Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/coinor-flopc++-1.0.6/BuildTools/headers/configall_system_msc.h
Examining data/coinor-flopc++-1.0.6/BuildTools/headers/configall_system.h
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_index.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/flopc.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_constraint.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_variable.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_index.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/FlopCppConfig.h
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_set.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_domain.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_domain.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_utilities.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_data.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_boolean.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_constant.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_data.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_model.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_variable.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_expression.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_set.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_constraint.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_model.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_expression.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_constant.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/flopc.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_utilities.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/src/MP_boolean.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/aircraft.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/multiProduct.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/sudoku.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/coex.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/stampl2.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/bid.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/magic.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/stampl.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/cuttingStock.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/train.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/cross.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/coexx.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/ampl.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/gapmin.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/xbsl.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/transport.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/CEPFlopCppModel.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/tap.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/stochbenders.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/examples/mine.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/test/unitTest.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/unittest/TestBed.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/unittest/unitTest.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/unittest/setTest.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/unittest/booleanTest.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/unittest/TestBed.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/unittest/constantTest.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/unittest/indexTest.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/unittest/unitTest.hpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/unittest/TestItem.cpp
Examining data/coinor-flopc++-1.0.6/FlopCpp/unittest/TestItem.hpp
FINAL RESULTS:
data/coinor-flopc++-1.0.6/FlopCpp/unittest/TestItem.cpp:12:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name,itemName);
data/coinor-flopc++-1.0.6/FlopCpp/unittest/TestItem.cpp:75:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fileName,_fileName);
data/coinor-flopc++-1.0.6/FlopCpp/examples/multiProduct.cpp:43:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double random(double min, double max) {
data/coinor-flopc++-1.0.6/FlopCpp/examples/multiProduct.cpp:107:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
supply(i) = random(200,300);
data/coinor-flopc++-1.0.6/FlopCpp/examples/multiProduct.cpp:110:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
demand(i) = random(50,100);
data/coinor-flopc++-1.0.6/FlopCpp/examples/multiProduct.cpp:113:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
cost(i) = random(1,2);
data/coinor-flopc++-1.0.6/FlopCpp/unittest/TestItem.cpp:11:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char[strlen(itemName)+1];
data/coinor-flopc++-1.0.6/FlopCpp/unittest/TestItem.cpp:74:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fileName = new char[strlen(_fileName)+1];
ANALYSIS SUMMARY:
Hits = 8
Lines analyzed = 7693 in approximately 0.42 seconds (18138 lines/second)
Physical Source Lines of Code (SLOC) = 4870
Hits@level = [0] 0 [1] 2 [2] 0 [3] 4 [4] 2 [5] 0
Hits@level+ = [0+] 8 [1+] 8 [2+] 6 [3+] 6 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 1.64271 [1+] 1.64271 [2+] 1.23203 [3+] 1.23203 [4+] 0.410678 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.