Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tao-pegtl-2.8.3/include/tao/pegtl.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/analyze_cycles.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/counted.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/generic.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/grammar_info.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/insert_guard.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/rule_info.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/rule_type.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analyze.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/apply_mode.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/argv_input.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/ascii.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/buffer_input.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_action.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_action_and_state.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_action_and_states.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_control.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_state.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_states.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/config.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/abnf.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/alphabet.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/changes.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/counter.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/http.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/icu/internal.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/icu/utf16.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/icu/utf32.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/icu/utf8.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/if_then.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/integer.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/json.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/json_pointer.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/parse_tree.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/parse_tree_to_dot.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/raw_string.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/remove_first_state.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/remove_last_states.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/rep_one_min_max.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/rep_string.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/shuffle_states.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/to_string.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/tracer.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/unescape.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/uri.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/cstream_input.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/disable_action.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/discard_input.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/discard_input_on_failure.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/discard_input_on_success.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/enable_action.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/eol.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/eol_pair.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/file_input.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/input_error.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/action.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/action_input.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/alnum.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/alpha.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/always_false.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/any.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/apply.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/apply0.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/apply0_single.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/apply_single.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/at.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/bof.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/bol.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/bump.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/bump_help.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/bytes.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/control.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/cr_crlf_eol.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/cr_eol.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/crlf_eol.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/cstream_reader.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/cstring_reader.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/demangle.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/demangle_cxxabi.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/demangle_nop.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/demangle_sanitise.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/disable.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/discard.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/dusel_mode.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/duseltronik.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/enable.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_win.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/eof.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/eol.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/eolf.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_posix.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_opener.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_reader.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/has_apply.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/has_apply0.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/has_match.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/identifier.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/if_apply.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/if_missing.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/if_must.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/if_must_else.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/if_then_else.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/input_pair.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/integer_sequence.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/istream_reader.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/istring.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/iterator.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/lf_crlf_eol.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/lf_eol.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/list.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/list_must.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/list_tail.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/list_tail_pad.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/marker.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/must.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/not_at.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/one.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/opt.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/pad.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/pad_opt.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_char.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_mask_uint.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_mask_uint8.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_uint.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_uint8.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf16.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf32.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf8.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/pegtl_string.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/plus.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/raise.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/range.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/ranges.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rematch.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rep.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rep_min.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rep_min_max.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rep_opt.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/require.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/result_on_found.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rules.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/seq.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/skip_control.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/sor.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/star.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/star_must.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/state.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/string.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/trivial.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/try_catch_type.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/until.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/istream_input.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/match.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/memory_input.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/mmap_input.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/normal.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/nothing.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/parse.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/parse_error.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/position.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/read_input.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/require_apply.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/require_apply0.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/rewind_mode.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/rules.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/string_input.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/tracking_mode.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/uint16.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/uint32.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/uint64.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/uint8.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/utf16.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/utf32.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/utf8.hpp
Examining data/tao-pegtl-2.8.3/include/tao/pegtl/version.hpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/abnf2pegtl.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/analyze.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/calculator.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/chomsky_hierarchy.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/csv1.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/csv2.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/double.hpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/dynamic_match.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/hello_world.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/indent_aware.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_build.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_classes.hpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_count.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_errors.hpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_parse.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_unescape.hpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/lua53_parse.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/modulus_match.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/parse_tree.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/parse_tree_user_state.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/proto3.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/recover.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/s_expression.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/sum.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/symbol_table.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/unescape.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/uri.cpp
