Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/catch2-2.13.3/examples/000-CatchMain.cpp
Examining data/catch2-2.13.3/examples/010-TestCase.cpp
Examining data/catch2-2.13.3/examples/020-TestCase-1.cpp
Examining data/catch2-2.13.3/examples/020-TestCase-2.cpp
Examining data/catch2-2.13.3/examples/030-Asn-Require-Check.cpp
Examining data/catch2-2.13.3/examples/100-Fix-Section.cpp
Examining data/catch2-2.13.3/examples/110-Fix-ClassFixture.cpp
Examining data/catch2-2.13.3/examples/120-Bdd-ScenarioGivenWhenThen.cpp
Examining data/catch2-2.13.3/examples/200-Rpt-CatchMain.cpp
Examining data/catch2-2.13.3/examples/207-Rpt-TeamCityReporter.cpp
Examining data/catch2-2.13.3/examples/210-Evt-EventListeners.cpp
Examining data/catch2-2.13.3/examples/231-Cfg-OutputStreams.cpp
Examining data/catch2-2.13.3/examples/300-Gen-OwnGenerator.cpp
Examining data/catch2-2.13.3/examples/301-Gen-MapTypeConversion.cpp
Examining data/catch2-2.13.3/examples/302-Gen-Table.cpp
Examining data/catch2-2.13.3/examples/310-Gen-VariablesInGenerators.cpp
Examining data/catch2-2.13.3/examples/311-Gen-CustomCapture.cpp
Examining data/catch2-2.13.3/include/catch.hpp
Examining data/catch2-2.13.3/include/catch_with_main.hpp
Examining data/catch2-2.13.3/include/external/clara.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/catch_benchmark.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/catch_benchmarking_all.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/catch_chronometer.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/catch_clock.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/catch_constructor.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/catch_environment.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/catch_estimate.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/catch_execution_plan.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/catch_optimizer.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/catch_outlier_classification.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/catch_sample_analysis.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/detail/catch_analyse.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/detail/catch_benchmark_function.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/detail/catch_complete_invoke.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/detail/catch_estimate_clock.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/detail/catch_measure.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/detail/catch_repeat.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/detail/catch_run_for_at_least.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/detail/catch_stats.cpp
Examining data/catch2-2.13.3/include/internal/benchmark/detail/catch_stats.hpp
Examining data/catch2-2.13.3/include/internal/benchmark/detail/catch_timing.hpp
Examining data/catch2-2.13.3/include/internal/catch_approx.cpp
Examining data/catch2-2.13.3/include/internal/catch_approx.h
Examining data/catch2-2.13.3/include/internal/catch_assertionhandler.cpp
Examining data/catch2-2.13.3/include/internal/catch_assertionhandler.h
Examining data/catch2-2.13.3/include/internal/catch_assertioninfo.h
Examining data/catch2-2.13.3/include/internal/catch_assertionresult.cpp
Examining data/catch2-2.13.3/include/internal/catch_assertionresult.h
Examining data/catch2-2.13.3/include/internal/catch_capture.hpp
Examining data/catch2-2.13.3/include/internal/catch_capture_matchers.cpp
Examining data/catch2-2.13.3/include/internal/catch_capture_matchers.h
Examining data/catch2-2.13.3/include/internal/catch_clara.h
Examining data/catch2-2.13.3/include/internal/catch_commandline.cpp
Examining data/catch2-2.13.3/include/internal/catch_commandline.h
Examining data/catch2-2.13.3/include/internal/catch_common.cpp
Examining data/catch2-2.13.3/include/internal/catch_common.h
Examining data/catch2-2.13.3/include/internal/catch_compiler_capabilities.h
Examining data/catch2-2.13.3/include/internal/catch_config.cpp
Examining data/catch2-2.13.3/include/internal/catch_config.hpp
Examining data/catch2-2.13.3/include/internal/catch_config_uncaught_exceptions.hpp
Examining data/catch2-2.13.3/include/internal/catch_console_colour.cpp
