Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/mapbox-variant-1.2.0/include/mapbox/optional.hpp Examining data/mapbox-variant-1.2.0/include/mapbox/recursive_wrapper.hpp Examining data/mapbox-variant-1.2.0/include/mapbox/variant.hpp Examining data/mapbox-variant-1.2.0/include/mapbox/variant_cast.hpp Examining data/mapbox-variant-1.2.0/include/mapbox/variant_io.hpp Examining data/mapbox-variant-1.2.0/include/mapbox/variant_visitor.hpp Examining data/mapbox-variant-1.2.0/test/bench_variant.cpp Examining data/mapbox-variant-1.2.0/test/binary_visitor_test.cpp Examining data/mapbox-variant-1.2.0/test/boost_variant_hello_world.cpp Examining data/mapbox-variant-1.2.0/test/compilation_failure/default_constructor.cpp Examining data/mapbox-variant-1.2.0/test/compilation_failure/empty_typelist.cpp Examining data/mapbox-variant-1.2.0/test/compilation_failure/equality.cpp Examining data/mapbox-variant-1.2.0/test/compilation_failure/get_type.cpp Examining data/mapbox-variant-1.2.0/test/compilation_failure/is_type.cpp Examining data/mapbox-variant-1.2.0/test/compilation_failure/mutating_visitor_on_const.cpp Examining data/mapbox-variant-1.2.0/test/compilation_failure/no-reference.cpp Examining data/mapbox-variant-1.2.0/test/hashable_test.cpp Examining data/mapbox-variant-1.2.0/test/include/auto_cpu_timer.hpp Examining data/mapbox-variant-1.2.0/test/include/catch.hpp Examining data/mapbox-variant-1.2.0/test/lambda_overload_test.cpp Examining data/mapbox-variant-1.2.0/test/our_variant_hello_world.cpp Examining data/mapbox-variant-1.2.0/test/recursive_wrapper_test.cpp Examining data/mapbox-variant-1.2.0/test/reference_wrapper_test.cpp Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_1.cpp Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_2.cpp Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_3.cpp Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_4.cpp Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_5.cpp Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_6.cpp Examining data/mapbox-variant-1.2.0/test/t/binary_visitor_impl.hpp Examining data/mapbox-variant-1.2.0/test/t/issue122.cpp Examining data/mapbox-variant-1.2.0/test/t/issue21.cpp Examining data/mapbox-variant-1.2.0/test/t/mutating_visitor.cpp Examining data/mapbox-variant-1.2.0/test/t/nothrow_move.cpp Examining data/mapbox-variant-1.2.0/test/t/optional.cpp Examining data/mapbox-variant-1.2.0/test/t/recursive_wrapper.cpp Examining data/mapbox-variant-1.2.0/test/t/sizeof.cpp Examining data/mapbox-variant-1.2.0/test/t/unary_visitor.cpp Examining data/mapbox-variant-1.2.0/test/t/variant.cpp Examining data/mapbox-variant-1.2.0/test/t/variant_alternative.cpp Examining data/mapbox-variant-1.2.0/test/t/visitor_result_type.cpp Examining data/mapbox-variant-1.2.0/test/unique_ptr_test.cpp Examining data/mapbox-variant-1.2.0/test/unit.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/catch.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/catch_session.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/catch_with_main.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/external/clara.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/external/tbc_text_format.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_approx.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_assertionresult.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_assertionresult.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_capture.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_clara.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_commandline.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_common.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_common.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_compiler_capabilities.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_config.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_console_colour.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_console_colour_impl.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_context.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_context_impl.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_debugger.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_debugger.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_default_main.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_evaluate.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_exception_translator_registry.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_expression_lhs.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_fatal_condition.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_generators.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_generators_impl.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_impl.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_capture.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_config.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_exception.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_generators.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_registry_hub.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_reporter.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_runner.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_tag_alias_registry.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_interfaces_testcase.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_legacy_reporter_adapter.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_legacy_reporter_adapter.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_list.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_matchers.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_message.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_message.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_notimplemented_exception.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_notimplemented_exception.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_objc.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_objc_arc.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_option.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_platform.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_ptr.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_reenable_warnings.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_registry_hub.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_reporter_registrars.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_reporter_registry.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_result_builder.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_result_builder.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_result_type.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_run_context.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_section.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_section.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_section_info.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_section_info.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_stream.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_stream.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_streambuf.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_suppress_warnings.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tag_alias.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tag_alias_registry.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tag_alias_registry.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_info.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_info.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_registry_impl.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_tracker.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_registry.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_spec.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_spec_parser.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_text.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_timer.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_timer.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tostring.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tostring.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_totals.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_version.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_version.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_wildcard_pattern.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_xmlwriter.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_bases.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_compact.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_console.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_junit.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_multi.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_teamcity.