Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/breathe-4.24.0/documentation/source/code/groups.h Examining data/breathe-4.24.0/documentation/source/code/namespaces.h Examining data/breathe-4.24.0/documentation/source/code/nested_list_1.h Examining data/breathe-4.24.0/documentation/source/code/nested_list_2.h Examining data/breathe-4.24.0/documentation/source/code/nested_list_3.h Examining data/breathe-4.24.0/documentation/source/code/nested_list_4.h Examining data/breathe-4.24.0/documentation/source/code/nested_list_5.h Examining data/breathe-4.24.0/documentation/source/code/nutshell.h Examining data/breathe-4.24.0/examples/doxygen/afterdoc.h Examining data/breathe-4.24.0/examples/doxygen/author.cpp Examining data/breathe-4.24.0/examples/doxygen/autolink.cpp Examining data/breathe-4.24.0/examples/doxygen/class.h Examining data/breathe-4.24.0/examples/doxygen/define.h Examining data/breathe-4.24.0/examples/doxygen/diagrams_a.h Examining data/breathe-4.24.0/examples/doxygen/diagrams_b.h Examining data/breathe-4.24.0/examples/doxygen/diagrams_c.h Examining data/breathe-4.24.0/examples/doxygen/diagrams_d.h Examining data/breathe-4.24.0/examples/doxygen/diagrams_e.h Examining data/breathe-4.24.0/examples/doxygen/enum.h Examining data/breathe-4.24.0/examples/doxygen/example.cpp Examining data/breathe-4.24.0/examples/doxygen/example_test.cpp Examining data/breathe-4.24.0/examples/doxygen/file.h Examining data/breathe-4.24.0/examples/doxygen/func.h Examining data/breathe-4.24.0/examples/doxygen/group.cpp Examining data/breathe-4.24.0/examples/doxygen/include.cpp Examining data/breathe-4.24.0/examples/doxygen/interface.h Examining data/breathe-4.24.0/examples/doxygen/jdstyle.cpp Examining data/breathe-4.24.0/examples/doxygen/manual.c Examining data/breathe-4.24.0/examples/doxygen/memgrp.cpp Examining data/breathe-4.24.0/examples/doxygen/overload.cpp Examining data/breathe-4.24.0/examples/doxygen/par.cpp Examining data/breathe-4.24.0/examples/doxygen/qtstyle.cpp Examining data/breathe-4.24.0/examples/doxygen/relates.cpp Examining data/breathe-4.24.0/examples/doxygen/restypedef.cpp Examining data/breathe-4.24.0/examples/doxygen/structcmd.h Examining data/breathe-4.24.0/examples/doxygen/tag.cpp Examining data/breathe-4.24.0/examples/doxygen/templ.cpp Examining data/breathe-4.24.0/examples/specific/alias.h Examining data/breathe-4.24.0/examples/specific/array.h Examining data/breathe-4.24.0/examples/specific/auto_class.h Examining data/breathe-4.24.0/examples/specific/auto_function.h Examining data/breathe-4.24.0/examples/specific/c_enum.h Examining data/breathe-4.24.0/examples/specific/c_file.h Examining data/breathe-4.24.0/examples/specific/c_macro.h Examining data/breathe-4.24.0/examples/specific/c_struct.h Examining data/breathe-4.24.0/examples/specific/c_typedef.h Examining data/breathe-4.24.0/examples/specific/c_union.h Examining data/breathe-4.24.0/examples/specific/class.cpp Examining data/breathe-4.24.0/examples/specific/class.h Examining data/breathe-4.24.0/examples/specific/cpp_anon.h Examining data/breathe-4.24.0/examples/specific/cpp_enum.h Examining data/breathe-4.24.0/examples/specific/cpp_friendclass.h Examining data/breathe-4.24.0/examples/specific/cpp_function.h Examining data/breathe-4.24.0/examples/specific/cpp_inherited_members.h Examining data/breathe-4.24.0/examples/specific/cpp_trailing_return_type.h Examining data/breathe-4.24.0/examples/specific/cpp_union.h Examining data/breathe-4.24.0/examples/specific/decl_impl.c Examining data/breathe-4.24.0/examples/specific/decl_impl.h Examining data/breathe-4.24.0/examples/specific/define.h Examining data/breathe-4.24.0/examples/specific/enum.h Examining data/breathe-4.24.0/examples/specific/fixedwidthfont.h Examining data/breathe-4.24.0/examples/specific/functionOverload.h Examining data/breathe-4.24.0/examples/specific/group.h Examining data/breathe-4.24.0/examples/specific/headerfile.h Examining data/breathe-4.24.0/examples/specific/headings.h Examining data/breathe-4.24.0/examples/specific/image.h Examining data/breathe-4.24.0/examples/specific/inheritance.h Examining data/breathe-4.24.0/examples/specific/inline.h Examining data/breathe-4.24.0/examples/specific/interface.h Examining data/breathe-4.24.0/examples/specific/latexmath.h Examining data/breathe-4.24.0/examples/specific/links.h Examining data/breathe-4.24.0/examples/specific/lists.h Examining data/breathe-4.24.0/examples/specific/members.h Examining data/breathe-4.24.0/examples/specific/multifile/one/Util.h Examining data/breathe-4.24.0/examples/specific/multifile/two/Util.h Examining data/breathe-4.24.0/examples/specific/name.h Examining data/breathe-4.24.0/examples/specific/namespacefile.h Examining data/breathe-4.24.0/examples/specific/nutshell.h Examining data/breathe-4.24.0/examples/specific/parameters.h Examining data/breathe-4.24.0/examples/specific/programlisting.h Examining data/breathe-4.24.0/examples/specific/qtsignalsandslots.h Examining data/breathe-4.24.0/examples/specific/rst.h Examining data/breathe-4.24.0/examples/specific/struct.h Examining data/breathe-4.24.0/examples/specific/struct_function.h Examining data/breathe-4.24.0/examples/specific/template_class.h Examining data/breathe-4.24.0/examples/specific/template_class_non_type.h Examining data/breathe-4.24.0/examples/specific/template_function.h Examining data/breathe-4.24.0/examples/specific/template_specialisation.h Examining data/breathe-4.24.0/examples/specific/template_type_alias.h Examining data/breathe-4.24.0/examples/specific/typedef.h Examining data/breathe-4.24.0/examples/specific/union.h Examining data/breathe-4.24.0/examples/specific/userdefined.h Examining data/breathe-4.24.0/examples/specific/using_in_ns.h Examining data/breathe-4.24.0/examples/specific/xrefsect.h Examining data/breathe-4.24.0/examples/tinyxml/tinyxml.h FINAL RESULTS: data/breathe-4.24.0/examples/tinyxml/tinyxml.h:73:26: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define TIXML_SNPRINTF _snprintf data/breathe-4.24.0/examples/tinyxml/tinyxml.h:78:26: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define TIXML_SNPRINTF snprintf data/breathe-4.24.0/examples/doxygen/structcmd.h:56:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(const char *,int); data/breathe-4.24.0/examples/specific/c_file.h:14:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FLEX_ARRAY]; data/breathe-4.24.0/examples/specific/c_file.h:19:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sha1[20]; data/breathe-4.24.0/examples/doxygen/structcmd.h:59:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read(int,char *,size_t); ANALYSIS SUMMARY: Hits = 6 Lines analyzed = 4545 in approximately 0.17 seconds (26189 lines/second) Physical Source Lines of Code (SLOC) = 1684 Hits@level = [0] 0 [1] 1 [2] 3 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 5 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 3.56295 [1+] 3.56295 [2+] 2.96912 [3+] 1.18765 [4+] 1.18765 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.