Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dune-istl-2.7.0/dune/istl/eigenvalue/test/cond2test.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/amgtest.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/fastamg.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/galerkintest.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/graphtest.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/hierarchytest.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/kamgtest.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/pamgmmtest.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/parallelamgtest.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadamgtest.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadtwoleveltest.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/transfertest.cc Examining data/dune-istl-2.7.0/dune/istl/paamg/test/twolevelmethodtest.cc Examining data/dune-istl-2.7.0/dune/istl/test/bcrsassigntest.cc Examining data/dune-istl-2.7.0/dune/istl/test/bcrsbuild.cc Examining data/dune-istl-2.7.0/dune/istl/test/bcrsimplicitbuild.cc Examining data/dune-istl-2.7.0/dune/istl/test/bcrsmatrixtest.cc Examining data/dune-istl-2.7.0/dune/istl/test/bcrsnormtest.cc Examining data/dune-istl-2.7.0/dune/istl/test/bvectortest.cc Examining data/dune-istl-2.7.0/dune/istl/test/cgconditiontest.cc Examining data/dune-istl-2.7.0/dune/istl/test/cholmodtest.cc Examining data/dune-istl-2.7.0/dune/istl/test/complexmatrixtest.cc Examining data/dune-istl-2.7.0/dune/istl/test/complexrhstest.cc Examining data/dune-istl-2.7.0/dune/istl/test/dotproducttest.cc Examining data/dune-istl-2.7.0/dune/istl/test/fieldvectortest.cc Examining data/dune-istl-2.7.0/dune/istl/test/iluildltest.cc Examining data/dune-istl-2.7.0/dune/istl/test/inverseoperator2prectest.cc Examining data/dune-istl-2.7.0/dune/istl/test/iotest.cc Examining data/dune-istl-2.7.0/dune/istl/test/ldltest.cc Examining data/dune-istl-2.7.0/dune/istl/test/matrixiteratortest.cc Examining data/dune-istl-2.7.0/dune/istl/test/matrixmarkettest.cc Examining data/dune-istl-2.7.0/dune/istl/test/matrixnormtest.cc Examining data/dune-istl-2.7.0/dune/istl/test/matrixredisttest.cc Examining data/dune-istl-2.7.0/dune/istl/test/matrixtest.cc Examining data/dune-istl-2.7.0/dune/istl/test/matrixutilstest.cc Examining data/dune-istl-2.7.0/dune/istl/test/mmtest.cc Examining data/dune-istl-2.7.0/dune/istl/test/multirhstest.cc Examining data/dune-istl-2.7.0/dune/istl/test/multitypeblockmatrixtest.cc Examining data/dune-istl-2.7.0/dune/istl/test/multitypeblockvectortest.cc Examining data/dune-istl-2.7.0/dune/istl/test/mv.cc Examining data/dune-istl-2.7.0/dune/istl/test/overlappingschwarztest.cc Examining data/dune-istl-2.7.0/dune/istl/test/preconditionerstest.cc Examining data/dune-istl-2.7.0/dune/istl/test/registrytest.cc Examining data/dune-istl-2.7.0/dune/istl/test/scalarproductstest.cc Examining data/dune-istl-2.7.0/dune/istl/test/scaledidmatrixtest.cc Examining data/dune-istl-2.7.0/dune/istl/test/solveraborttest.cc Examining data/dune-istl-2.7.0/dune/istl/test/solvertest.cc Examining data/dune-istl-2.7.0/dune/istl/test/spqrtest.cc Examining data/dune-istl-2.7.0/dune/istl/test/superlutest.cc Examining data/dune-istl-2.7.0/dune/istl/test/umfpacktest.cc Examining data/dune-istl-2.7.0/dune/istl/test/vbvectortest.cc Examining data/dune-istl-2.7.0/dune/istl/test/vectorcommtest.cc FINAL RESULTS: data/dune-istl-2.7.0/dune/istl/paamg/test/amgtest.cc:69:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)std::clock()); data/dune-istl-2.7.0/dune/istl/paamg/test/fastamg.cc:31:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)std::clock()); data/dune-istl-2.7.0/dune/istl/paamg/test/kamgtest.cc:45:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)std::clock()); data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadamgtest.cc:54:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)std::clock()); data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadtwoleveltest.cc:19:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)std::clock()); data/dune-istl-2.7.0/dune/istl/paamg/test/twolevelmethodtest.cc:17:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)std::clock()); data/dune-istl-2.7.0/dune/istl/test/bcrsassigntest.cc:11:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Mat A(1,1, Mat::random); data/dune-istl-2.7.0/dune/istl/test/bcrsassigntest.cc:22:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Mat B(2,2, Mat::random); data/dune-istl-2.7.0/dune/istl/test/bcrsbuild.cc:41:72: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Dune::BCRSMatrix<B,A> matrix( rows, cols, Dune::BCRSMatrix<B,A>::random ); data/dune-istl-2.7.0/dune/istl/test/bcrsimplicitbuild.cc:113:47: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ScalarMatrix m(10,10,1,-1.0,ScalarMatrix::random); data/dune-istl-2.7.0/dune/istl/test/bcrsnormtest.cc:40:63: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. auto m = std::make_shared<GlobalMatrix>(3, 