Examining data/catch2-2.13.3/include/internal/catch_console_colour.h
Examining data/catch2-2.13.3/include/internal/catch_context.cpp
Examining data/catch2-2.13.3/include/internal/catch_context.h
Examining data/catch2-2.13.3/include/internal/catch_debug_console.cpp
Examining data/catch2-2.13.3/include/internal/catch_debug_console.h
Examining data/catch2-2.13.3/include/internal/catch_debugger.cpp
Examining data/catch2-2.13.3/include/internal/catch_debugger.h
Examining data/catch2-2.13.3/include/internal/catch_decomposer.cpp
Examining data/catch2-2.13.3/include/internal/catch_decomposer.h
Examining data/catch2-2.13.3/include/internal/catch_default_main.hpp
Examining data/catch2-2.13.3/include/internal/catch_enforce.cpp
Examining data/catch2-2.13.3/include/internal/catch_enforce.h
Examining data/catch2-2.13.3/include/internal/catch_enum_values_registry.cpp
Examining data/catch2-2.13.3/include/internal/catch_enum_values_registry.h
Examining data/catch2-2.13.3/include/internal/catch_errno_guard.cpp
Examining data/catch2-2.13.3/include/internal/catch_errno_guard.h
Examining data/catch2-2.13.3/include/internal/catch_exception_translator_registry.cpp
Examining data/catch2-2.13.3/include/internal/catch_exception_translator_registry.h
Examining data/catch2-2.13.3/include/internal/catch_external_interfaces.h
Examining data/catch2-2.13.3/include/internal/catch_fatal_condition.cpp
Examining data/catch2-2.13.3/include/internal/catch_fatal_condition.h
Examining data/catch2-2.13.3/include/internal/catch_generators.cpp
Examining data/catch2-2.13.3/include/internal/catch_generators.hpp
Examining data/catch2-2.13.3/include/internal/catch_generators_generic.hpp
Examining data/catch2-2.13.3/include/internal/catch_generators_specific.hpp
Examining data/catch2-2.13.3/include/internal/catch_impl.hpp
Examining data/catch2-2.13.3/include/internal/catch_interfaces_capture.cpp
Examining data/catch2-2.13.3/include/internal/catch_interfaces_capture.h
Examining data/catch2-2.13.3/include/internal/catch_interfaces_config.cpp
Examining data/catch2-2.13.3/include/internal/catch_interfaces_config.h
Examining data/catch2-2.13.3/include/internal/catch_interfaces_enum_values_registry.h
Examining data/catch2-2.13.3/include/internal/catch_interfaces_exception.cpp
Examining data/catch2-2.13.3/include/internal/catch_interfaces_exception.h
Examining data/catch2-2.13.3/include/internal/catch_interfaces_generatortracker.h
Examining data/catch2-2.13.3/include/internal/catch_interfaces_registry_hub.cpp
Examining data/catch2-2.13.3/include/internal/catch_interfaces_registry_hub.h
Examining data/catch2-2.13.3/include/internal/catch_interfaces_reporter.cpp
Examining data/catch2-2.13.3/include/internal/catch_interfaces_reporter.h
Examining data/catch2-2.13.3/include/internal/catch_interfaces_runner.cpp
Examining data/catch2-2.13.3/include/internal/catch_interfaces_runner.h
Examining data/catch2-2.13.3/include/internal/catch_interfaces_tag_alias_registry.h
Examining data/catch2-2.13.3/include/internal/catch_interfaces_testcase.cpp
Examining data/catch2-2.13.3/include/internal/catch_interfaces_testcase.h
Examining data/catch2-2.13.3/include/internal/catch_leak_detector.cpp
Examining data/catch2-2.13.3/include/internal/catch_leak_detector.h
Examining data/catch2-2.13.3/include/internal/catch_list.cpp
Examining data/catch2-2.13.3/include/internal/catch_list.h
Examining data/catch2-2.13.3/include/internal/catch_matchers.cpp
Examining data/catch2-2.13.3/include/internal/catch_matchers.h
Examining data/catch2-2.13.3/include/internal/catch_matchers_exception.cpp
Examining data/catch2-2.13.3/include/internal/catch_matchers_exception.hpp
Examining data/catch2-2.13.3/include/internal/catch_matchers_floating.cpp
Examining data/catch2-2.13.3/include/internal/catch_matchers_floating.h
Examining data/catch2-2.13.3/include/internal/catch_matchers_generic.cpp
Examining data/catch2-2.13.3/include/internal/catch_matchers_generic.hpp
Examining data/catch2-2.13.3/include/internal/catch_matchers_string.cpp
Examining data/catch2-2.13.3/include/internal/catch_matchers_string.h
Examining data/catch2-2.13.3/include/internal/catch_matchers_vector.h
Examining data/catch2-2.13.3/include/internal/catch_message.cpp
Examining data/catch2-2.13.3/include/internal/catch_message.h
