Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/chemps2-1.8.9/CheMPS2/CASPT2.cpp
Examining data/chemps2-1.8.9/CheMPS2/CASSCF.cpp
Examining data/chemps2-1.8.9/CheMPS2/CASSCFdebug.cpp
Examining data/chemps2-1.8.9/CheMPS2/CASSCFnewtonraphson.cpp
Examining data/chemps2-1.8.9/CheMPS2/CASSCFpt2.cpp
Examining data/chemps2-1.8.9/CheMPS2/ConjugateGradient.cpp
Examining data/chemps2-1.8.9/CheMPS2/ConvergenceScheme.cpp
Examining data/chemps2-1.8.9/CheMPS2/Correlations.cpp
Examining data/chemps2-1.8.9/CheMPS2/Cumulant.cpp
Examining data/chemps2-1.8.9/CheMPS2/DIIS.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRG.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGSCFindices.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGSCFintegrals.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGSCFmatrix.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGSCFoptions.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGSCFrotations.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGSCFunitary.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGSCFwtilde.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGfock.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGmpsio.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGoperators.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGoperators3RDM.cpp
Examining data/chemps2-1.8.9/CheMPS2/DMRGtechnics.cpp
Examining data/chemps2-1.8.9/CheMPS2/Davidson.cpp
Examining data/chemps2-1.8.9/CheMPS2/EdmistonRuedenberg.cpp
Examining data/chemps2-1.8.9/CheMPS2/Excitation.cpp
Examining data/chemps2-1.8.9/CheMPS2/FCI.cpp
Examining data/chemps2-1.8.9/CheMPS2/FourIndex.cpp
Examining data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp
Examining data/chemps2-1.8.9/CheMPS2/Heff.cpp
Examining data/chemps2-1.8.9/CheMPS2/HeffDiagonal.cpp
Examining data/chemps2-1.8.9/CheMPS2/HeffDiagrams1.cpp
Examining data/chemps2-1.8.9/CheMPS2/HeffDiagrams2.cpp
Examining data/chemps2-1.8.9/CheMPS2/HeffDiagrams3.cpp
Examining data/chemps2-1.8.9/CheMPS2/HeffDiagrams4.cpp
Examining data/chemps2-1.8.9/CheMPS2/HeffDiagrams5.cpp
Examining data/chemps2-1.8.9/CheMPS2/Initialize.cpp
Examining data/chemps2-1.8.9/CheMPS2/Irreps.cpp
Examining data/chemps2-1.8.9/CheMPS2/Molden.cpp
Examining data/chemps2-1.8.9/CheMPS2/PrintLicense.cpp
Examining data/chemps2-1.8.9/CheMPS2/Problem.cpp
Examining data/chemps2-1.8.9/CheMPS2/Sobject.cpp
Examining data/chemps2-1.8.9/CheMPS2/SyBookkeeper.cpp
Examining data/chemps2-1.8.9/CheMPS2/Tensor3RDM.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorF0.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorF1.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorGYZ.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorKM.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorL.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorO.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorOperator.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorQ.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorS0.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorS1.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorT.cpp
Examining data/chemps2-1.8.9/CheMPS2/TensorX.cpp
Examining data/chemps2-1.8.9/CheMPS2/ThreeDM.cpp
Examining data/chemps2-1.8.9/CheMPS2/TwoDM.cpp
Examining data/chemps2-1.8.9/CheMPS2/TwoIndex.cpp
Examining data/chemps2-1.8.9/CheMPS2/Wigner.cpp
Examining data/chemps2-1.8.9/CheMPS2/executable.cpp
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/CASPT2.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/CASSCF.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/ConjugateGradient.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/ConvergenceScheme.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Correlations.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Cumulant.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/DIIS.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/DMRG.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/DMRGSCFindices.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/DMRGSCFintegrals.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/DMRGSCFmatrix.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/DMRGSCFoptions.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/DMRGSCFrotations.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/DMRGSCFunitary.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/DMRGSCFwtilde.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Davidson.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/EdmistonRuedenberg.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Excitation.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/FCI.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/FourIndex.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Hamiltonian.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Heff.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Initialize.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Irreps.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Lapack.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/MPIchemps2.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Molden.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/MyHDF5.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Options.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Problem.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Sobject.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Special.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/SyBookkeeper.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Tensor.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Tensor3RDM.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorF0.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorF1.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorGYZ.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorKM.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorL.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorO.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorOperator.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorQ.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorS0.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorS1.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorT.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorX.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/ThreeDM.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TwoDM.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/TwoIndex.h