3, GlobalMatrix::random); data/dune-istl-2.7.0/dune/istl/test/matrixiteratortest.cc:31:94: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BCRSMatrix<FieldMatrix<double,1,1> > bcrsMatrix(3,3, BCRSMatrix<FieldMatrix<double,1,1> >::random); data/dune-istl-2.7.0/dune/istl/test/matrixtest.cc:349:60: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BCRSMatrix<double> bcrsMatrix(4,4, BCRSMatrix<double>::random); data/dune-istl-2.7.0/dune/istl/test/matrixtest.cc:411:94: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BCRSMatrix<FieldMatrix<double,2,2> > bcrsMatrix(4,4, BCRSMatrix<FieldMatrix<double,2,2> >::random); data/dune-istl-2.7.0/dune/istl/test/mmtest.cc:14:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. MatrixType m1(2,2,MatrixType::random) , data/dune-istl-2.7.0/dune/istl/test/mmtest.cc:15:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. m2(2,2,MatrixType::random) , data/dune-istl-2.7.0/dune/istl/test/mmtest.cc:16:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. res(2,2,MatrixType::random); data/dune-istl-2.7.0/dune/istl/test/multitypeblockmatrixtest.cc:151:46: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BCRSMat A11 = BCRSMat(X1,Y1,X1*Y1,BCRSMat::random); //A11 is 3x3 data/dune-istl-2.7.0/dune/istl/test/multitypeblockmatrixtest.cc:152:46: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BCRSMat A12 = BCRSMat(X1,Y2,X1*Y2,BCRSMat::random); //A12 is 2x3 data/dune-istl-2.7.0/dune/istl/test/multitypeblockmatrixtest.cc:153:46: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BCRSMat A21 = BCRSMat(X2,Y1,X2*Y1,BCRSMat::random); //A11 is 3x2 data/dune-istl-2.7.0/dune/istl/test/multitypeblockmatrixtest.cc:154:46: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BCRSMat A22 = BCRSMat(X2,Y2,X2*Y2,BCRSMat::random); //A12 is 2x2 data/dune-istl-2.7.0/dune/istl/eigenvalue/test/cond2test.cc:24:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/paamg/test/amgtest.cc:190:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/paamg/test/amgtest.cc:193:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). coarsenTarget = atoi(argv[2]); data/dune-istl-2.7.0/dune/istl/paamg/test/amgtest.cc:196:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ml = atoi(argv[3]); data/dune-istl-2.7.0/dune/istl/paamg/test/fastamg.cc:132:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/paamg/test/fastamg.cc:135:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). coarsenTarget = atoi(argv[2]); data/dune-istl-2.7.0/dune/istl/paamg/test/fastamg.cc:138:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ml = atoi(argv[3]); data/dune-istl-2.7.0/dune/istl/paamg/test/galerkintest.cc:157:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/paamg/test/hierarchytest.cc:81:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/paamg/test/kamgtest.cc:167:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/paamg/test/kamgtest.cc:170:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). coarsenTarget = atoi(argv[2]); data/dune-istl-2.7.0/dune/istl/paamg/test/kamgtest.cc:173:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ml = atoi(argv[3]); data/dune-istl-2.7.0/dune/istl/paamg/test/parallelamgtest.cc:225:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/paamg/test/parallelamgtest.cc:228:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). coarsenTarget = atoi(argv[2]); data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadamgtest.cc:222:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadamgtest.cc:225:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). coarsenTarget = atoi(argv[2]); data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadamgtest.cc:228:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ml = atoi(argv[3]); data/dune-istl-2.7.0/dune/istl/test/complexrhstest.cc:122:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/test/inverseoperator2prectest.cc:19:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/test/ldltest.cc:27:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/test/matrixmarkettest.cc:141:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/test/matrixredisttest.cc:129:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/test/matrixredisttest.cc:131:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). coarsenTarget = atoi(argv[2]); data/dune-istl-2.7.0/dune/istl/test/mv.cc:18:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/test/overlappingschwarztest.cc:30:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/test/overlappingschwarztest.cc:53:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). domainSize = atoi(argv[2]); data/dune-istl-2.7.0/dune/istl/test/solvertest.cc:60:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/test/spqrtest.cc:29:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/test/superlutest.cc:93:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); data/dune-istl-2.7.0/dune/istl/test/umfpacktest.cc:65:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). N = atoi(argv[1]); ANALYSIS SUMMARY: Hits = 51 Lines analyzed = 7908 in approximately 0.22 seconds (35277 lines/second) Physical Source Lines of Code (SLOC) = 5567 Hits@level = [0] 0 [1] 0 [2] 30 [3] 21 [4] 0 [5] 0 Hits@level+ = [0+] 51 [1+] 51 [2+] 51 [3+] 21 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 9.16113 [1+] 9.16113 [2+] 9.16113 [3+] 3.77223 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.