Examining data/catch2-2.13.3/include/internal/catch_meta.hpp
Examining data/catch2-2.13.3/include/internal/catch_objc.hpp
Examining data/catch2-2.13.3/include/internal/catch_objc_arc.hpp
Examining data/catch2-2.13.3/include/internal/catch_option.hpp
Examining data/catch2-2.13.3/include/internal/catch_output_redirect.cpp
Examining data/catch2-2.13.3/include/internal/catch_output_redirect.h
Examining data/catch2-2.13.3/include/internal/catch_platform.h
Examining data/catch2-2.13.3/include/internal/catch_polyfills.cpp
Examining data/catch2-2.13.3/include/internal/catch_polyfills.hpp
Examining data/catch2-2.13.3/include/internal/catch_preprocessor.hpp
Examining data/catch2-2.13.3/include/internal/catch_random_number_generator.cpp
Examining data/catch2-2.13.3/include/internal/catch_random_number_generator.h
Examining data/catch2-2.13.3/include/internal/catch_reenable_warnings.h
Examining data/catch2-2.13.3/include/internal/catch_registry_hub.cpp
Examining data/catch2-2.13.3/include/internal/catch_reporter_registrars.hpp
Examining data/catch2-2.13.3/include/internal/catch_reporter_registry.cpp
Examining data/catch2-2.13.3/include/internal/catch_reporter_registry.h
Examining data/catch2-2.13.3/include/internal/catch_result_type.cpp
Examining data/catch2-2.13.3/include/internal/catch_result_type.h
Examining data/catch2-2.13.3/include/internal/catch_run_context.cpp
Examining data/catch2-2.13.3/include/internal/catch_run_context.h
Examining data/catch2-2.13.3/include/internal/catch_section.cpp
Examining data/catch2-2.13.3/include/internal/catch_section.h
Examining data/catch2-2.13.3/include/internal/catch_section_info.cpp
Examining data/catch2-2.13.3/include/internal/catch_section_info.h
Examining data/catch2-2.13.3/include/internal/catch_session.cpp
Examining data/catch2-2.13.3/include/internal/catch_session.h
Examining data/catch2-2.13.3/include/internal/catch_singletons.cpp
Examining data/catch2-2.13.3/include/internal/catch_singletons.hpp
Examining data/catch2-2.13.3/include/internal/catch_startup_exception_registry.cpp
Examining data/catch2-2.13.3/include/internal/catch_startup_exception_registry.h
Examining data/catch2-2.13.3/include/internal/catch_stream.cpp
Examining data/catch2-2.13.3/include/internal/catch_stream.h
Examining data/catch2-2.13.3/include/internal/catch_string_manip.cpp
Examining data/catch2-2.13.3/include/internal/catch_string_manip.h
Examining data/catch2-2.13.3/include/internal/catch_stringref.cpp
Examining data/catch2-2.13.3/include/internal/catch_stringref.h
Examining data/catch2-2.13.3/include/internal/catch_suppress_warnings.h
Examining data/catch2-2.13.3/include/internal/catch_tag_alias.cpp
Examining data/catch2-2.13.3/include/internal/catch_tag_alias.h
Examining data/catch2-2.13.3/include/internal/catch_tag_alias_autoregistrar.cpp
Examining data/catch2-2.13.3/include/internal/catch_tag_alias_autoregistrar.h
Examining data/catch2-2.13.3/include/internal/catch_tag_alias_registry.cpp
Examining data/catch2-2.13.3/include/internal/catch_tag_alias_registry.h
Examining data/catch2-2.13.3/include/internal/catch_test_case_info.cpp
Examining data/catch2-2.13.3/include/internal/catch_test_case_info.h
Examining data/catch2-2.13.3/include/internal/catch_test_case_registry_impl.cpp
Examining data/catch2-2.13.3/include/internal/catch_test_case_registry_impl.h
Examining data/catch2-2.13.3/include/internal/catch_test_case_tracker.cpp
Examining data/catch2-2.13.3/include/internal/catch_test_case_tracker.h
Examining data/catch2-2.13.3/include/internal/catch_test_registry.cpp
Examining data/catch2-2.13.3/include/internal/catch_test_registry.h
Examining data/catch2-2.13.3/include/internal/catch_test_spec.cpp
Examining data/catch2-2.13.3/include/internal/catch_test_spec.h
Examining data/catch2-2.13.3/include/internal/catch_test_spec_parser.cpp
Examining data/catch2-2.13.3/include/internal/catch_test_spec_parser.h
Examining data/catch2-2.13.3/include/internal/catch_text.h
Examining data/catch2-2.13.3/include/internal/catch_timer.cpp
Examining data/catch2-2.13.3/include/internal/catch_timer.h
Examining data/catch2-2.13.3/include/internal/catch_to_string.hpp
Examining data/catch2-2.13.3/include/internal/catch_tostring.cpp
