/http/testenv/__init__.py35
LOWtests/http/testenv/__init__.py36
LOWtests/http/testenv/__init__.py36
LOWtests/http/testenv/__init__.py37
LOWtests/http/testenv/__init__.py38
LOWtests/http/testenv/__init__.py39
LOWtests/http/testenv/__init__.py40
LOWtests/http/testenv/__init__.py41
LOWtests/http/testenv/__init__.py42
LOWtests/http/testenv/__init__.py42
LOWtests/http/testenv/__init__.py42
LOWtests/http/testenv/__init__.py43
LOWtests/http/testenv/__init__.py44
Redundant / Tautological Comments13 hits · 20 pts
SeverityFileLineSnippet
LOWprojects/OS400/initscript.sh72# Check if perl available.
LOWprojects/OS400/initscript.sh171# Set LINK to "YES" if the module has been compiled.
LOWprojects/OS400/make-src.sh33# Check if built-in manual can be generated.
LOWtests/test1222.pl170 # Check if paragraph is mentioning deprecation.
LOWtests/test1222.pl288# Print results.
LOWtests/servers.pm268# Check if a given child process has just died. Reaps it if so.
LOWtests/ech_tests.sh284# Check if ports other than 443 are blocked from this
LOWtests/testcurl.pl321# Set timestamp to the UTC this script is running. Its value might
LOWtests/testcurl.pl416 # Set timestamp to the UTC the git update took place.
LOWtests/testcurl.pl439 # Set timestamp to the UTC the git update took place.
LOWtests/testcurl.pl491# Set timestamp to the one in curlver.h if this is not a git test build.
LOWtests/runtests.pl317# Check if we have nghttpx available and if it talks http/3
LOWtests/runtests.pl485# Check if the operating environment supports UTF-8.
Deep Nesting19 hits · 19 pts
SeverityFileLineSnippet
LOWtests/negtelnetserver.py128
LOWtests/negtelnetserver.py173
LOWtests/http/conftest.py42
LOWtests/http/test_02_download.py692
LOWtests/http/test_17_ssl_use.py241
LOWtests/http/scorecard.py739
LOWtests/http/scorecard.py145
LOWtests/http/scorecard.py189
LOWtests/http/scorecard.py231
LOWtests/http/scorecard.py285
LOWtests/http/scorecard.py606
LOWtests/http/scorecard.py669
LOWtests/http/testenv/curl.py213
LOWtests/http/testenv/curl.py401
LOWtests/http/testenv/curl.py1021
LOWtests/http/testenv/curl.py1116
LOWtests/http/testenv/curl.py1184
LOWtests/http/testenv/env.py99
LOWtests/http/testenv/sshd.py116
Excessive Try-Catch Wrapping11 hits · 12 pts
SeverityFileLineSnippet
LOWtests/negtelnetserver.py360 except Exception:
LOWtests/smbserver.py353 except Exception as e:
LOWtests/smbserver.py438 except Exception:
LOWtests/dictserver.py178 except Exception:
LOWtests/http/test_05_errors.py199 except Exception:
MEDIUMtests/http/test_05_errors.py194def accept_and_close():
LOWtests/http/testenv/curl.py240 except Exception:
LOWtests/http/testenv/env.py271 except Exception:
LOWtests/http/testenv/env.py381 except Exception:
LOWtests/http/testenv/ports.py47 except Exception as e:
LOWtests/http/testenv/caddy.py122 except Exception:
Fake / Example Data6 hits · 6 pts
SeverityFileLineSnippet
LOWtests/libtest/lib1507.c59 curl_easy_setopt(curl, CURLOPT_USERNAME, "user@example.com");
LOWdocs/libcurl/opts/CURLOPT_UPLOAD_FLAGS.md100 curl_easy_setopt(curl, CURLOPT_USERNAME, "user@example.com");
LOWdocs/examples/ftpuploadfrommem.c34 "Lorem ipsum dolor sit amet, consectetur adipiscing elit. "
LOWdocs/examples/ftpuploadfrommem.c34 "Lorem ipsum dolor sit amet, consectetur adipiscing elit. "
LOWdocs/examples/post-callback.c35 "Lorem ipsum dolor sit amet, consectetur adipiscing elit. "
LOWdocs/examples/post-callback.c35 "Lorem ipsum dolor sit amet, consectetur adipiscing elit. "
Example Usage Blocks2 hits · 3 pts
SeverityFileLineSnippet
LOWtests/libtest/mk-lib1521.pl28# Usage:
LOWdocs/examples/version-check.pl36# Usage:
Slop Phrases1 hit · 2 pts
SeverityFileLineSnippet
MEDIUMlib/vtls/gtls.c1823 given hostname. This is a basic implementation of the matching described
Hyper-Verbose Identifiers1 hit · 1 pts
SeverityFileLineSnippet
LOWtests/http/testenv/env.py540 def curl_lib_version_at_least(libname: str, min_version) -> bool: