stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/include/diagnostic_aggregator/aggregator.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/include/diagnostic_aggregator/analyzer.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/include/diagnostic_aggregator/analyzer_group.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/include/diagnostic_aggregator/discard_analyzer.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/include/diagnostic_aggregator/generic_analyzer.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/include/diagnostic_aggregator/generic_analyzer_base.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/include/diagnostic_aggregator/ignore_analyzer.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/include/diagnostic_aggregator/other_analyzer.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/include/diagnostic_aggregator/status_item.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/src/aggregator.cpp
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/src/aggregator_node.cpp
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/src/analyzer_group.cpp
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/src/discard_analyzer.cpp
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/src/generic_analyzer.cpp
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/src/ignore_analyzer.cpp
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/src/status_item.cpp
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_aggregator/test/analyzer_loader.cpp
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/DiagnosticStatusWrapper.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/diagnostic_updater.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/publisher.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/update_functions.h
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/src/example.cpp
Examining data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/test/diagnostic_updater_test.cpp
Examining data/ros-diagnostics-1.10.1+ds1/self_test/include/self_test/self_test.h
Examining data/ros-diagnostics-1.10.1+ds1/self_test/src/run_selftest.cpp
Examining data/ros-diagnostics-1.10.1+ds1/self_test/src/selftest_example.cpp
Examining data/ros-diagnostics-1.10.1+ds1/self_test/src/selftest_rostest.cpp
Examining data/ros-diagnostics-1.10.1+ds1/self_test/test/error_selftest.cpp
Examining data/ros-diagnostics-1.10.1+ds1/self_test/test/exception_selftest.cpp
Examining data/ros-diagnostics-1.10.1+ds1/self_test/test/no_id_selftest.cpp
Examining data/ros-diagnostics-1.10.1+ds1/self_test/test/nominal_selftest.cpp
Examining data/ros-diagnostics-1.10.1+ds1/test_diagnostic_aggregator/include/test_diagnostic_aggregator/fail_init_analyzer.h
Examining data/ros-diagnostics-1.10.1+ds1/test_diagnostic_aggregator/include/test_diagnostic_aggregator/match_no_analyze_analyzer.h
Examining data/ros-diagnostics-1.10.1+ds1/test_diagnostic_aggregator/src/fail_init_analyzer.cpp
Examining data/ros-diagnostics-1.10.1+ds1/test_diagnostic_aggregator/src/match_no_analyze_analyzer.cpp

FINAL RESULTS:

data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/DiagnosticStatusWrapper.h:145:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        if (vsnprintf(buff, 1000, format, va) >= 1000)
data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/DiagnosticStatusWrapper.h:168:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        if (vsnprintf(buff, 1000, format, va) >= 1000)
data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/DiagnosticStatusWrapper.h:261:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    if (vsnprintf(buff, 1000, format, va) >= 1000)
data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/diagnostic_updater.h:500:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        if (vsnprintf(buff, 1000, format, va) >= 1000)
data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/DiagnosticStatusWrapper.h:143:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buff[1000]; // @todo This could be done more elegantly.
data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/DiagnosticStatusWrapper.h:166:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buff[1000]; // @todo This could be done more elegantly.
data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/DiagnosticStatusWrapper.h:259:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[1000]; // @todo This could be done more elegantly.
data/ros-diagnostics-1.10.1+ds1/diagnostic_updater/include/diagnostic_updater/diagnostic_updater.h:498:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buff[1000]; // @todo This could be done more elegantly.

ANALYSIS SUMMARY:

Hits = 8
Lines analyzed = 6452 in approximately 0.26 seconds (25225 lines/second)
Physical Source Lines of Code (SLOC) = 2995
Hits@level = [0]  19 [1]   0 [2]   4 [3]   0 [4]   4 [5]   0
Hits@level+ = [0+]  27 [1+]   8 [2+]   8 [3+]   4 [4+]   4 [5+]   0
Hits/KSLOC@level+ = [0+] 9.01503 [1+] 2.67112 [2+] 2.67112 [3+] 1.33556 [4+] 1.33556 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.