Examining data/catch2-2.13.3/include/internal/catch_tostring.h
Examining data/catch2-2.13.3/include/internal/catch_totals.cpp
Examining data/catch2-2.13.3/include/internal/catch_totals.h
Examining data/catch2-2.13.3/include/internal/catch_uncaught_exceptions.cpp
Examining data/catch2-2.13.3/include/internal/catch_uncaught_exceptions.h
Examining data/catch2-2.13.3/include/internal/catch_user_interfaces.h
Examining data/catch2-2.13.3/include/internal/catch_version.cpp
Examining data/catch2-2.13.3/include/internal/catch_version.h
Examining data/catch2-2.13.3/include/internal/catch_wildcard_pattern.cpp
Examining data/catch2-2.13.3/include/internal/catch_wildcard_pattern.h
Examining data/catch2-2.13.3/include/internal/catch_windows_h_proxy.h
Examining data/catch2-2.13.3/include/internal/catch_xmlwriter.cpp
Examining data/catch2-2.13.3/include/internal/catch_xmlwriter.h
Examining data/catch2-2.13.3/include/reporters/catch_reporter_automake.hpp
Examining data/catch2-2.13.3/include/reporters/catch_reporter_bases.cpp
Examining data/catch2-2.13.3/include/reporters/catch_reporter_bases.hpp
Examining data/catch2-2.13.3/include/reporters/catch_reporter_compact.cpp
Examining data/catch2-2.13.3/include/reporters/catch_reporter_compact.h
Examining data/catch2-2.13.3/include/reporters/catch_reporter_console.cpp
Examining data/catch2-2.13.3/include/reporters/catch_reporter_console.h
Examining data/catch2-2.13.3/include/reporters/catch_reporter_junit.cpp
Examining data/catch2-2.13.3/include/reporters/catch_reporter_junit.h
Examining data/catch2-2.13.3/include/reporters/catch_reporter_listening.cpp
Examining data/catch2-2.13.3/include/reporters/catch_reporter_listening.h
Examining data/catch2-2.13.3/include/reporters/catch_reporter_sonarqube.hpp
Examining data/catch2-2.13.3/include/reporters/catch_reporter_tap.hpp
Examining data/catch2-2.13.3/include/reporters/catch_reporter_teamcity.hpp
Examining data/catch2-2.13.3/include/reporters/catch_reporter_xml.cpp
Examining data/catch2-2.13.3/include/reporters/catch_reporter_xml.h
Examining data/catch2-2.13.3/misc/coverage-helper.cpp
Examining data/catch2-2.13.3/projects/ExtraTests/X01-PrefixedMacros.cpp
Examining data/catch2-2.13.3/projects/ExtraTests/X02-DisabledMacros.cpp
Examining data/catch2-2.13.3/projects/ExtraTests/X03-DisabledExceptions-DefaultHandler.cpp
Examining data/catch2-2.13.3/projects/ExtraTests/X04-DisabledExceptions-CustomHandler.cpp
Examining data/catch2-2.13.3/projects/ExtraTests/X10-FallbackStringifier.cpp
Examining data/catch2-2.13.3/projects/ExtraTests/X11-DisableStringification.cpp
Examining data/catch2-2.13.3/projects/ExtraTests/X12-CustomDebugBreakMacro.cpp
Examining data/catch2-2.13.3/projects/ExtraTests/X20-BenchmarkingMacros.cpp
Examining data/catch2-2.13.3/projects/ExtraTests/X90-WindowsHeaderInclusion.cpp
Examining data/catch2-2.13.3/projects/SelfTest/CompileTimePerfTests/10.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/CompileTimePerfTests/100.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/CompileTimePerfTests/All.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/CmdLine.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/Details.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/GeneratorsImpl.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/InternalBenchmark.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/PartTracker.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/RandomNumberGeneration.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/String.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/StringManip.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/Tag.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/ToString.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/Xml.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/SurrogateCpps/catch_console_colour.cpp
Examining data/catch2-2.13.3/projects/SelfTest/SurrogateCpps/catch_debugger.cpp
Examining data/catch2-2.13.3/projects/SelfTest/SurrogateCpps/catch_interfaces_reporter.cpp
Examining data/catch2-2.13.3/projects/SelfTest/SurrogateCpps/catch_option.cpp
Examining data/catch2-2.13.3/projects/SelfTest/SurrogateCpps/catch_stream.cpp
Examining data/catch2-2.13.3/projects/SelfTest/SurrogateCpps/catch_test_case_tracker.cpp