Examining data/chemps2-1.8.9/CheMPS2/include/chemps2/Wigner.h
Examining data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc
Examining data/chemps2-1.8.9/integrals/psi4plugins/fcidump.cc
Examining data/chemps2-1.8.9/integrals/psi4plugins/savehdf.cc
FINAL RESULTS:
data/chemps2-1.8.9/CheMPS2/CASSCFnewtonraphson.cpp:48:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int info = system( temp.c_str() );
data/chemps2-1.8.9/CheMPS2/DMRGmpsio.cpp:168:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int info = system(thestream.str().c_str());
data/chemps2-1.8.9/CheMPS2/DMRGoperators.cpp:1545:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int info = system(temp.str().c_str());
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:854:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(("rm " + chemps2filename).c_str());
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:890:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(("rm " + chemps2filename).c_str());
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:943:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(("rm " + chemps2filename).c_str());
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:986:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(("rm " + chemps2filename).c_str());
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:1134:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(("rm " + chemps2filename).c_str());
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:1176:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(("rm " + chemps2filename).c_str());
data/chemps2-1.8.9/CheMPS2/DMRG.cpp:167:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if ( am_i_master ){ MPS[ site ]->random(); }
data/chemps2-1.8.9/CheMPS2/DMRG.cpp:184:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
MPS[ site ]->random();
data/chemps2-1.8.9/CheMPS2/DMRGfock.cpp:239:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
MPS[ orbital ]->random();
data/chemps2-1.8.9/CheMPS2/Initialize.cpp:29:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/chemps2-1.8.9/CheMPS2/TensorT.cpp:167:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void CheMPS2::TensorT::random(){
data/chemps2-1.8.9/CheMPS2/executable.cpp:475:17: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (( c = getopt_long( argc, argv, "hvf:", long_options, &option_index )) != -1 ){
data/chemps2-1.8.9/CheMPS2/include/chemps2/TensorT.h:90:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void random();
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:320:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
L = atoi( part.c_str() );
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:340:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int molproirrep = atoi( part.c_str() );
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:381:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int index1 = atoi( part.c_str() );
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:387:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int index2 = atoi( part.c_str() );
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:393:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int index3 = atoi( part.c_str() );
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:398:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int index4 = atoi( part.c_str() );
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:461:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int LAS = atoi( part.c_str() );
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:483:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int molproirrep = atoi( part.c_str() );
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:506:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int index1 = atoi( part.c_str() );
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:511:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int index2 = atoi( part.c_str() );
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:544:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
capturing = fopen( fcidumpfile.c_str(), "w" ); // "w" with fopen means truncate file
data/chemps2-1.8.9/CheMPS2/Molden.cpp:100:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int molpro_irrep = atoi( part.c_str() );
data/chemps2-1.8.9/CheMPS2/TwoDM.cpp:379:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
capturing = fopen( filename.c_str(), "w" ); // "w" with fopen means truncate file
data/chemps2-1.8.9/CheMPS2/executable.cpp:45:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result[ no ] = atoi( rawdata.substr( pos, pos2-pos ).c_str() );
data/chemps2-1.8.9/CheMPS2/executable.cpp:93:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result[ 0 ] = atoi( line.substr( pos, line.length() - pos ).c_str() );
data/chemps2-1.8.9/CheMPS2/executable.cpp:231:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
capturing = fopen( filename.c_str(), "w" ); // "w" with fopen means truncate file
data/chemps2-1.8.9/CheMPS2/executable.cpp:660:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fcidump_norb = atoi( line.substr( pos+1, pos2-pos-1 ).c_str() );
data/chemps2-1.8.9/CheMPS2/executable.cpp:662:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fcidump_nelec = atoi( line.substr( pos+1, pos2-pos-1 ).c_str() );
data/chemps2-1.8.9/CheMPS2/executable.cpp:664:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fcidump_two_s = atoi( line.substr( pos+1, pos2-pos-1 ).c_str() );
data/chemps2-1.8.9/CheMPS2/executable.cpp:667:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int molpro_wfn_irrep = atoi( line.substr( pos+1, pos2-pos-1 ).c_str() );