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_xml.hpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ApproxTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/BDDTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ClassTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/CmdLineTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ConditionTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/EnumToString.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ExceptionTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/GeneratorTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/MessageTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/MiscTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/PartTrackerTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_common.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_console_colour.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_debugger.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_capture.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_config.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_exception.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_generators.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_registry_hub.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_reporter.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_runner.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_interfaces_testcase.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_message.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_option.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_ptr.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_stream.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_streambuf.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_test_spec.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/SurrogateCpps/catch_xmlwriter.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/TagAliasTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/TestMain.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ToStringPair.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ToStringTuple.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ToStringVector.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/ToStringWhich.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/TrickyTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/SelfTest/VariadicMacrosTests.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/VS2008/TestCatch/TestCatch/TestCatch.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/XCode/CatchSelfTest/CatchSelfTest/catch_text.cpp Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/XCode/OCTest/OCTest/CatchOCTestCase.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/XCode/OCTest/OCTest/TestObj.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/XCode/iOSTest/iOSTest/TestObj.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/runners/iTchRunner/internal/iTchRunnerAppDelegate.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/runners/iTchRunner/internal/iTchRunnerMainView.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/projects/runners/iTchRunner/internal/iTchRunnerReporter.h Examining data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp FINAL RESULTS: data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_common.hpp:87:18: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand( config.rngSeed() ); data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:7567:18: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand( config.rngSeed() ); data/mapbox-variant-1.2.0/test/include/catch.hpp:8545:18: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand( config.rngSeed() ); data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_option.hpp:70:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char storage[sizeof(T)]; data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_stream.hpp:23:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[bufferSize]; data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_stream.hpp:61:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ofs.open( filename.c_str() ); data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_tracker.hpp:170:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open() { data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_tracker.hpp:247:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). section->open(); data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_test_case_tracker.hpp:280:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tracker->open(); data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tostring.h:79:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct TrueType { char sizer[1]; }; data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tostring.h:80:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct FalseType { char sizer[2]; }; data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/internal/catch_tostring.hpp:29:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char asChar[sizeof (int)]; data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/include/reporters/catch_reporter_bases.hpp:225:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0}; data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:1563:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct TrueType { char sizer[1]; }; data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:1564:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct FalseType { char sizer[2]; }; data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:2736:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char storage[sizeof(T)]; data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:5388:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open() { data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:5465:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). section->open(); data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:5498:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tracker->open(); data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:6558:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[bufferSize]; data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:6595:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ofs.open( filename.c_str() ); data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:7735:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char asChar[sizeof (int)]; data/mapbox-variant-1.2.0/debian/missing-sources/Catch-1.3.3/single_include/catch.hpp:8494:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0}; data/mapbox-variant-1.2.0/test/include/catch.hpp:1581:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct TrueType { char sizer[1]; }; data/mapbox-variant-1.2.0/test/include/catch.hpp:1582:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct FalseType { char sizer[2]; }; data/mapbox-variant-1.2.0/test/include/catch.hpp:3137:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char storage[sizeof(T)]; data/mapbox-variant-1.2.0/test/include/catch.hpp:6086:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open() { data/mapbox-variant-1.2.0/test/include/catch.hpp:6180:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/mapbox-variant-1.2.0/test/include/catch.hpp:6226:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tracker->open(); data/mapbox-variant-1.2.0/test/include/catch.hpp:6415:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char altStackMem[SIGSTKSZ]; data/mapbox-variant-1.2.0/test/include/catch.hpp:7484:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[bufferSize]; data/mapbox-variant-1.2.0/test/include/catch.hpp:7521:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ofs.open( filename.c_str() ); data/mapbox-variant-1.2.0/test/include/catch.hpp:8741:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char asChar[sizeof (int)]; data/mapbox-variant-1.2.0/test/include/catch.hpp:9379:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[maxDoubleSize]; data/mapbox-variant-1.2.0/test/include/catch.hpp:9386:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.3f", duration); data/mapbox-variant-1.2.0/test/include/catch.hpp:9612:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0}; data/mapbox-variant-1.2.0/test/include/catch.hpp:10206:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timeStamp[timeStampSize]; data/mapbox-variant-1.2.0/test/include/catch.hpp:8469:50: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin()); data/mapbox-variant-1.2.0/test/include/catch.hpp:8475:50: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin()); ANALYSIS SUMMARY: Hits = 39 Lines analyzed = 41307 in approximately 0.93 seconds (44357 lines/second) Physical Source Lines of Code (SLOC) = 32049 Hits@level = [0] 0 [1] 2 [2] 34 [3] 3 [4] 0 [5] 0 Hits@level+ = [0+] 39 [1+] 39 [2+] 37 [3+] 3 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.21689 [1+] 1.21689 [2+] 1.15448 [3+] 0.0936067 [4+] 0 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.