Examining data/catch2-2.13.3/projects/SelfTest/SurrogateCpps/catch_test_spec.cpp
Examining data/catch2-2.13.3/projects/SelfTest/SurrogateCpps/catch_xmlwriter.cpp
Examining data/catch2-2.13.3/projects/SelfTest/TestMain.cpp
Examining data/catch2-2.13.3/projects/SelfTest/TimingTests/Sleep.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Approx.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/BDD.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Benchmark.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Class.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Compilation.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Condition.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Decomposition.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/EnumToString.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Exception.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Generators.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Matchers.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Message.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Misc.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/ToStringByte.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/ToStringChrono.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/ToStringGeneral.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/ToStringOptional.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/ToStringPair.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/ToStringTuple.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/ToStringVariant.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/ToStringVector.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/ToStringWhich.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/Tricky.tests.cpp
Examining data/catch2-2.13.3/projects/SelfTest/UsageTests/VariadicMacros.tests.cpp
Examining data/catch2-2.13.3/projects/XCode/OCTest/OCTest/CatchOCTestCase.h
Examining data/catch2-2.13.3/projects/XCode/OCTest/OCTest/TestObj.h
Examining data/catch2-2.13.3/single_include/catch2/catch.hpp
Examining data/catch2-2.13.3/single_include/catch2/catch_reporter_automake.hpp
Examining data/catch2-2.13.3/single_include/catch2/catch_reporter_sonarqube.hpp
Examining data/catch2-2.13.3/single_include/catch2/catch_reporter_tap.hpp
Examining data/catch2-2.13.3/single_include/catch2/catch_reporter_teamcity.hpp
Examining data/catch2-2.13.3/third_party/clara.hpp
FINAL RESULTS:
data/catch2-2.13.3/examples/300-Gen-OwnGenerator.cpp:40:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Catch::Generators::GeneratorWrapper<int> random(int low, int high) {
data/catch2-2.13.3/examples/300-Gen-OwnGenerator.cpp:48:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto i = GENERATE(take(100, random(-100, 100)));
data/catch2-2.13.3/examples/310-Gen-VariablesInGenerators.cpp:27:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto number = GENERATE_COPY(take(50, random(std::get<0>(r), std::get<1>(r))));
data/catch2-2.13.3/examples/311-Gen-CustomCapture.cpp:33:44: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return makeGenerators(take(50, random(std::get<0>(r1), std::get<1>(r2))));
data/catch2-2.13.3/include/internal/catch_generators_specific.hpp:69:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(T a, T b) {
data/catch2-2.13.3/include/internal/catch_generators_specific.hpp:78:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(T a, T b) {
data/catch2-2.13.3/include/internal/catch_run_context.cpp:587:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(config.rngSeed());
data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/GeneratorsImpl.tests.cpp:306:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto value = GENERATE(take(10, random(0, 10)));
data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/GeneratorsImpl.tests.cpp:331:43: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto random1 = Catch::Generators::random(0, 1000);
data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/GeneratorsImpl.tests.cpp:332:43: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto random2 = Catch::Generators::random(0, 1000);
