stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-rprotobuf-0.4.17/src/DescriptorPoolLookup.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/ConnectionInputStream.h
Examining data/r-cran-rprotobuf-0.4.17/src/streams.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/Rcppsupport.h
Examining data/r-cran-rprotobuf-0.4.17/src/wrapper_ArrayOutputStream.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/ConnectionCopyingInputStream.h
Examining data/r-cran-rprotobuf-0.4.17/src/RSourceTree.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/rprotobuf.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/ConnectionOutputStream.h
Examining data/r-cran-rprotobuf-0.4.17/src/RcppMacros.h
Examining data/r-cran-rprotobuf-0.4.17/src/RWarningErrorCollector.h
Examining data/r-cran-rprotobuf-0.4.17/src/DescriptorPoolLookup.h
Examining data/r-cran-rprotobuf-0.4.17/src/ZeroCopyOutputStreamWrapper.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/ConnectionCopyingOutputStream.h
Examining data/r-cran-rprotobuf-0.4.17/src/extractors.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/wrapper_FieldDescriptor.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/wrapper_ServiceDescriptor.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/RconnectionCopyingInputStream.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/wrapper_ZeroCopyInputStream.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/wrapper_EnumDescriptor.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/init.c
Examining data/r-cran-rprotobuf-0.4.17/src/wrapper_ArrayInputStream.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/RconnectionCopyingInputStream.h
Examining data/r-cran-rprotobuf-0.4.17/src/wrapper_FileDescriptor.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/wrapper_MethodDescriptor.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/ConnectionCopyingInputStream.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/ConnectionInputStream.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/mutators.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/wrapper_EnumValueDescriptor.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/lookup.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/ConnectionCopyingOutputStream.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/RSourceTree.h
Examining data/r-cran-rprotobuf-0.4.17/src/fieldtypes.h
Examining data/r-cran-rprotobuf-0.4.17/src/rprotobuf.h
Examining data/r-cran-rprotobuf-0.4.17/src/wrapper_Message.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/wrapper_Descriptor.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/ZeroCopyInputStreamWrapper.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/S4_classes.h
Examining data/r-cran-rprotobuf-0.4.17/src/extensions.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/RWarningErrorCollector.cpp
Examining data/r-cran-rprotobuf-0.4.17/src/ConnectionOutputStream.cpp

FINAL RESULTS:

data/r-cran-rprotobuf-0.4.17/src/ConnectionCopyingInputStream.cpp:22:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, res.begin(), res.size());
data/r-cran-rprotobuf-0.4.17/src/ConnectionCopyingOutputStream.cpp:14:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(payload.begin(), buffer, size);
data/r-cran-rprotobuf-0.4.17/src/RSourceTree.cpp:11:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int file_descriptor = open(filename.c_str(), O_RDONLY);
data/r-cran-rprotobuf-0.4.17/src/RSourceTree.cpp:21:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            file_descriptor = open(file.c_str(), O_RDONLY);
data/r-cran-rprotobuf-0.4.17/src/RconnectionCopyingInputStream.cpp:33:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, reinterpret_cast<const void*>(res.begin()), len);
data/r-cran-rprotobuf-0.4.17/src/streams.cpp:19:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(CHAR(STRING_ELT(filename, 0)), O_RDONLY | O_BINARY);
data/r-cran-rprotobuf-0.4.17/src/streams.cpp:83:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, RAW(payload), s);
data/r-cran-rprotobuf-0.4.17/src/streams.cpp:110:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(CHAR(STRING_ELT(filename, 0)), O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0666);
data/r-cran-rprotobuf-0.4.17/src/wrapper_Descriptor.cpp:129:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int file = open(filename.c_str(), O_RDONLY | O_BINARY);
data/r-cran-rprotobuf-0.4.17/src/wrapper_Message.cpp:132:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int file = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0666);

ANALYSIS SUMMARY:

Hits = 10
Lines analyzed = 6117 in approximately 0.16 seconds (37319 lines/second)
Physical Source Lines of Code (SLOC) = 4442
Hits@level = [0]   0 [1]   0 [2]  10 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  10 [1+]  10 [2+]  10 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 2.25124 [1+] 2.25124 [2+] 2.25124 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.