Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mapbox-variant-1.2.0/include/mapbox/optional.hpp
Examining data/mapbox-variant-1.2.0/include/mapbox/recursive_wrapper.hpp
Examining data/mapbox-variant-1.2.0/include/mapbox/variant.hpp
Examining data/mapbox-variant-1.2.0/include/mapbox/variant_cast.hpp
Examining data/mapbox-variant-1.2.0/include/mapbox/variant_io.hpp
Examining data/mapbox-variant-1.2.0/include/mapbox/variant_visitor.hpp
Examining data/mapbox-variant-1.2.0/test/bench_variant.cpp
Examining data/mapbox-variant-1.2.0/test/binary_visitor_test.cpp
Examining data/mapbox-variant-1.2.0/test/boost_variant_hello_world.cpp
Examining data/mapbox-variant-1.2.0/test/compilation_failure/default_constructor.cpp
Examining data/mapbox-variant-1.2.0/test/compilation_failure/empty_typelist.cpp
Examining data/mapbox-variant-1.2.0/test/compilation_failure/equality.cpp
Examining data/mapbox-variant-1.2.0/test/compilation_failure/get_type.cpp
Examining data/mapbox-variant-1.2.0/test/compilation_failure/is_type.cpp
Examining data/mapbox-variant-1.2.0/test/compilation_failure/mutating_visitor_on_const.cpp
Examining data/mapbox-variant-1.2.0/test/compilation_failure/no-reference.cpp
Examining data/mapbox-variant-1.2.0/test/hashable_test.cpp
Examining data/mapbox-variant-1.2.0/test/include/auto_cpu_timer.hpp
Examining data/mapbox-variant-1.2.0/test/include/catch.hpp
Examining data/mapbox-variant-1.2.0/test/lambda_overload_test.cpp
Examining data/mapbox-variant-1.2.0/test/our_variant_hello_world.cpp
Examining data/mapbox-variant-1.2.0/test/recursive_wrapper_test.cpp
Examining data/mapbox-variant-1.2.0/test/reference_wrapper_test.cpp
Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_1.cpp
Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_2.cpp
Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_3.cpp
Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_4.cpp
Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_5.cpp
Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_6.cpp
Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_impl.hpp
Examining data/mapbox-variant-1.2.0/test/t/issue122.cpp
Examining data/mapbox-variant-1.2.0/test/t/issue21.cpp
Examining data/mapbox-variant-1.2.0/test/t/mutating_visitor.cpp
Examining data/mapbox-variant-1.2.0/test/t/nothrow_move.cpp
Examining data/mapbox-variant-1.2.0/test/t/optional.cpp
Examining data/mapbox-variant-1.2.0/test/t/recursive_wrapper.cpp
Examining data/mapbox-variant-1.2.0/test/t/sizeof.cpp
Examining data/mapbox-variant-1.2.0/test/t/unary_visitor.cpp
Examining data/mapbox-variant-1.2.0/test/t/variant.cpp
Examining data/mapbox-variant-1.2.0/test/t/variant_alternative.cpp
Examining data/mapbox-variant-1.2.0/test/t/visitor_result_type.cpp
Examining data/mapbox-variant-1.2.0/test/unique_ptr_test.cpp
Examining data/mapbox-variant-1.2.0/test/unit.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/catch.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/catch_session.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/catch_with_main.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/external/clara.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/external/tbc_text_format.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_approx.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_assertionresult.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_assertionresult.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_capture.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_clara.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_commandline.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_common.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_common.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_compiler_capabilities.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_config.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_console_colour.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_console_colour_impl.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_context.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_context_impl.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_debugger.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_debugger.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_default_main.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_evaluate.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_exception_translator_registry.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_expression_lhs.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_fatal_condition.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_generators.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_generators_impl.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_impl.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_capture.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_config.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_exception.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_generators.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_registry_hub.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_reporter.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_runner.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_tag_alias_registry.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_testcase.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_legacy_reporter_adapter.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_legacy_reporter_adapter.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_list.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_matchers.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_message.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_message.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_notimplemented_exception.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_notimplemented_exception.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_objc.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_objc_arc.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_option.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_platform.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_ptr.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_reenable_warnings.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_registry_hub.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_reporter_registrars.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_reporter_registry.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_result_builder.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_result_builder.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_result_type.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_run_context.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_section.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_section.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_section_info.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_section_info.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_stream.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_stream.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_streambuf.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_suppress_warnings.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tag_alias.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tag_alias_registry.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tag_alias_registry.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_info.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_info.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_registry_impl.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_tracker.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_registry.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_spec.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_spec_parser.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_text.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_timer.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_timer.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tostring.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tostring.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_totals.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_version.