Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/opengrm-ngram-1.3.2/src/test/ngramhisttest.cc
Examining data/opengrm-ngram-1.3.2/src/test/ngramrandtest.cc
Examining data/opengrm-ngram-1.3.2/src/lib/ngram-output.cc
Examining data/opengrm-ngram-1.3.2/src/lib/ngram-count.cc
Examining data/opengrm-ngram-1.3.2/src/lib/ngram-absolute.cc
Examining data/opengrm-ngram-1.3.2/src/lib/ngram-make.cc
Examining data/opengrm-ngram-1.3.2/src/lib/hist-arc.cc
Examining data/opengrm-ngram-1.3.2/src/lib/ngram-kneser-ney.cc
Examining data/opengrm-ngram-1.3.2/src/lib/ngram-shrink.cc
Examining data/opengrm-ngram-1.3.2/src/lib/ngram-marginalize.cc
Examining data/opengrm-ngram-1.3.2/src/lib/ngram-context.cc
Examining data/opengrm-ngram-1.3.2/src/lib/ngram-count-prune.cc
Examining data/opengrm-ngram-1.3.2/src/lib/util.cc
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-witten-bell.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-absolute.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-mutable-model.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-bayes-model-merge.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-unsmoothed.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-model.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-marginalize.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/hist-arc.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-model-merge.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-context-prune.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-count.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-katz.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-count-prune.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-shrink.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-count-merge.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-merge.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-transfer.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-seymore-shrink.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-context.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-count-of-counts.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-complete.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-hist-merge.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/hist-mapper.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-output.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/util.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-randgen.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-input.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-split.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-context-merge.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-kneser-ney.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/lexicographic-map.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-make.h
Examining data/opengrm-ngram-1.3.2/src/include/ngram/ngram-relentropy.h
Examining data/opengrm-ngram-1.3.2/src/bin/ngramread_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngrammarginalize_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngramperplexity_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngramsplit_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngramsort_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngramrandgen_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngrammake_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngraminfo_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngramsymbols_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngrammerge_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngramapply_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngramshrink_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngramtransfer_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngramprint_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngramcount_main.cc
Examining data/opengrm-ngram-1.3.2/src/bin/ngramcontext_main.cc
FINAL RESULTS:
data/opengrm-ngram-1.3.2/src/include/ngram/ngram-randgen.h:52:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/opengrm-ngram-1.3.2/src/lib/ngram-output.cc:497:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(nullptr)); // initialize random number
data/opengrm-ngram-1.3.2/src/bin/ngramcount_main.cc:92:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofstrm.open(out_name);
data/opengrm-ngram-1.3.2/src/bin/ngraminfo_main.cc:107:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofstrm.open(argv[2]);
data/opengrm-ngram-1.3.2/src/bin/ngramperplexity_main.cc:57:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofstrm.open(argv[3]);
data/opengrm-ngram-1.3.2/src/bin/ngramprint_main.cc:70:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofstrm.open(argv[2]);
data/opengrm-ngram-1.3.2/src/include/ngram/ngram-input.h:125:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifstrm_.open(ifile);
data/opengrm-ngram-1.3.2/src/include/ngram/ngram-input.h:142:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofstrm_.open(ofile);
data/opengrm-ngram-1.3.2/src/lib/ngram-context.cc:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[linelen];
data/opengrm-ngram-1.3.2/src/lib/ngram-context.cc:220:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstrm.open(file);
data/opengrm-ngram-1.3.2/src/lib/ngram-context.cc:234:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofstrm.open(file);
data/opengrm-ngram-1.3.2/src/test/ngramhisttest.cc:67:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstrm.open(FLAGS_ifile);
data/opengrm-ngram-1.3.2/src/test/ngramrandtest.cc:204:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
varfstrm.open(FLAGS_vars);
data/opengrm-ngram-1.3.2/src/test/ngramrandtest.cc:217:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cntxfstrm.open(directory + "cntxs");
data/opengrm-ngram-1.3.2/src/lib/ngram-context.cc:74:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, context_pattern.c_str(), linelen);
data/opengrm-ngram-1.3.2/src/lib/ngram-context.cc:179:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line.get(), extended_context_pattern.c_str(), linelen);
ANALYSIS SUMMARY:
Hits = 16
Lines analyzed = 12545 in approximately 0.36 seconds (34384 lines/second)
Physical Source Lines of Code (SLOC) = 9180
Hits@level = [0] 0 [1] 2 [2] 12 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 16 [1+] 16 [2+] 14 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.74292 [1+] 1.74292 [2+] 1.52505 [3+] 0.217865 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.