stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/opencc-1.1.1+git20200624+ds2/deps/darts-clone/darts.h
Examining data/opencc-1.1.1+git20200624+ds2/node/marisa.cc
Examining data/opencc-1.1.1+git20200624+ds2/node/opencc.cc
Examining data/opencc-1.1.1+git20200624+ds2/src/BinaryDict.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/BinaryDict.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/BinaryDictTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/CmdLineOutput.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Common.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Config.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Config.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/ConfigTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/ConfigTestBase.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Conversion.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Conversion.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/ConversionChain.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/ConversionChain.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/ConversionChainTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/ConversionTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Converter.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Converter.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/DartsDict.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/DartsDict.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/DartsDictTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Dict.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Dict.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/DictConverter.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/DictConverter.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/DictEntry.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/DictEntry.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/DictGroup.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/DictGroup.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/DictGroupTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/DictGroupTestBase.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Exception.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Export.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Lexicon.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Lexicon.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/MarisaDict.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/MarisaDict.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/MarisaDictTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/MaxMatchSegmentation.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/MaxMatchSegmentation.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/MaxMatchSegmentationTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Optional.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/PhraseExtract.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/PhraseExtract.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/PhraseExtractTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Segmentation.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Segmentation.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/Segments.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/SerializableDict.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/SerializedValues.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/SerializedValues.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/SerializedValuesTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/SimpleConverter.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/SimpleConverter.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/SimpleConverterTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/TestUtils.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/TestUtilsUTF8.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/TextDict.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/TextDict.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/TextDictTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/TextDictTestBase.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/UTF8StringSlice.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/UTF8StringSlice.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/UTF8StringSliceTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/UTF8Util.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/UTF8Util.hpp
Examining data/opencc-1.1.1+git20200624+ds2/src/UTF8UtilTest.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/benchmark/Performance.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/opencc.h
Examining data/opencc-1.1.1+git20200624+ds2/src/py_opencc.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/tools/CommandLine.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/tools/DictConverter.cpp
Examining data/opencc-1.1.1+git20200624+ds2/src/tools/PhraseExtract.cpp
Examining data/opencc-1.1.1+git20200624+ds2/test/CommandLineConvertTest.cpp

FINAL RESULTS:

data/opencc-1.1.1+git20200624+ds2/src/BinaryDict.cpp:167:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pKeyBuffer, entry->Key().c_str());
data/opencc-1.1.1+git20200624+ds2/src/BinaryDict.cpp:173:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(pValueBuffer, svEntry->Value().c_str());
data/opencc-1.1.1+git20200624+ds2/src/BinaryDict.cpp:180:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(pValueBuffer, value.c_str());
data/opencc-1.1.1+git20200624+ds2/src/Converter.cpp:35:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(output, converted.c_str());
data/opencc-1.1.1+git20200624+ds2/src/SerializedValues.cpp:128:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(pValueBuffer, value.c_str());
data/opencc-1.1.1+git20200624+ds2/test/CommandLineConvertTest.cpp:101:16:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  ASSERT_EQ(0, system(TestCommand(config).c_str()));
data/opencc-1.1.1+git20200624+ds2/src/tools/CommandLine.cpp:89:43:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    const std::string tempFileName = std::tmpnam(nullptr);
data/opencc-1.1.1+git20200624+ds2/deps/darts-clone/darts.h:242:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int open(const char *file_name, const char *mode = "rb",
data/opencc-1.1.1+git20200624+ds2/deps/darts-clone/darts.h:327:34:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
int DoubleArrayImpl<A, B, T, C>::open(const char *file_name,
data/opencc-1.1.1+git20200624+ds2/deps/darts-clone/darts.h:335:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  std::FILE *file = std::fopen(file_name, mode);
data/opencc-1.1.1+git20200624+ds2/deps/darts-clone/darts.h:391:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  std::FILE *file = std::fopen(file_name, mode);
data/opencc-1.1.1+git20200624+ds2/src/Config.cpp:195:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ifs.open(UTF8Util::GetPlatformString(fileName).c_str());
data/opencc-1.1.1+git20200624+ds2/src/Config.cpp:202:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      ifs.open(UTF8Util::GetPlatformString(prefixedFileName).c_str());
data/opencc-1.1.1+git20200624+ds2/src/Config.cpp:207:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      ifs.open(UTF8Util::GetPlatformString(prefixedFileName).c_str());
data/opencc-1.1.1+git20200624+ds2/src/ConfigTest.cpp:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char output[1024];
data/opencc-1.1.1+git20200624+ds2/src/SerializableDict.hpp:39:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fp = fopen(fileName.c_str(), "wb");
data/opencc-1.1.1+git20200624+ds2/src/SerializableDict.hpp:55:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fopen(UTF8Util::GetPlatformString(fileName).c_str(), "rb")
data/opencc-1.1.1+git20200624+ds2/src/SimpleConverter.cpp:122:17:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  int convcnt = MultiByteToWideChar(CP_ACP, 0, configFileName, -1, NULL, 0);
data/opencc-1.1.1+git20200624+ds2/src/SimpleConverter.cpp:125:5:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    MultiByteToWideChar(CP_ACP, 0, configFileName, -1, &wFileName[0], convcnt);
data/opencc-1.1.1+git20200624+ds2/src/SimpleConverterTest.cpp:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char output[1024];
data/opencc-1.1.1+git20200624+ds2/src/TextDict.cpp:64:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[ENTRY_BUFF_SIZE];
data/opencc-1.1.1+git20200624+ds2/src/UTF8Util.hpp:281:19:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    int convcnt = MultiByteToWideChar(CP_UTF8, 0, str.c_str(), length, NULL, 0);
data/opencc-1.1.1+git20200624+ds2/src/UTF8Util.hpp:284:7:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
      MultiByteToWideChar(CP_UTF8, 0, str.c_str(), length, &ret[0], convcnt);
data/opencc-1.1.1+git20200624+ds2/src/tools/CommandLine.cpp:39:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fp = fopen(outputFileName.Get().c_str(), "w");
data/opencc-1.1.1+git20200624+ds2/src/tools/CommandLine.cpp:98:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE* fin = fopen(fileName.c_str(), "r");
data/opencc-1.1.1+git20200624+ds2/src/DartsDict.cpp:103:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t headerLen = strlen(OCDHEADER);
data/opencc-1.1.1+git20200624+ds2/src/DartsDict.cpp:160:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  fwrite(OCDHEADER, sizeof(char), strlen(OCDHEADER), fp);
data/opencc-1.1.1+git20200624+ds2/src/MarisaDict.cpp:93:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t headerLen = strlen(OCD2_HEADER);
data/opencc-1.1.1+git20200624+ds2/src/MarisaDict.cpp:158:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  fwrite(OCD2_HEADER, sizeof(char), strlen(OCD2_HEADER), fp);
data/opencc-1.1.1+git20200624+ds2/src/SimpleConverter.cpp:157:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(output, converted.c_str(), converted.length());
data/opencc-1.1.1+git20200624+ds2/src/UTF8StringSlice.hpp:60:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        byteLength(static_cast<LengthType>(strlen(_str))) {}
data/opencc-1.1.1+git20200624+ds2/src/UTF8Util.cpp:36:35:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  for (n = 0; n <= 2 && (bom[n] = getc(fp)) != EOF; n++) {
data/opencc-1.1.1+git20200624+ds2/src/UTF8Util.hpp:160:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(const_cast<char*>(newStr.c_str()), str, length);
data/opencc-1.1.1+git20200624+ds2/src/UTF8Util.hpp:208:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    std::string::size_type fromLen = strlen(from);
data/opencc-1.1.1+git20200624+ds2/src/UTF8Util.hpp:209:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    std::string::size_type toLen = strlen(to);
data/opencc-1.1.1+git20200624+ds2/src/UTF8UtilTest.cpp:26:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  UTF8UtilTest() : text("東菄鶇䍶𠍀倲𩜍𢘐"), length(strlen(text)){};
data/opencc-1.1.1+git20200624+ds2/src/tools/CommandLine.cpp:136:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(bufferBegin, remainingTemp.c_str(), remainingLength);

ANALYSIS SUMMARY:

Hits = 37
Lines analyzed = 8610 in approximately 0.29 seconds (29515 lines/second)
Physical Source Lines of Code (SLOC) = 5567
Hits@level = [0]  20 [1]  12 [2]  18 [3]   1 [4]   6 [5]   0
Hits@level+ = [0+]  57 [1+]  37 [2+]  25 [3+]   7 [4+]   6 [5+]   0
Hits/KSLOC@level+ = [0+] 10.2389 [1+] 6.64631 [2+] 4.49075 [3+] 1.25741 [4+] 1.07778 [5+]   0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.