data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/GeneratorsImpl.tests.cpp:342:43: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto random1 = Catch::Generators::random(0., 1000.);
data/catch2-2.13.3/projects/SelfTest/IntrospectiveTests/GeneratorsImpl.tests.cpp:343:43: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto random2 = Catch::Generators::random(0., 1000.);
data/catch2-2.13.3/projects/SelfTest/UsageTests/Generators.tests.cpp:185:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto val = GENERATE(take(4, random(0, 1)));
data/catch2-2.13.3/projects/SelfTest/UsageTests/Generators.tests.cpp:191:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto val = GENERATE(take(4, random(0., 1.)));
data/catch2-2.13.3/single_include/catch2/catch.hpp:4641:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(T a, T b) {
data/catch2-2.13.3/single_include/catch2/catch.hpp:4650:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(T a, T b) {
data/catch2-2.13.3/single_include/catch2/catch.hpp:13089:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(config.rngSeed());
data/catch2-2.13.3/include/internal/catch_matchers_floating.cpp:31:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &f, sizeof(f));
data/catch2-2.13.3/include/internal/catch_matchers_floating.cpp:38:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &d, sizeof(d));
data/catch2-2.13.3/include/internal/catch_option.hpp:68:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
alignas(alignof(T)) char storage[sizeof(T)];
data/catch2-2.13.3/include/internal/catch_output_redirect.cpp:70:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/catch2-2.13.3/include/internal/catch_output_redirect.cpp:79:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
m_file = std::tmpfile();
data/catch2-2.13.3/include/internal/catch_output_redirect.cpp:104:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100] = {};
data/catch2-2.13.3/include/internal/catch_output_redirect.h:87:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_buffer[L_tmpnam] = { 0 };
data/catch2-2.13.3/include/internal/catch_run_context.cpp:54:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/catch2-2.13.3/include/internal/catch_session.cpp:220:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **utf8Argv = new char *[ argc ];
data/catch2-2.13.3/include/internal/catch_stream.cpp:31:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/catch2-2.13.3/include/internal/catch_stream.cpp:80:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/catch2-2.13.3/include/internal/catch_test_case_tracker.cpp:119:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TrackerBase::open() {
data/catch2-2.13.3/include/internal/catch_test_case_tracker.cpp:220:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/catch2-2.13.3/include/internal/catch_test_case_tracker.h:139:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/catch2-2.13.3/include/internal/catch_tostring.h:645:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/catch2-2.13.3/include/reporters/catch_reporter_bases.cpp:32:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxDoubleSize];
data/catch2-2.13.3/include/reporters/catch_reporter_bases.cpp:39:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(buffer, "%.3f", duration);
data/catch2-2.13.3/include/reporters/catch_reporter_bases.hpp:265:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/catch2-2.13.3/include/reporters/catch_reporter_console.cpp:288:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/catch2-2.13.3/include/reporters/catch_reporter_console.cpp:322:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tp.open();
data/catch2-2.13.3/include/reporters/catch_reporter_junit.cpp:40:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/catch2-2.13.3/single_include/catch2/catch.hpp:2153:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/catch2-2.13.3/single_include/catch2/catch.hpp:4452:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
alignas(alignof(T)) char storage[sizeof(T)];
data/catch2-2.13.3/single_include/catch2/catch.hpp:5954:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/catch2-2.13.3/single_include/catch2/catch.hpp:7578:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/catch2-2.13.3/single_include/catch2/catch.hpp:11423:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &f, sizeof(f));
