Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pybind11-2.6.1/include/pybind11/attr.h
Examining data/pybind11-2.6.1/include/pybind11/buffer_info.h
Examining data/pybind11-2.6.1/include/pybind11/cast.h
Examining data/pybind11-2.6.1/include/pybind11/chrono.h
Examining data/pybind11-2.6.1/include/pybind11/common.h
Examining data/pybind11-2.6.1/include/pybind11/complex.h
Examining data/pybind11-2.6.1/include/pybind11/detail/class.h
Examining data/pybind11-2.6.1/include/pybind11/detail/common.h
Examining data/pybind11-2.6.1/include/pybind11/detail/descr.h
Examining data/pybind11-2.6.1/include/pybind11/detail/init.h
Examining data/pybind11-2.6.1/include/pybind11/detail/internals.h
Examining data/pybind11-2.6.1/include/pybind11/detail/typeid.h
Examining data/pybind11-2.6.1/include/pybind11/eigen.h
Examining data/pybind11-2.6.1/include/pybind11/embed.h
Examining data/pybind11-2.6.1/include/pybind11/eval.h
Examining data/pybind11-2.6.1/include/pybind11/functional.h
Examining data/pybind11-2.6.1/include/pybind11/iostream.h
Examining data/pybind11-2.6.1/include/pybind11/numpy.h
Examining data/pybind11-2.6.1/include/pybind11/operators.h
Examining data/pybind11-2.6.1/include/pybind11/options.h
Examining data/pybind11-2.6.1/include/pybind11/pybind11.h
Examining data/pybind11-2.6.1/include/pybind11/pytypes.h
Examining data/pybind11-2.6.1/include/pybind11/stl.h
Examining data/pybind11-2.6.1/include/pybind11/stl_bind.h
Examining data/pybind11-2.6.1/tests/constructor_stats.h
Examining data/pybind11-2.6.1/tests/cross_module_gil_utils.cpp
Examining data/pybind11-2.6.1/tests/local_bindings.h
Examining data/pybind11-2.6.1/tests/object.h
Examining data/pybind11-2.6.1/tests/pybind11_cross_module_tests.cpp
Examining data/pybind11-2.6.1/tests/pybind11_tests.cpp
Examining data/pybind11-2.6.1/tests/pybind11_tests.h
Examining data/pybind11-2.6.1/tests/test_async.cpp
Examining data/pybind11-2.6.1/tests/test_buffers.cpp
Examining data/pybind11-2.6.1/tests/test_builtin_casters.cpp
Examining data/pybind11-2.6.1/tests/test_call_policies.cpp
Examining data/pybind11-2.6.1/tests/test_callbacks.cpp
Examining data/pybind11-2.6.1/tests/test_chrono.cpp
Examining data/pybind11-2.6.1/tests/test_class.cpp
Examining data/pybind11-2.6.1/tests/test_cmake_build/embed.cpp
Examining data/pybind11-2.6.1/tests/test_cmake_build/main.cpp
Examining data/pybind11-2.6.1/tests/test_constants_and_functions.cpp
Examining data/pybind11-2.6.1/tests/test_copy_move.cpp
Examining data/pybind11-2.6.1/tests/test_custom_type_casters.cpp
Examining data/pybind11-2.6.1/tests/test_docstring_options.cpp
Examining data/pybind11-2.6.1/tests/test_eigen.cpp
Examining data/pybind11-2.6.1/tests/test_embed/catch.cpp
Examining data/pybind11-2.6.1/tests/test_embed/external_module.cpp
Examining data/pybind11-2.6.1/tests/test_embed/test_interpreter.cpp
Examining data/pybind11-2.6.1/tests/test_enum.cpp
Examining data/pybind11-2.6.1/tests/test_eval.cpp
Examining data/pybind11-2.6.1/tests/test_exceptions.cpp
Examining data/pybind11-2.6.1/tests/test_factory_constructors.cpp
Examining data/pybind11-2.6.1/tests/test_gil_scoped.cpp
Examining data/pybind11-2.6.1/tests/test_iostream.cpp
Examining data/pybind11-2.6.1/tests/test_kwargs_and_defaults.cpp
Examining data/pybind11-2.6.1/tests/test_local_bindings.cpp
Examining data/pybind11-2.6.1/tests/test_methods_and_attributes.cpp
Examining data/pybind11-2.6.1/tests/test_modules.cpp
Examining data/pybind11-2.6.1/tests/test_multiple_inheritance.cpp
Examining data/pybind11-2.6.1/tests/test_numpy_array.cpp
Examining data/pybind11-2.6.1/tests/test_numpy_dtypes.cpp
Examining data/pybind11-2.6.1/tests/test_numpy_vectorize.cpp
Examining data/pybind11-2.6.1/tests/test_opaque_types.cpp
Examining data/pybind11-2.6.1/tests/test_operator_overloading.cpp
Examining data/pybind11-2.6.1/tests/test_pickling.cpp
Examining data/pybind11-2.6.1/tests/test_pytypes.cpp
Examining data/pybind11-2.6.1/tests/test_sequences_and_iterators.cpp
Examining data/pybind11-2.6.1/tests/test_smart_ptr.cpp
Examining data/pybind11-2.6.1/tests/test_stl.cpp
Examining data/pybind11-2.6.1/tests/test_stl_binders.cpp
Examining data/pybind11-2.6.1/tests/test_tagbased_polymorphic.cpp
Examining data/pybind11-2.6.1/tests/test_union.cpp
Examining data/pybind11-2.6.1/tests/test_virtual_functions.cpp
Examining data/pybind11-2.6.1/debian/tests/example/example.cpp
FINAL RESULTS:
data/pybind11-2.6.1/include/pybind11/detail/init.h:287:6: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void setstate(value_and_holder &v_h, T &&result, bool need_alias) {
data/pybind11-2.6.1/include/pybind11/detail/init.h:294:6: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void setstate(value_and_holder &v_h, std::pair<T, O> &&result, bool need_alias) {
data/pybind11-2.6.1/include/pybind11/detail/init.h:328:13: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
setstate<Class>(v_h, func(std::forward<ArgState>(state)),
data/pybind11-2.6.1/include/pybind11/pybind11.h:1744:35: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
detail::initimpl::setstate<Base>(v_h, static_cast<Type>(arg),
