Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gadap-2.0/src/Connections.cc
Examining data/gadap-2.0/src/Connections.h
Examining data/gadap-2.0/src/gadap.h
Examining data/gadap-2.0/src/gadap_err.h
Examining data/gadap-2.0/src/gadap_types.h
Examining data/gadap-2.0/src/NCTypeFactory.cc
Examining data/gadap-2.0/src/NCTypeFactory.h
Examining data/gadap-2.0/src/gaBaseTypes.h
Examining data/gadap-2.0/src/gaTypeFactory.h
Examining data/gadap-2.0/src/gaBaseTypes.cc
Examining data/gadap-2.0/src/gaConnect.cc
Examining data/gadap-2.0/src/gaConnect.h
Examining data/gadap-2.0/src/gaReports.cc
Examining data/gadap-2.0/src/gaReports.h
Examining data/gadap-2.0/src/gaTypeFactory.cc
Examining data/gadap-2.0/src/gaUtils.cc
Examining data/gadap-2.0/src/gaUtils.h
Examining data/gadap-2.0/src/gadap.cc
Examining data/gadap-2.0/test/test.cc
FINAL RESULTS:
data/gadap-2.0/src/gaConnect.cc:348:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(query->url, request_url.c_str());
data/gadap-2.0/src/gaReports.cc:204:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,buf->c_str());
data/gadap-2.0/src/gaReports.cc:223:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,buf->c_str());
data/gadap-2.0/test/test.cc:121:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int varindex1 = atoi(argv[2]);
data/gadap-2.0/test/test.cc:122:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int varindex2 = atoi(argv[3]);
data/gadap-2.0/src/gaBaseTypes.cc:53:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool gaStr::read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:78:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool gaUrl::read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:101:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:114:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:127:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:140:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:153:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:166:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:179:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:192:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:205:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:218:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:232:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.cc:245:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset) {
data/gadap-2.0/src/gaBaseTypes.h:40:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset);
data/gadap-2.0/src/gaBaseTypes.h:54:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(const string &dataset);
ANALYSIS SUMMARY:
Hits = 21
Lines analyzed = 3895 in approximately 0.14 seconds (28118 lines/second)
Physical Source Lines of Code (SLOC) = 2135
Hits@level = [0] 0 [1] 16 [2] 2 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 21 [1+] 21 [2+] 5 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 9.83607 [1+] 9.83607 [2+] 2.34192 [3+] 1.40515 [4+] 1.40515 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.