Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/antlr-2.7.7+dfsg/examples/python/cpp/subincl.h Examining data/antlr-2.7.7+dfsg/examples/python/cpp/incl.h Examining data/antlr-2.7.7+dfsg/examples/python/includeFile/subincl.h Examining data/antlr-2.7.7+dfsg/examples/python/includeFile/incl.h Examining data/antlr-2.7.7+dfsg/examples/csharp/ParseTreeDebug/input.c Examining data/antlr-2.7.7+dfsg/examples/csharp/ParseTreeDebug/decl.c Examining data/antlr-2.7.7+dfsg/examples/csharp/tinyc/input.c Examining data/antlr-2.7.7+dfsg/examples/csharp/cpp/subincl.h Examining data/antlr-2.7.7+dfsg/examples/csharp/cpp/incl.h Examining data/antlr-2.7.7+dfsg/examples/csharp/TokenStreamRewrite/input.c Examining data/antlr-2.7.7+dfsg/examples/csharp/inherit.tinyc/input.c Examining data/antlr-2.7.7+dfsg/examples/csharp/includeFile/subincl.h Examining data/antlr-2.7.7+dfsg/examples/csharp/includeFile/incl.h Examining data/antlr-2.7.7+dfsg/examples/csharp/includeFile/test.c Examining data/antlr-2.7.7+dfsg/examples/cpp/ASTsupport/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/heteroAST/CalcAST.hpp Examining data/antlr-2.7.7+dfsg/examples/cpp/heteroAST/INTNode.hpp Examining data/antlr-2.7.7+dfsg/examples/cpp/heteroAST/PLUSNode.hpp Examining data/antlr-2.7.7+dfsg/examples/cpp/heteroAST/BinaryOperatorAST.hpp Examining data/antlr-2.7.7+dfsg/examples/cpp/heteroAST/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/heteroAST/MULTNode.hpp Examining data/antlr-2.7.7+dfsg/examples/cpp/tinyc/input.c Examining data/antlr-2.7.7+dfsg/examples/cpp/tinyc/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/preserveWhiteSpace/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/unicode/MismatchedUnicodeCharException.hpp Examining data/antlr-2.7.7+dfsg/examples/cpp/unicode/UnicodeCharBuffer.hpp Examining data/antlr-2.7.7+dfsg/examples/cpp/unicode/main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/unicode/MismatchedUnicodeCharException.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/unicode/UnicodeCharScanner.hpp Examining data/antlr-2.7.7+dfsg/examples/cpp/calc/Main3.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/calc/Main2.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/calc/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/filter/Test.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/multiParser/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/transform/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/multiLexer/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/parseBinary/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/treewalk/MyAST.h Examining data/antlr-2.7.7+dfsg/examples/cpp/treewalk/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/IDL/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/inherit.tinyc/input.c Examining data/antlr-2.7.7+dfsg/examples/cpp/inherit.tinyc/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/HTML/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/imagNodeAST/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/flexLexer/LexTokenStream.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/flexLexer/LexTokenStream.hpp Examining data/antlr-2.7.7+dfsg/examples/cpp/flexLexer/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/filterWithRule/Test.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/exprAST/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/tokenStreamRewrite/input.c Examining data/antlr-2.7.7+dfsg/examples/cpp/tokenStreamRewrite/main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/includeFile/Main.hpp Examining data/antlr-2.7.7+dfsg/examples/cpp/includeFile/subincl.h Examining data/antlr-2.7.7+dfsg/examples/cpp/includeFile/incl.h Examining data/antlr-2.7.7+dfsg/examples/cpp/includeFile/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/includeFile/test.c Examining data/antlr-2.7.7+dfsg/examples/cpp/java/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/cpp/lexRewrite/Main.cpp Examining data/antlr-2.7.7+dfsg/examples/java/tinyc/input.c Examining data/antlr-2.7.7+dfsg/examples/java/cpp/subincl.h Examining data/antlr-2.7.7+dfsg/examples/java/cpp/incl.h Examining data/antlr-2.7.7+dfsg/examples/java/inherit.tinyc/input.c Examining data/antlr-2.7.7+dfsg/examples/java/includeFile/subincl.h Examining data/antlr-2.7.7+dfsg/examples/java/includeFile/incl.h Examining data/antlr-2.7.7+dfsg/examples/java/includeFile/test.c Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenStreamSelector.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TreeParser.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/ASTPair.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/ParserSharedInputState.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/ASTNULLType.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/AST.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenStreamException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/NoViableAltForCharException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenWithIndex.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/IOException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/CommonASTWithHiddenTokens.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/BitSet.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/BaseAST.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/CommonAST.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/RecognitionException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/CharBuffer.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/MismatchedCharException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/CharStreamIOException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/ASTRefCount.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenStreamBasicFilter.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/LexerSharedInputState.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/CommonToken.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenStreamRetryException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/ASTArray.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenStream.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/CircularQueue.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TreeParserSharedInputState.