stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_session.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_message.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_uds_transport.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_transport_handler.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_subscribe_options.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_subscribe_request.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_unsubscribe_request.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/exceptions.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_message_type.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_challenge.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_publish_options.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_unregister_request.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_registration.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_subscription.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/boost_config.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_register_request.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_call.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_event.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_arguments.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_auth_utils.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_invocation.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_websocket_transport.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_event_handler.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_rawsocket_transport.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_websocketpp_websocket_transport.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_procedure.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_tcp_transport.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_call_options.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_transport.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/autobahn.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_authenticate.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_publication.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_call_result.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/examples/subscriber.cpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/examples/caller.cpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/examples/callee.cpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/examples/provide_prefix.cpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/examples/uds.cpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/examples/parameters.cpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/examples/publisher.cpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/examples/websocket_callee.cpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/examples/parameters.hpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/examples/wampcra.cpp
Examining data/autobahn-cpp-17.5.1+git7cc5d37/examples/callee_new.cpp

FINAL RESULTS:

data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_rawsocket_transport.hpp:158:26:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            const boost::system::error_code& error_code,
data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_rawsocket_transport.hpp:164:26:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            const boost::system::error_code& error,
data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_rawsocket_transport.hpp:168:26:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            const boost::system::error_code& error,
data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_session.hpp:331:43:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    void got_handshake_reply(const boost::system::error_code& error);
data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_session.hpp:332:42:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    void got_message_header(const boost::system::error_code& error);
data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_session.hpp:333:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    void got_message_body(const boost::system::error_code& error);
data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_auth_utils.hpp:160:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[32];
data/autobahn-cpp-17.5.1+git7cc5d37/examples/callee_new.cpp:78:104:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        auto endpoint = boost::asio::ip::tcp::endpoint(boost::asio::ip::address::from_string(argv[1]), atoi(argv[2]));
data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_arguments.hpp:74:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    std::size_t key_size = strlen(key);
data/autobahn-cpp-17.5.1+git7cc5d37/autobahn/wamp_arguments.hpp:109:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    std::size_t key_size = strlen(key);

ANALYSIS SUMMARY:

Hits = 10
Lines analyzed = 5256 in approximately 0.14 seconds (37251 lines/second)
Physical Source Lines of Code (SLOC) = 2133
Hits@level = [0]   0 [1]   2 [2]   2 [3]   0 [4]   6 [5]   0
Hits@level+ = [0+]  10 [1+]  10 [2+]   8 [3+]   6 [4+]   6 [5+]   0
Hits/KSLOC@level+ = [0+] 4.68823 [1+] 4.68823 [2+] 3.75059 [3+] 2.81294 [4+] 2.81294 [5+]   0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.