Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pybind11-2.6.1/include/pybind11/attr.h Examining data/pybind11-2.6.1/include/pybind11/buffer_info.h Examining data/pybind11-2.6.1/include/pybind11/cast.h Examining data/pybind11-2.6.1/include/pybind11/chrono.h Examining data/pybind11-2.6.1/include/pybind11/common.h Examining data/pybind11-2.6.1/include/pybind11/complex.h Examining data/pybind11-2.6.1/include/pybind11/detail/class.h Examining data/pybind11-2.6.1/include/pybind11/detail/common.h Examining data/pybind11-2.6.1/include/pybind11/detail/descr.h Examining data/pybind11-2.6.1/include/pybind11/detail/init.h Examining data/pybind11-2.6.1/include/pybind11/detail/internals.h Examining data/pybind11-2.6.1/include/pybind11/detail/typeid.h Examining data/pybind11-2.6.1/include/pybind11/eigen.h Examining data/pybind11-2.6.1/include/pybind11/embed.h Examining data/pybind11-2.6.1/include/pybind11/eval.h Examining data/pybind11-2.6.1/include/pybind11/functional.h Examining data/pybind11-2.6.1/include/pybind11/iostream.h Examining data/pybind11-2.6.1/include/pybind11/numpy.h Examining data/pybind11-2.6.1/include/pybind11/operators.h Examining data/pybind11-2.6.1/include/pybind11/options.h Examining data/pybind11-2.6.1/include/pybind11/pybind11.h Examining data/pybind11-2.6.1/include/pybind11/pytypes.h Examining data/pybind11-2.6.1/include/pybind11/stl.h Examining data/pybind11-2.6.1/include/pybind11/stl_bind.h Examining data/pybind11-2.6.1/tests/constructor_stats.h Examining data/pybind11-2.6.1/tests/cross_module_gil_utils.cpp Examining data/pybind11-2.6.1/tests/local_bindings.h Examining data/pybind11-2.6.1/tests/object.h Examining data/pybind11-2.6.1/tests/pybind11_cross_module_tests.cpp Examining data/pybind11-2.6.1/tests/pybind11_tests.cpp Examining data/pybind11-2.6.1/tests/pybind11_tests.h Examining data/pybind11-2.6.1/tests/test_async.cpp Examining data/pybind11-2.6.1/tests/test_buffers.cpp Examining data/pybind11-2.6.1/tests/test_builtin_casters.cpp Examining data/pybind11-2.6.1/tests/test_call_policies.cpp Examining data/pybind11-2.6.1/tests/test_callbacks.cpp Examining data/pybind11-2.6.1/tests/test_chrono.cpp Examining data/pybind11-2.6.1/tests/test_class.cpp Examining data/pybind11-2.6.1/tests/test_cmake_build/embed.cpp Examining data/pybind11-2.6.1/tests/test_cmake_build/main.cpp Examining data/pybind11-2.6.1/tests/test_constants_and_functions.cpp Examining data/pybind11-2.6.1/tests/test_copy_move.cpp Examining data/pybind11-2.6.1/tests/test_custom_type_casters.cpp Examining data/pybind11-2.6.1/tests/test_docstring_options.cpp Examining data/pybind11-2.6.1/tests/test_eigen.cpp Examining data/pybind11-2.6.1/tests/test_embed/catch.cpp Examining data/pybind11-2.6.1/tests/test_embed/external_module.cpp Examining data/pybind11-2.6.1/tests/test_embed/test_interpreter.cpp Examining data/pybind11-2.6.1/tests/test_enum.cpp Examining data/pybind11-2.6.1/tests/test_eval.cpp Examining data/pybind11-2.6.1/tests/test_exceptions.cpp Examining data/pybind11-2.6.1/tests/test_factory_constructors.cpp Examining data/pybind11-2.6.1/tests/test_gil_scoped.cpp Examining data/pybind11-2.6.1/tests/test_iostream.cpp Examining data/pybind11-2.6.1/tests/test_kwargs_and_defaults.cpp Examining data/pybind11-2.6.1/tests/test_local_bindings.cpp Examining data/pybind11-2.6.1/tests/test_methods_and_attributes.cpp Examining data/pybind11-2.6.1/tests/test_modules.cpp Examining data/pybind11-2.6.1/tests/test_multiple_inheritance.cpp Examining data/pybind11-2.6.1/tests/test_numpy_array.cpp Examining data/pybind11-2.6.1/tests/test_numpy_dtypes.cpp Examining data/pybind11-2.6.1/tests/test_numpy_vectorize.cpp Examining data/pybind11-2.6.1/tests/test_opaque_types.cpp Examining data/pybind11-2.6.1/tests/test_operator_overloading.cpp Examining data/pybind11-2.6.1/tests/test_pickling.cpp Examining data/pybind11-2.6.1/tests/test_pytypes.cpp Examining data/pybind11-2.6.1/tests/test_sequences_and_iterators.cpp Examining data/pybind11-2.6.1/tests/test_smart_ptr.cpp Examining data/pybind11-2.6.1/tests/test_stl.cpp Examining data/pybind11-2.6.1/tests/test_stl_binders.cpp Examining data/pybind11-2.6.1/tests/test_tagbased_polymorphic.cpp Examining data/pybind11-2.6.1/tests/test_union.cpp Examining data/pybind11-2.6.1/tests/test_virtual_functions.cpp Examining data/pybind11-2.6.1/debian/tests/example/example.cpp FINAL RESULTS: data/pybind11-2.6.1/include/pybind11/detail/init.h:287:6: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. void setstate(value_and_holder &v_h, T &&result, bool need_alias) { data/pybind11-2.6.1/include/pybind11/detail/init.h:294:6: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. void setstate(value_and_holder &v_h, std::pair<T, O> &&result, bool need_alias) { data/pybind11-2.6.1/include/pybind11/detail/init.h:328:13: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. setstate<Class>(v_h, func(std::forward<ArgState>(state)), data/pybind11-2.6.1/include/pybind11/pybind11.h:1744:35: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. detail::initimpl::setstate<Base>(v_h, static_cast<Type>(arg), data/pybind11-2.6.1/include/pybind11/complex.h:24:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static