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:358:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psio->open(PSIF_LIBTRANS_DPD, PSIO_OPEN_OLD);
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:423:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psio->open(PSIF_LIBTRANS_DPD, PSIO_OPEN_OLD);
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:464:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psio->open(PSIF_LIBTRANS_DPD, PSIO_OPEN_OLD);
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:823:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
capturing.open( chemps2filename.c_str() , ios::trunc ); // truncate
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:848:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
copying.open( chemps2filename , ios::in ); // read only
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:873:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
capturing.open( chemps2filename.c_str() , ios::trunc ); // truncate
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:884:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
copying.open( chemps2filename , ios::in ); // read only
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:906:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
capturing.open( chemps2filename.c_str() , ios::trunc ); // truncate
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:937:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
copying.open( chemps2filename , ios::in ); // read only
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:970:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
capturing.open( chemps2filename.c_str() , ios::trunc ); // truncate
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:980:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
copying.open( chemps2filename , ios::in ); // read only
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:1081:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
capturing.open( chemps2filename.c_str() , ios::trunc ); // truncate
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:1128:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
copying.open( chemps2filename , ios::in ); // read only
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:1160:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
capturing.open( chemps2filename.c_str() , ios::trunc ); // truncate
data/chemps2-1.8.9/integrals/psi4plugins/dmrg.cc:1170:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
copying.open( chemps2filename , ios::in ); // read only
data/chemps2-1.8.9/integrals/psi4plugins/fcidump.cc:106:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
capturing = fopen( filenamefcidump.c_str(), "w" ); // "w" with fopen means truncate file
data/chemps2-1.8.9/integrals/psi4plugins/fcidump.cc:119:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psio->open(PSIF_LIBTRANS_DPD, PSIO_OPEN_OLD);
data/chemps2-1.8.9/integrals/psi4plugins/savehdf.cc:141:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psio->open(PSIF_LIBTRANS_DPD, PSIO_OPEN_OLD);
data/chemps2-1.8.9/CheMPS2/DMRGSCFmatrix.cpp:136:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void CheMPS2::DMRGSCFmatrix::read( const string filename, const int n_irreps, double ** storage ){
data/chemps2-1.8.9/CheMPS2/DMRGSCFunitary.cpp:439:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CheMPS2::DMRGSCFmatrix::read( filename, num_irreps, entries );
data/chemps2-1.8.9/CheMPS2/FourIndex.cpp:372:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void CheMPS2::FourIndex::read(const std::string name){
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:199:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void CheMPS2::Hamiltonian::read(const string file_parent, const string file_tmat, const string file_vmat){
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:201:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Tmat->read(file_tmat);
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:202:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Vmat->read(file_vmat);
data/chemps2-1.8.9/CheMPS2/Hamiltonian.cpp:291:4: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(file_parent, file_tmat, file_vmat);
data/chemps2-1.8.9/CheMPS2/Molden.cpp:148:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CheMPS2::DMRGSCFmatrix::read( filename, num_irreps, unitary );
data/chemps2-1.8.9/CheMPS2/TwoDM.cpp:345:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void CheMPS2::TwoDM::read(){
data/chemps2-1.8.9/CheMPS2/TwoIndex.cpp:140:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void CheMPS2::TwoIndex::read(const std::string name){
data/chemps2-1.8.9/CheMPS2/executable.cpp:210:91: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool print_molcas_reorder( int * dmrg2ham, const int L, const string filename, const bool read ){
data/chemps2-1.8.9/CheMPS2/executable.cpp:214:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( read ){
data/chemps2-1.8.9/CheMPS2/include/chemps2/DMRGSCFmatrix.h:83:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void read( const string filename, const int n_irreps, double ** storage );
data/chemps2-1.8.9/CheMPS2/include/chemps2/FourIndex.h:95:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const std::string name);
data/chemps2-1.8.9/CheMPS2/include/chemps2/Hamiltonian.h:153:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const string file_parent=HAMILTONIAN_ParentStorageName, const string file_tmat=HAMILTONIAN_TmatStorageName, const string file_vmat=HAMILTONIAN_VmatStorageName);
data/chemps2-1.8.9/CheMPS2/include/chemps2/TwoDM.h:145:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read();
data/chemps2-1.8.9/CheMPS2/include/chemps2/TwoIndex.h:67:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const std::string name);
ANALYSIS SUMMARY:
Hits = 71
Lines analyzed = 56342 in approximately 5.35 seconds (10524 lines/second)
Physical Source Lines of Code (SLOC) = 38533
Hits@level = [0] 23 [1] 17 [2] 38 [3] 7 [4] 9 [5] 0
Hits@level+ = [0+] 94 [1+] 71 [2+] 54 [3+] 16 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 2.43947 [1+] 1.84258 [2+] 1.4014 [3+] 0.415229 [4+] 0.233566 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.