Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-ddalpha-1.3.11/src/AlphaProcedure.cpp
Examining data/r-cran-ddalpha-1.3.11/src/TukeyDepth.cpp
Examining data/r-cran-ddalpha-1.3.11/src/DataStructures.h
Examining data/r-cran-ddalpha-1.3.11/src/SimplicialDepth.cpp
Examining data/r-cran-ddalpha-1.3.11/src/ZonoidDepth.cpp
Examining data/r-cran-ddalpha-1.3.11/src/Polynomial.cpp
Examining data/r-cran-ddalpha-1.3.11/src/OjaDepth.h
Examining data/r-cran-ddalpha-1.3.11/src/ProjectionDepth.cpp
Examining data/r-cran-ddalpha-1.3.11/src/Knn.cpp
Examining data/r-cran-ddalpha-1.3.11/src/BandDepth.h
Examining data/r-cran-ddalpha-1.3.11/src/Common.cpp
Examining data/r-cran-ddalpha-1.3.11/src/DKnn.h
Examining data/r-cran-ddalpha-1.3.11/src/BandDepth.cpp
Examining data/r-cran-ddalpha-1.3.11/src/LensDepth.cpp
Examining data/r-cran-ddalpha-1.3.11/src/Common.h
Examining data/r-cran-ddalpha-1.3.11/src/SimplicialDepth.h
Examining data/r-cran-ddalpha-1.3.11/src/init.c
Examining data/r-cran-ddalpha-1.3.11/src/LensDepth.h
Examining data/r-cran-ddalpha-1.3.11/src/TukeyDepth.h
Examining data/r-cran-ddalpha-1.3.11/src/ddalpha.cpp
Examining data/r-cran-ddalpha-1.3.11/src/Polynomial.h
Examining data/r-cran-ddalpha-1.3.11/src/DKnn.cpp
Examining data/r-cran-ddalpha-1.3.11/src/PotentialDepth.h
Examining data/r-cran-ddalpha-1.3.11/src/Mahalanobis.cpp
Examining data/r-cran-ddalpha-1.3.11/src/asa047.cpp
Examining data/r-cran-ddalpha-1.3.11/src/AlphaProcedure.h
Examining data/r-cran-ddalpha-1.3.11/src/Mahalanobis.h
Examining data/r-cran-ddalpha-1.3.11/src/OjaDepth.cpp
Examining data/r-cran-ddalpha-1.3.11/src/asa047.h
Examining data/r-cran-ddalpha-1.3.11/src/stdafx.h
Examining data/r-cran-ddalpha-1.3.11/src/ZonoidDepth.h
Examining data/r-cran-ddalpha-1.3.11/src/PotentialDepth.cpp
Examining data/r-cran-ddalpha-1.3.11/src/stdafx.cpp
Examining data/r-cran-ddalpha-1.3.11/src/HD.h
Examining data/r-cran-ddalpha-1.3.11/src/ProjectionDepth.h
Examining data/r-cran-ddalpha-1.3.11/src/HD.cpp
Examining data/r-cran-ddalpha-1.3.11/src/Knn.h
FINAL RESULTS:
data/r-cran-ddalpha-1.3.11/src/Common.cpp:12:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern boost::random::rand48 rEngine;
data/r-cran-ddalpha-1.3.11/src/Common.cpp:13:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern boost::random::normal_distribution<double> normDist;
data/r-cran-ddalpha-1.3.11/src/OjaDepth.cpp:83:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
counters[j] = random(n);
data/r-cran-ddalpha-1.3.11/src/Polynomial.cpp:135:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
smp.insert(usedIndexesY[random(ny)]);
data/r-cran-ddalpha-1.3.11/src/Polynomial.cpp:137:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
smp.insert(usedIndexesX[random(nx)]);
data/r-cran-ddalpha-1.3.11/src/SimplicialDepth.cpp:80:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
counters[j] = random(n);
data/r-cran-ddalpha-1.3.11/src/ZonoidDepth.cpp:205:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return I[random(I.size())];
data/r-cran-ddalpha-1.3.11/src/ddalpha.cpp:22:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::rand48 rEngine;
data/r-cran-ddalpha-1.3.11/src/ddalpha.cpp:23:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::normal_distribution<double> normDist;
data/r-cran-ddalpha-1.3.11/src/stdafx.cpp:10:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern boost::random::rand48 rEngine;
data/r-cran-ddalpha-1.3.11/src/stdafx.cpp:11:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
extern boost::random::normal_distribution<double> normDist;
data/r-cran-ddalpha-1.3.11/src/stdafx.cpp:13:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random(int x){
data/r-cran-ddalpha-1.3.11/src/stdafx.cpp:15:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return c == x ? random(x) : c;
data/r-cran-ddalpha-1.3.11/src/stdafx.h:54:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random(int x);
data/r-cran-ddalpha-1.3.11/src/BandDepth.cpp:43:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, x[iObs][iTime], d * sizeof(double)); b[d] = 1;
data/r-cran-ddalpha-1.3.11/src/Common.cpp:48:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, X[0], n*d*sizeof(double));
data/r-cran-ddalpha-1.3.11/src/DKnn.cpp:170:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(testlabels + hadObjects, checklabels, chunkSize*sizeof(int));
data/r-cran-ddalpha-1.3.11/src/SimplicialDepth.cpp:36:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, x[obs], d*sizeof(double)); b[d] = 1;
data/r-cran-ddalpha-1.3.11/src/SimplicialDepth.cpp:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, x[obs], d*sizeof(double)); b[d] = 1;
ANALYSIS SUMMARY:
Hits = 19
Lines analyzed = 5363 in approximately 0.17 seconds (30759 lines/second)
Physical Source Lines of Code (SLOC) = 3715
Hits@level = [0] 0 [1] 0 [2] 5 [3] 14 [4] 0 [5] 0
Hits@level+ = [0+] 19 [1+] 19 [2+] 19 [3+] 14 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 5.1144 [1+] 5.1144 [2+] 5.1144 [3+] 3.76851 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.