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_version.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_wildcard_pattern.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_xmlwriter.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_bases.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_compact.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_console.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_junit.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_multi.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_teamcity.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_xml.hpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ApproxTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/BDDTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ClassTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/CmdLineTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ConditionTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/EnumToString.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ExceptionTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/GeneratorTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/MessageTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/MiscTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/PartTrackerTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_common.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_console_colour.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_debugger.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_capture.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_config.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_exception.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_generators.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_registry_hub.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_reporter.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_runner.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_testcase.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_message.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_option.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_ptr.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_stream.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_streambuf.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_test_spec.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_xmlwriter.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/TagAliasTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/TestMain.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ToStringPair.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ToStringTuple.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ToStringVector.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ToStringWhich.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/TrickyTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/VariadicMacrosTests.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/VS2008/TestCatch/TestCatch/TestCatch.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/XCode/CatchSelfTest/CatchSelfTest/catch_text.cpp
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/XCode/OCTest/OCTest/CatchOCTestCase.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/XCode/OCTest/OCTest/TestObj.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/XCode/iOSTest/iOSTest/TestObj.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/runners/iTchRunner/internal/iTchRunnerAppDelegate.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/runners/iTchRunner/internal/iTchRunnerMainView.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/runners/iTchRunner/internal/iTchRunnerReporter.h
Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp
FINAL RESULTS:
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_common.hpp:87:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( config.rngSeed() );
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:7567:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( config.rngSeed() );
data/mapbox-variant-1.2.0/test/include/catch.hpp:8545:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( config.rngSeed() );
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_option.hpp:70:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[sizeof(T)];
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_stream.hpp:23:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_stream.hpp:61:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_tracker.hpp:170:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_tracker.hpp:247:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
section->open();
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_tracker.hpp:280:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tostring.h:79:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct TrueType { char sizer[1]; };
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tostring.h:80:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct FalseType { char sizer[2]; };
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tostring.hpp:29:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_bases.hpp:225:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:1563:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct TrueType { char sizer[1]; };
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:1564:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct FalseType { char sizer[2]; };
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:2736:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[sizeof(T)];
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:5388:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:5465:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
section->open();
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:5498:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:6558:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:6595:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:7735:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:8494:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/mapbox-variant-1.2.0/test/include/catch.hpp:1581:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct TrueType { char sizer[1]; };
data/mapbox-variant-1.2.0/test/include/catch.hpp:1582:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct FalseType { char sizer[2]; };
data/mapbox-variant-1.2.0/test/include/catch.hpp:3137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[sizeof(T)];
data/mapbox-variant-1.2.0/test/include/catch.hpp:6086:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/mapbox-variant-1.2.0/test/include/catch.hpp:6180:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/mapbox-variant-1.2.0/test/include/catch.hpp:6226:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/mapbox-variant-1.2.0/test/include/catch.hpp:6415:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char altStackMem[SIGSTKSZ];
data/mapbox-variant-1.2.0/test/include/catch.hpp:7484:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/mapbox-variant-1.2.0/test/include/catch.hpp:7521:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/mapbox-variant-1.2.0/test/include/catch.hpp:8741:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/mapbox-variant-1.2.0/test/include/catch.hpp:9379:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxDoubleSize];
data/mapbox-variant-1.2.0/test/include/catch.hpp:9386:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.3f", duration);
data/mapbox-variant-1.2.0/test/include/catch.hpp:9612:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/mapbox-variant-1.2.0/test/include/catch.hpp:10206:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/mapbox-variant-1.2.0/test/include/catch.hpp:8469:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/mapbox-variant-1.2.0/test/include/catch.hpp:8475:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 41307 in approximately 0.93 seconds (44357 lines/second)
Physical Source Lines of Code (SLOC) = 32049
Hits@level = [0] 0 [1] 2 [2] 34 [3] 3 [4] 0 [5] 0
Hits@level+ = [0+] 39 [1+] 39 [2+] 37 [3+] 3 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.21689 [1+] 1.21689 [2+] 1.15448 [3+] 0.0936067 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.