data/pybind11-2.6.1/include/pybind11/complex.h:24:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static constexpr const char value[3] = { 'Z', c, '\0' };
data/pybind11-2.6.1/include/pybind11/detail/class.h:632:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) tp_doc, rec.doc, size);
data/pybind11-2.6.1/include/pybind11/detail/common.h:747:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static constexpr const char value[2] = { c, '\0' };
data/pybind11-2.6.1/include/pybind11/detail/descr.h:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[N + 1];
data/pybind11-2.6.1/tests/test_buffers.cpp:27:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data, s.m_data, sizeof(float) * (size_t) (m_rows * m_cols));
data/pybind11-2.6.1/tests/test_buffers.cpp:48:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data, s.m_data, sizeof(float) * (size_t) (m_rows * m_cols));
data/pybind11-2.6.1/tests/test_buffers.cpp:88:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data(), info.ptr, sizeof(float) * (size_t) (v->rows() * v->cols()));
data/pybind11-2.6.1/tests/test_embed/test_interpreter.cpp:275:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test_module.open(module_file);
data/pybind11-2.6.1/tests/test_numpy_dtypes.cpp:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[3];
data/pybind11-2.6.1/tests/test_numpy_dtypes.cpp:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[3][4];
data/pybind11-2.6.1/tests/test_sequences_and_iterators.cpp:107:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data, &value[0], sizeof(float) * m_size);
data/pybind11-2.6.1/tests/test_sequences_and_iterators.cpp:112:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data, s.m_data, sizeof(float)*m_size);
data/pybind11-2.6.1/tests/test_sequences_and_iterators.cpp:127:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data, s.m_data, sizeof(float)*m_size);
data/pybind11-2.6.1/include/pybind11/attr.h:380:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!a.name || strlen(a.name) == 0)
data/pybind11-2.6.1/include/pybind11/detail/class.h:630:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(rec.doc) + 1;
data/pybind11-2.6.1/include/pybind11/detail/common.h:244:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = std::strlen(compiled_ver); \
data/pybind11-2.6.1/include/pybind11/numpy.h:1422:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!std::equal(buffers[i].shape.cbegin(), buffers[i].shape.cend(), shape.cbegin()))
data/pybind11-2.6.1/include/pybind11/pybind11.h:427:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (it->doc && strlen(it->doc) > 0 && options::show_user_defined_docstrings()) {
data/pybind11-2.6.1/include/pybind11/pybind11.h:1566:40: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (handle(kv.second[int_(0)]).equal(arg))
data/pybind11-2.6.1/include/pybind11/pybind11.h:1650:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
PYBIND11_ENUM_OP_CONV_LHS("__eq__", !b.is_none() && a.equal(b));
data/pybind11-2.6.1/include/pybind11/pybind11.h:1651:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
PYBIND11_ENUM_OP_CONV_LHS("__ne__", b.is_none() || !a.equal(b));
data/pybind11-2.6.1/include/pybind11/pybind11.h:1668:56: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
PYBIND11_ENUM_OP_STRICT("__eq__", int_(a).equal(int_(b)), return false);
data/pybind11-2.6.1/include/pybind11/pybind11.h:1669:56: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
PYBIND11_ENUM_OP_STRICT("__ne__", !int_(a).equal(int_(b)), return true);
data/pybind11-2.6.1/include/pybind11/pytypes.h:119:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(object_api const &other) const { return rich_compare(other, Py_EQ); }
data/pybind11-2.6.1/include/pybind11/pytypes.h:649:65: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
friend bool operator==(const It &a, const It &b) { return a.equal(b); }
data/pybind11-2.6.1/include/pybind11/pytypes.h:681:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const sequence_fast_readonly &b) const { return ptr == b.ptr; }
data/pybind11-2.6.1/include/pybind11/pytypes.h:702:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const sequence_slow_readwrite &b) const { return index == b.index; }
data/pybind11-2.6.1/include/pybind11/pytypes.h:723:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const dict_readonly &b) const { return pos == b.pos; }
data/pybind11-2.6.1/tests/test_builtin_casters.cpp:60:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m.def("strlen", [](char *s) { return strlen(s); });
data/pybind11-2.6.1/tests/test_pytypes.cpp:330:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
l.append(a.equal(b));
data/pybind11-2.6.1/tests/test_pytypes.cpp:407:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf, static_cast<py::ssize_t>(strlen(buf)));
ANALYSIS SUMMARY:
Hits = 35
Lines analyzed = 22854 in approximately 0.69 seconds (33110 lines/second)
Physical Source Lines of Code (SLOC) = 16126
Hits@level = [0] 0 [1] 18 [2] 13 [3] 4 [4] 0 [5] 0
Hits@level+ = [0+] 35 [1+] 35 [2+] 17 [3+] 4 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.17041 [1+] 2.17041 [2+] 1.0542 [3+] 0.248047 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.