Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dune-istl-2.7.0/dune/istl/eigenvalue/test/cond2test.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/amgtest.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/fastamg.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/galerkintest.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/graphtest.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/hierarchytest.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/kamgtest.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/pamgmmtest.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/parallelamgtest.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadamgtest.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadtwoleveltest.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/transfertest.cc
Examining data/dune-istl-2.7.0/dune/istl/paamg/test/twolevelmethodtest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/bcrsassigntest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/bcrsbuild.cc
Examining data/dune-istl-2.7.0/dune/istl/test/bcrsimplicitbuild.cc
Examining data/dune-istl-2.7.0/dune/istl/test/bcrsmatrixtest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/bcrsnormtest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/bvectortest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/cgconditiontest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/cholmodtest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/complexmatrixtest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/complexrhstest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/dotproducttest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/fieldvectortest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/iluildltest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/inverseoperator2prectest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/iotest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/ldltest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/matrixiteratortest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/matrixmarkettest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/matrixnormtest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/matrixredisttest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/matrixtest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/matrixutilstest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/mmtest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/multirhstest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/multitypeblockmatrixtest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/multitypeblockvectortest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/mv.cc
Examining data/dune-istl-2.7.0/dune/istl/test/overlappingschwarztest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/preconditionerstest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/registrytest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/scalarproductstest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/scaledidmatrixtest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/solveraborttest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/solvertest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/spqrtest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/superlutest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/umfpacktest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/vbvectortest.cc
Examining data/dune-istl-2.7.0/dune/istl/test/vectorcommtest.cc
FINAL RESULTS:
data/dune-istl-2.7.0/dune/istl/paamg/test/amgtest.cc:69:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)std::clock());
data/dune-istl-2.7.0/dune/istl/paamg/test/fastamg.cc:31:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)std::clock());
data/dune-istl-2.7.0/dune/istl/paamg/test/kamgtest.cc:45:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)std::clock());
data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadamgtest.cc:54:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)std::clock());
data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadtwoleveltest.cc:19:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)std::clock());
data/dune-istl-2.7.0/dune/istl/paamg/test/twolevelmethodtest.cc:17:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)std::clock());
data/dune-istl-2.7.0/dune/istl/test/bcrsassigntest.cc:11:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Mat A(1,1, Mat::random);
data/dune-istl-2.7.0/dune/istl/test/bcrsassigntest.cc:22:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Mat B(2,2, Mat::random);
data/dune-istl-2.7.0/dune/istl/test/bcrsbuild.cc:41:72: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Dune::BCRSMatrix<B,A> matrix( rows, cols, Dune::BCRSMatrix<B,A>::random );
data/dune-istl-2.7.0/dune/istl/test/bcrsimplicitbuild.cc:113:47: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ScalarMatrix m(10,10,1,-1.0,ScalarMatrix::random);
data/dune-istl-2.7.0/dune/istl/test/bcrsnormtest.cc:40:63: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
auto m = std::make_shared<GlobalMatrix>(3, 3, GlobalMatrix::random);