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenBuffer.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/Parser.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/CharStreamException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/SemanticException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/CharInputBuffer.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/String.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/InputBuffer.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/MismatchedTokenException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenStreamIOException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenStreamRecognitionException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/ASTFactory.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenStreamHiddenTokenFilter.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenRefCount.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/CommonHiddenStreamToken.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/ANTLRException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/NoViableAltException.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/TokenStreamRewriteEngine.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/Token.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/LLkParser.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/ANTLRUtil.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/config.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/RefCount.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/antlr/CharScanner.hpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/TokenStreamHiddenTokenFilter.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/LLkParser.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/NoViableAltException.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/TokenStreamSelector.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/ANTLRUtil.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/ASTRefCount.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/TokenBuffer.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/InputBuffer.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/CommonAST.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/BitSet.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/TokenRefCount.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/RecognitionException.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/TreeParser.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/String.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/BaseAST.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/CommonHiddenStreamToken.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/MismatchedCharException.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/Token.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/TokenStreamRewriteEngine.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/CommonASTWithHiddenTokens.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/CommonToken.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/MismatchedTokenException.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/Parser.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/dll.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/ASTNULLType.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/CharBuffer.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/ASTFactory.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/TokenStreamBasicFilter.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/CharScanner.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/src/NoViableAltForCharException.cpp Examining data/antlr-2.7.7+dfsg/lib/cpp/contrib/bcb4/antlr.cpp FINAL RESULTS: data/antlr-2.7.7+dfsg/lib/cpp/src/String.cpp:24:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. using std::sprintf; data/antlr-2.7.7+dfsg/lib/cpp/src/String.cpp:29:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. ANTLR_C_USING(sprintf) data/antlr-2.7.7+dfsg/examples/cpp/flexLexer/Main.cpp:53:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fp = fopen(f.c_str(),"r"); data/antlr-2.7.7+dfsg/examples/cpp/heteroAST/INTNode.hpp:41:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v = atoi(txt.c_str()); data/antlr-2.7.7+dfsg/examples/cpp/heteroAST/INTNode.hpp:50:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). v = atoi(tok->getText().c_str()); data/antlr-2.7.7+dfsg/examples/cpp/tokenStreamRewrite/main.cpp:18:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open( argv[1] ); data/antlr-2.7.7+dfsg/examples/cpp/unicode/main.cpp:32:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s.open(argv[i]); data/antlr-2.7.7+dfsg/lib/cpp/src/CommonAST.cpp:31:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int type = ANTLR_USE_NAMESPACE(std)atoi(t2.c_str()); data/antlr-2.7.7+dfsg/lib/cpp/src/CommonAST.cpp:33:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int type = atoi(t2.c_str()); data/antlr-2.7.7+dfsg/lib/cpp/src/String.cpp:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[100]; data/antlr-2.7.7+dfsg/lib/cpp/src/String.cpp:34:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp,"%d",rhs); data/antlr-2.7.7+dfsg/lib/cpp/src/String.cpp:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[100]; data/antlr-2.7.7+dfsg/lib/cpp/src/String.cpp:41:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp,"%u",rhs); data/antlr-2.7.7+dfsg/examples/cpp/calc/Main3.cpp:25:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CharInputBuffer input( reinterpret_cast<unsigned char*>(argv[1]), strlen(argv[1]) ); data/antlr-2.7.7+dfsg/examples/cpp/unicode/main.cpp:28:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if( argv[i][0] == '-' && strlen(argv[i]) == 1 ) ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 11447 in approximately 0.34 seconds (34008 lines/second) Physical Source Lines of Code (SLOC) = 7595 Hits@level = [0] 0 [1] 2 [2] 11 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 15 [1+] 15 [2+] 13 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 1.97498 [1+] 1.97498 [2+] 1.71165 [3+] 0.263331 [4+] 0.263331 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.