data/catch2-2.13.3/single_include/catch2/catch.hpp:11430:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &d, sizeof(d));
data/catch2-2.13.3/single_include/catch2/catch.hpp:11954:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_buffer[L_tmpnam] = { 0 };
data/catch2-2.13.3/single_include/catch2/catch.hpp:12041:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/catch2-2.13.3/single_include/catch2/catch.hpp:12050:23: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
m_file = std::tmpfile();
data/catch2-2.13.3/single_include/catch2/catch.hpp:12074:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100] = {};
data/catch2-2.13.3/single_include/catch2/catch.hpp:12558:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/catch2-2.13.3/single_include/catch2/catch.hpp:13418:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **utf8Argv = new char *[ argc ];
data/catch2-2.13.3/single_include/catch2/catch.hpp:13579:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/catch2-2.13.3/single_include/catch2/catch.hpp:13628:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/catch2-2.13.3/single_include/catch2/catch.hpp:14379:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TrackerBase::open() {
data/catch2-2.13.3/single_include/catch2/catch.hpp:14480:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/catch2-2.13.3/single_include/catch2/catch.hpp:15709:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxDoubleSize];
data/catch2-2.13.3/single_include/catch2/catch.hpp:15716:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(buffer, "%.3f", duration);
data/catch2-2.13.3/single_include/catch2/catch.hpp:16313:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/catch2-2.13.3/single_include/catch2/catch.hpp:16347:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tp.open();
data/catch2-2.13.3/single_include/catch2/catch.hpp:16751:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/catch2-2.13.3/include/internal/catch_matchers_vector.h:137:29: [1] (buffer) is_permutation:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::is_permutation(m_target.begin(), m_target.end(), vec.begin());
data/catch2-2.13.3/include/internal/catch_session.cpp:249:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/catch2-2.13.3/include/internal/catch_session.cpp:254:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/catch2-2.13.3/include/internal/catch_string_manip.cpp:26:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/catch2-2.13.3/include/internal/catch_string_manip.cpp:32:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
data/catch2-2.13.3/include/internal/catch_stringref.cpp:18:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: StringRef( rawChars, static_cast<StringRef::size_type>(std::strlen(rawChars) ) )
data/catch2-2.13.3/projects/SelfTest/UsageTests/Generators.tests.cpp:53:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
REQUIRE(strlen(std::get<0>(data)) == static_cast<size_t>(std::get<1>(data)));
data/catch2-2.13.3/single_include/catch2/catch.hpp:3718:29: [1] (buffer) is_permutation:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::is_permutation(m_target.begin(), m_target.end(), vec.begin());
data/catch2-2.13.3/single_include/catch2/catch.hpp:13447:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/catch2-2.13.3/single_include/catch2/catch.hpp:13452:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/catch2-2.13.3/single_include/catch2/catch.hpp:13751:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/catch2-2.13.3/single_include/catch2/catch.hpp:13757:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
data/catch2-2.13.3/single_include/catch2/catch.hpp:13845:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: StringRef( rawChars, static_cast<StringRef::size_type>(std::strlen(rawChars) ) )
ANALYSIS SUMMARY:
Hits = 72
Lines analyzed = 49003 in approximately 1.10 seconds (44351 lines/second)
Physical Source Lines of Code (SLOC) = 36355
Hits@level = [0] 1 [1] 13 [2] 42 [3] 17 [4] 0 [5] 0
Hits@level+ = [0+] 73 [1+] 72 [2+] 59 [3+] 17 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.00798 [1+] 1.98047 [2+] 1.62289 [3+] 0.467611 [4+] 0 [5+] 0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.