data/dune-istl-2.7.0/dune/istl/test/matrixiteratortest.cc:31:94: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BCRSMatrix<FieldMatrix<double,1,1> > bcrsMatrix(3,3, BCRSMatrix<FieldMatrix<double,1,1> >::random);
data/dune-istl-2.7.0/dune/istl/test/matrixtest.cc:349:60: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BCRSMatrix<double> bcrsMatrix(4,4, BCRSMatrix<double>::random);
data/dune-istl-2.7.0/dune/istl/test/matrixtest.cc:411:94: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BCRSMatrix<FieldMatrix<double,2,2> > bcrsMatrix(4,4, BCRSMatrix<FieldMatrix<double,2,2> >::random);
data/dune-istl-2.7.0/dune/istl/test/mmtest.cc:14:33: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
MatrixType m1(2,2,MatrixType::random) ,
data/dune-istl-2.7.0/dune/istl/test/mmtest.cc:15:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
m2(2,2,MatrixType::random) ,
data/dune-istl-2.7.0/dune/istl/test/mmtest.cc:16:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
res(2,2,MatrixType::random);
data/dune-istl-2.7.0/dune/istl/test/multitypeblockmatrixtest.cc:151:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BCRSMat A11 = BCRSMat(X1,Y1,X1*Y1,BCRSMat::random); //A11 is 3x3
data/dune-istl-2.7.0/dune/istl/test/multitypeblockmatrixtest.cc:152:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BCRSMat A12 = BCRSMat(X1,Y2,X1*Y2,BCRSMat::random); //A12 is 2x3
data/dune-istl-2.7.0/dune/istl/test/multitypeblockmatrixtest.cc:153:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BCRSMat A21 = BCRSMat(X2,Y1,X2*Y1,BCRSMat::random); //A11 is 3x2
data/dune-istl-2.7.0/dune/istl/test/multitypeblockmatrixtest.cc:154:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BCRSMat A22 = BCRSMat(X2,Y2,X2*Y2,BCRSMat::random); //A12 is 2x2
data/dune-istl-2.7.0/dune/istl/eigenvalue/test/cond2test.cc:24:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/paamg/test/amgtest.cc:190:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/paamg/test/amgtest.cc:193:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
coarsenTarget = atoi(argv[2]);
data/dune-istl-2.7.0/dune/istl/paamg/test/amgtest.cc:196:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ml = atoi(argv[3]);
data/dune-istl-2.7.0/dune/istl/paamg/test/fastamg.cc:132:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/paamg/test/fastamg.cc:135:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
coarsenTarget = atoi(argv[2]);
data/dune-istl-2.7.0/dune/istl/paamg/test/fastamg.cc:138:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ml = atoi(argv[3]);
data/dune-istl-2.7.0/dune/istl/paamg/test/galerkintest.cc:157:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/paamg/test/hierarchytest.cc:81:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/paamg/test/kamgtest.cc:167:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/paamg/test/kamgtest.cc:170:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
coarsenTarget = atoi(argv[2]);
data/dune-istl-2.7.0/dune/istl/paamg/test/kamgtest.cc:173:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ml = atoi(argv[3]);
data/dune-istl-2.7.0/dune/istl/paamg/test/parallelamgtest.cc:225:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/paamg/test/parallelamgtest.cc:228:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
coarsenTarget = atoi(argv[2]);
data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadamgtest.cc:222:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadamgtest.cc:225:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
coarsenTarget = atoi(argv[2]);
data/dune-istl-2.7.0/dune/istl/paamg/test/pthreadamgtest.cc:228:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ml = atoi(argv[3]);
data/dune-istl-2.7.0/dune/istl/test/complexrhstest.cc:122:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/test/inverseoperator2prectest.cc:19:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/test/ldltest.cc:27:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/test/matrixmarkettest.cc:141:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/test/matrixredisttest.cc:129:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/test/matrixredisttest.cc:131:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
coarsenTarget = atoi(argv[2]);
data/dune-istl-2.7.0/dune/istl/test/mv.cc:18:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/test/overlappingschwarztest.cc:30:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/test/overlappingschwarztest.cc:53:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
domainSize = atoi(argv[2]);
data/dune-istl-2.7.0/dune/istl/test/solvertest.cc:60:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/test/spqrtest.cc:29:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/test/superlutest.cc:93:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
data/dune-istl-2.7.0/dune/istl/test/umfpacktest.cc:65:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
N = atoi(argv[1]);
ANALYSIS SUMMARY:
Hits = 51
Lines analyzed = 7908 in approximately 0.22 seconds (35277 lines/second)
Physical Source Lines of Code (SLOC) = 5567
Hits@level = [0] 0 [1] 0 [2] 30 [3] 21 [4] 0 [5] 0
Hits@level+ = [0+] 51 [1+] 51 [2+] 51 [3+] 21 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 9.16113 [1+] 9.16113 [2+] 9.16113 [3+] 3.77223 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.