Examining data/tao-pegtl-2.8.3/src/example/pegtl/uri_trace.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/action_enable.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/action_match.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/actions_one.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/actions_three.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/actions_two.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/analyze_cycles.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/argv_input.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_classes.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_eol.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_eolf.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_forty_two.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_identifier.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_istring.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_keyword.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_shebang.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_string.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_three.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_two.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/buffer_input.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/change_action_and_state.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/change_action_and_states.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/change_state.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/change_states.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_alphabet.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_http.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_if_then.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_integer.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_json.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_parse_tree.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_partial_trace.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_raw_string.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_rep_one_min_max.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_to_string.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_tracer.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_unescape.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_uri.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/data_cstring.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/demangle.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/discard_input.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/file_cstream.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/file_file.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/file_istream.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/file_mmap.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/file_read.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/internal_endian.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/internal_file_mapper.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/internal_file_opener.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/main.hpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/pegtl_string_t.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/position.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/result_type.hpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_action.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_apply.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_apply0.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_at.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_bof.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_bol.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_bytes.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_control.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_disable.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_enable.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_eof.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_failure.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_if_apply.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_if_must.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_if_must_else.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_if_then_else.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_list.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_list_must.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_list_tail.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_minus.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_must.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_not_at.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_opt.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_opt_must.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_pad.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_pad_opt.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_plus.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rematch.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rep.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rep_max.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rep_min.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rep_min_max.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rep_opt.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_require.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_seq.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_sor.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_star.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_star_must.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_state.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_success.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_try_catch.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_until.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/test.hpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/tester.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/uint16_general.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/uint32_general.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/uint64_general.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/uint8_general.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/utf16_general.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/utf32_general.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/utf8_general.cpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_analyze.hpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_char.hpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_fail.hpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_file.hpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_ifmt.hpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_impl.hpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_rule.hpp
Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_seqs.hpp
FINAL RESULTS:
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:67:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &u, &n, 4 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:69:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &n, &u, 4 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:90:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &u, &n, 8 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:92:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &n, &u, 8 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:160:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &u, &n, 4 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:162:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &n, &u, 4 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:183:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &u, &n, 8 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:185:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &n, &u, 8 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_win.hpp:65:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &u, &n, 4 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_win.hpp:67:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &n, &u, 4 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_win.hpp:88:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &u, &n, 8 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_win.hpp:90:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( &n, &u, 8 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp:42:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_handle( open() )
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp:70:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HANDLE open() const
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp:110:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_handle( open( reader ) )
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp:129:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
HANDLE open( const win32_file_opener& reader ) const
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_opener.hpp:27:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fd( open() )
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_opener.hpp:56:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open() const
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_opener.hpp:59:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int fd = ::open( m_source, // NOLINT
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_reader.hpp:28:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( auto* file = std::fopen( filename, "rb" ) ) // NOLINT
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_reader.hpp:30:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( auto* file = std::fopen( filename, "rbe" ) ) // NOLINT
data/tao-pegtl-2.8.3/src/example/pegtl/calculator.cpp:103:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/tao-pegtl-2.8.3/src/example/pegtl/calculator.cpp:106:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open()
data/tao-pegtl-2.8.3/src/example/pegtl/calculator.cpp:326:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s.open();
data/tao-pegtl-2.8.3/src/test/pegtl/argv_input.cpp:16:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[ 12 ]; // NOLINT
data/tao-pegtl-2.8.3/src/test/pegtl/argv_input.cpp:17:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( data, "foo\0bar\0baz", 12 );
data/tao-pegtl-2.8.3/src/test/pegtl/file_cstream.cpp:28:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
std::FILE* stream = std::fopen( filename, "rb" ); // NOLINT
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp:73:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::wstring ws( m_source, m_source + strlen( m_source ) );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_reader.hpp:87:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::string read() const
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/istream_reader.hpp:27:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_istream.read( buffer, std::streamsize( length ) );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_mask_uint.hpp:33:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const data_t data = R::read( in.current() ) & M;
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_uint.hpp:33:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const data_t data = R::read( in.current() );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf16.hpp:37:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const char32_t t = R::read( in.current() );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf16.hpp:44:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const char32_t u = R::read( in.current() + 2 );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf32.hpp:34:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const char32_t t = R::read( in.current() );
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:23:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static std::uint16_t read( const void* d ) noexcept
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:33:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static std::uint16_t read( const void* d ) noexcept
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:43:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static std::uint32_t read( const void* d ) noexcept
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:53:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static std::uint32_t read( const void* d ) noexcept
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:63:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static std::uint64_t read( const void* d ) noexcept
data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:73:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static std::uint64_t read( const void* d ) noexcept
data/tao-pegtl-2.8.3/include/tao/pegtl/memory_input.hpp:256:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: memory_input( in_begin, std::strlen( in_begin ), std::forward< T >( in_source ) )
data/tao-pegtl-2.8.3/include/tao/pegtl/read_input.hpp:51:94: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string_input< P, Eol, const char* >( internal::file_reader( filename.c_str() ).read(), filename.c_str() )
data/tao-pegtl-2.8.3/include/tao/pegtl/read_input.hpp:58:103: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string_input< P, Eol, const char* >( internal::file_reader( in_file, filename.c_str() ).read(), filename.c_str() )
ANALYSIS SUMMARY:
Hits = 44
Lines analyzed = 24697 in approximately 0.68 seconds (36508 lines/second)
Physical Source Lines of Code (SLOC) = 19072
Hits@level = [0] 2 [1] 17 [2] 27 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 46 [1+] 44 [2+] 27 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.41191 [1+] 2.30705 [2+] 1.41569 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.