constexpr const char value[3] = { 'Z', c, '\0' }; data/pybind11-2.6.1/include/pybind11/detail/class.h:632:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) tp_doc, rec.doc, size); data/pybind11-2.6.1/include/pybind11/detail/common.h:747:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static constexpr const char value[2] = { c, '\0' }; data/pybind11-2.6.1/include/pybind11/detail/descr.h:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[N + 1]; data/pybind11-2.6.1/tests/test_buffers.cpp:27:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_data, s.m_data, sizeof(float) * (size_t) (m_rows * m_cols)); data/pybind11-2.6.1/tests/test_buffers.cpp:48:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_data, s.m_data, sizeof(float) * (size_t) (m_rows * m_cols)); data/pybind11-2.6.1/tests/test_buffers.cpp:88:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v->data(), info.ptr, sizeof(float) * (size_t) (v->rows() * v->cols())); data/pybind11-2.6.1/tests/test_embed/test_interpreter.cpp:275:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). test_module.open(module_file); data/pybind11-2.6.1/tests/test_numpy_dtypes.cpp:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[3]; data/pybind11-2.6.1/tests/test_numpy_dtypes.cpp:90:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[3][4]; data/pybind11-2.6.1/tests/test_sequences_and_iterators.cpp:107:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_data, &value[0], sizeof(float) * m_size); data/pybind11-2.6.1/tests/test_sequences_and_iterators.cpp:112:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_data, s.m_data, sizeof(float)*m_size); data/pybind11-2.6.1/tests/test_sequences_and_iterators.cpp:127:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_data, s.m_data, sizeof(float)*m_size); data/pybind11-2.6.1/include/pybind11/attr.h:380:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!a.name || strlen(a.name) == 0) data/pybind11-2.6.1/include/pybind11/detail/class.h:630:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(rec.doc) + 1; data/pybind11-2.6.1/include/pybind11/detail/common.h:244:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = std::strlen(compiled_ver); \ data/pybind11-2.6.1/include/pybind11/numpy.h:1422:19: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!std::equal(buffers[i].shape.cbegin(), buffers[i].shape.cend(), shape.cbegin())) data/pybind11-2.6.1/include/pybind11/pybind11.h:427:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (it->doc && strlen(it->doc) > 0 && options::show_user_defined_docstrings()) { data/pybind11-2.6.1/include/pybind11/pybind11.h:1566:40: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (handle(kv.second[int_(0)]).equal(arg)) data/pybind11-2.6.1/include/pybind11/pybind11.h:1650:68: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. PYBIND11_ENUM_OP_CONV_LHS("__eq__", !b.is_none() && a.equal(b)); data/pybind11-2.6.1/include/pybind11/pybind11.h:1651:68: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. PYBIND11_ENUM_OP_CONV_LHS("__ne__", b.is_none() || !a.equal(b)); data/pybind11-2.6.1/include/pybind11/pybind11.h:1668:56: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. PYBIND11_ENUM_OP_STRICT("__eq__", int_(a).equal(int_(b)), return false); data/pybind11-2.6.1/include/pybind11/pybind11.h:1669:56: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. PYBIND11_ENUM_OP_STRICT("__ne__", !int_(a).equal(int_(b)), return true); data/pybind11-2.6.1/include/pybind11/pytypes.h:119:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal(object_api const &other) const { return rich_compare(other, Py_EQ); } data/pybind11-2.6.1/include/pybind11/pytypes.h:649:65: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. friend bool operator==(const It &a, const It &b) { return a.equal(b); } data/pybind11-2.6.1/include/pybind11/pytypes.h:681:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal(const sequence_fast_readonly &b) const { return ptr == b.ptr; } data/pybind11-2.6.1/include/pybind11/pytypes.h:702:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal(const sequence_slow_readwrite &b) const { return index == b.index; } data/pybind11-2.6.1/include/pybind11/pytypes.h:723:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal(const dict_readonly &b) const { return pos == b.pos; } data/pybind11-2.6.1/tests/test_builtin_casters.cpp:60:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m.def("strlen", [](char *s) { return strlen(s); }); data/pybind11-2.6.1/tests/test_pytypes.cpp:330:20: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. l.append(a.equal(b)); data/pybind11-2.6.1/tests/test_pytypes.cpp:407:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf, static_cast<py::ssize_t>(strlen(buf))); ANALYSIS SUMMARY: Hits = 35 Lines analyzed = 22854 in approximately 0.69 seconds (33110 lines/second) Physical Source Lines of Code (SLOC) = 16126 Hits@level = [0] 0 [1] 18 [2] 13 [3] 4 [4] 0 [5] 0 Hits@level+ = [0+] 35 [1+] 35 [2+] 17 [3+] 4 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.17041 [1+] 2.17041 [2+] 1.0542 [3+] 0.248047 [4+] 0 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.