Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cppdb-0.3.1+dfsg/examples/example1.cpp
Examining data/cppdb-0.3.1+dfsg/cppdb/frontend.h
Examining data/cppdb-0.3.1+dfsg/cppdb/numeric_util.h
Examining data/cppdb-0.3.1+dfsg/cppdb/conn_manager.h
Examining data/cppdb-0.3.1+dfsg/cppdb/atomic_counter.h
Examining data/cppdb-0.3.1+dfsg/cppdb/mutex.h
Examining data/cppdb-0.3.1+dfsg/cppdb/shared_object.h
Examining data/cppdb-0.3.1+dfsg/cppdb/connection_specific.h
Examining data/cppdb-0.3.1+dfsg/cppdb/pool.h
Examining data/cppdb-0.3.1+dfsg/cppdb/ref_ptr.h
Examining data/cppdb-0.3.1+dfsg/cppdb/utils.h
Examining data/cppdb-0.3.1+dfsg/cppdb/driver_manager.h
Examining data/cppdb-0.3.1+dfsg/cppdb/backend.h
Examining data/cppdb-0.3.1+dfsg/cppdb/defs.h
Examining data/cppdb-0.3.1+dfsg/cppdb/errors.h
Examining data/cppdb-0.3.1+dfsg/src/frontend.cpp
Examining data/cppdb-0.3.1+dfsg/src/driver_manager.cpp
Examining data/cppdb-0.3.1+dfsg/src/utils.cpp
Examining data/cppdb-0.3.1+dfsg/src/shared_object.cpp
Examining data/cppdb-0.3.1+dfsg/src/pool.cpp
Examining data/cppdb-0.3.1+dfsg/src/backend.cpp
Examining data/cppdb-0.3.1+dfsg/src/conn_manager.cpp
Examining data/cppdb-0.3.1+dfsg/src/mutex.cpp
Examining data/cppdb-0.3.1+dfsg/src/atomic_counter.cpp
Examining data/cppdb-0.3.1+dfsg/test/test_basic.cpp
Examining data/cppdb-0.3.1+dfsg/test/test_perf.cpp
Examining data/cppdb-0.3.1+dfsg/test/dummy_driver.h
Examining data/cppdb-0.3.1+dfsg/test/test.h
Examining data/cppdb-0.3.1+dfsg/test/test_backend.cpp
Examining data/cppdb-0.3.1+dfsg/test/test_caching.cpp
Examining data/cppdb-0.3.1+dfsg/template_header.h
Examining data/cppdb-0.3.1+dfsg/drivers/odbc_backend.cpp
Examining data/cppdb-0.3.1+dfsg/drivers/mysql_backend.cpp
Examining data/cppdb-0.3.1+dfsg/drivers/postgres_backend.cpp
Examining data/cppdb-0.3.1+dfsg/drivers/sqlite3_backend.cpp

FINAL RESULTS:

data/cppdb-0.3.1+dfsg/src/mutex.cpp:35:4:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
			InitializeCriticalSection(impl_);
data/cppdb-0.3.1+dfsg/src/mutex.cpp:44:4:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
			EnterCriticalSection(impl_);
data/cppdb-0.3.1+dfsg/src/shared_object.cpp:30:12:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
				return LoadLibrary(name);
data/cppdb-0.3.1+dfsg/test/test_backend.cpp:369:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		srand(i);
data/cppdb-0.3.1+dfsg/test/test_backend.cpp:384:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		srand(i);
data/cppdb-0.3.1+dfsg/test/test_backend.cpp:417:4:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
			srand(i);
data/cppdb-0.3.1+dfsg/test/test_backend.cpp:433:4:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
			srand(i);
data/cppdb-0.3.1+dfsg/cppdb/backend.h:439:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			virtual connection *open(connection_info const &cs) = 0;
data/cppdb-0.3.1+dfsg/cppdb/backend.h:497:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			backend::connection *open(connection_info const &ci);
data/cppdb-0.3.1+dfsg/cppdb/conn_manager.h:58:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		ref_ptr<backend::connection> open(std::string const &cs);
data/cppdb-0.3.1+dfsg/cppdb/conn_manager.h:62:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		ref_ptr<backend::connection> open(connection_info const &ci);
data/cppdb-0.3.1+dfsg/cppdb/frontend.h:1081:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		void open(connection_info const &ci);
data/cppdb-0.3.1+dfsg/cppdb/frontend.h:1087:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		void open(std::string const &cs);
data/cppdb-0.3.1+dfsg/cppdb/pool.h:68:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		ref_ptr<backend::connection> open();
data/cppdb-0.3.1+dfsg/cppdb/shared_object.h:39:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		static ref_ptr<shared_object> open(std::string const &name);
data/cppdb-0.3.1+dfsg/drivers/mysql_backend.cpp:477:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[128];
data/cppdb-0.3.1+dfsg/drivers/odbc_backend.cpp:161:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char c[4];
data/cppdb-0.3.1+dfsg/drivers/odbc_backend.cpp:848:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char buf[64];
data/cppdb-0.3.1+dfsg/drivers/odbc_backend.cpp:862:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
					char buf[1024];
data/cppdb-0.3.1+dfsg/drivers/postgres_backend.cpp:196:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char buf[4096];
data/cppdb-0.3.1+dfsg/drivers/postgres_backend.cpp:404:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char buf[4096];
data/cppdb-0.3.1+dfsg/src/backend.cpp:338:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			return open(cs);
data/cppdb-0.3.1+dfsg/src/backend.cpp:346:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			connection *c = open(cs);
data/cppdb-0.3.1+dfsg/src/backend.cpp:361:39:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		backend::connection *static_driver::open(connection_info const &ci)
data/cppdb-0.3.1+dfsg/src/conn_manager.cpp:45:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	ref_ptr<backend::connection> connections_manager::open(std::string const &cs)
data/cppdb-0.3.1+dfsg/src/conn_manager.cpp:57:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			return p->open();
data/cppdb-0.3.1+dfsg/src/conn_manager.cpp:61:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			return open(ci);
data/cppdb-0.3.1+dfsg/src/conn_manager.cpp:64:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	ref_ptr<backend::connection> connections_manager::open(connection_info const &ci)
data/cppdb-0.3.1+dfsg/src/conn_manager.cpp:78:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		return p->open();
data/cppdb-0.3.1+dfsg/src/driver_manager.cpp:55:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				so_ = shared_object::open(so_list[i]);
data/cppdb-0.3.1+dfsg/src/driver_manager.cpp:65:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		virtual backend::connection *open(connection_info const &ci)
data/cppdb-0.3.1+dfsg/src/frontend.cpp:493:3:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		open(ci);
data/cppdb-0.3.1+dfsg/src/frontend.cpp:497:3:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		open(cs);
data/cppdb-0.3.1+dfsg/src/frontend.cpp:501:3:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		open(ci);
data/cppdb-0.3.1+dfsg/src/frontend.cpp:506:3:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		open(cs);
data/cppdb-0.3.1+dfsg/src/frontend.cpp:510:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	void session::open(connection_info const &ci)
data/cppdb-0.3.1+dfsg/src/frontend.cpp:512:43:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		conn_ = connections_manager::instance().open(ci);
data/cppdb-0.3.1+dfsg/src/frontend.cpp:514:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	void session::open(std::string const &cs)
data/cppdb-0.3.1+dfsg/src/frontend.cpp:516:43:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		conn_ = connections_manager::instance().open(cs);
data/cppdb-0.3.1+dfsg/src/pool.cpp:56:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	ref_ptr<backend::connection> pool::open()
data/cppdb-0.3.1+dfsg/src/shared_object.cpp:58:40:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	ref_ptr<shared_object> shared_object::open(std::string const &name)
data/cppdb-0.3.1+dfsg/src/utils.cpp:30:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[64]= {0};
data/cppdb-0.3.1+dfsg/test/dummy_driver.h:156:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		connection *open(cppdb::connection_info const &cs)
data/cppdb-0.3.1+dfsg/test/test_basic.cpp:184:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		sql.open(cs);
data/cppdb-0.3.1+dfsg/test/test_caching.cpp:67:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	c1=cm.open("dummy:@pool_size=2;@pool_max_idle=2");
data/cppdb-0.3.1+dfsg/test/test_caching.cpp:69:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	c2=cm.open("dummy:@pool_size=2;@pool_max_idle=2");
data/cppdb-0.3.1+dfsg/test/test_caching.cpp:71:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	c3=cm.open("dummy:@pool_size=2;@pool_max_idle=2");
data/cppdb-0.3.1+dfsg/test/test_caching.cpp:79:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	c3=cm.open("dummy:@pool_size=2;@pool_max_idle=2");
data/cppdb-0.3.1+dfsg/drivers/mysql_backend.cpp:285:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			bind(col,s,s+strlen(s));
data/cppdb-0.3.1+dfsg/drivers/mysql_backend.cpp:874:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			at(col).set(s,s+strlen(s));
data/cppdb-0.3.1+dfsg/drivers/mysql_backend.cpp:1370:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return escape(s,s+strlen(s));
data/cppdb-0.3.1+dfsg/drivers/odbc_backend.cpp:687:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bind(col,s,s+strlen(s));
data/cppdb-0.3.1+dfsg/drivers/odbc_backend.cpp:1146:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return escape(s,s+strlen(s));
data/cppdb-0.3.1+dfsg/drivers/postgres_backend.cpp:370:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				bind(col,s,s+strlen(s));
data/cppdb-0.3.1+dfsg/drivers/postgres_backend.cpp:406:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
							in.read(buf,sizeof(buf));
data/cppdb-0.3.1+dfsg/drivers/postgres_backend.cpp:704:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				return do_escape(s,strlen(s));
data/cppdb-0.3.1+dfsg/drivers/sqlite3_backend.cpp:459:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				return escape(s,s+strlen(s));
data/cppdb-0.3.1+dfsg/src/utils.cpp:37:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if(strlen(v.c_str())!=v.size())

ANALYSIS SUMMARY:

Hits = 58
Lines analyzed = 10632 in approximately 0.64 seconds (16707 lines/second)
Physical Source Lines of Code (SLOC) = 7445
Hits@level = [0]   1 [1]  10 [2]  41 [3]   7 [4]   0 [5]   0
Hits@level+ = [0+]  59 [1+]  58 [2+]  48 [3+]   7 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 7.92478 [1+] 7.79046 [2+] 6.44728 [3+] 0.940228 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.