Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_exception.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_include_context.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_includer.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_includer_file.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_list.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_mergeable.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_object.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_origin.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_parse_options.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_parseable.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_render_options.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_resolve_options.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_syntax.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_value.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/config_value_factory.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/functional_list.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/parser/config_document.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/parser/config_document_factory.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/parser/config_node.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/path.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/program_options.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/hocon/types.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/config_document_parser.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/config_parser.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/config_util.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/container.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/default_transformer.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/full_includer.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/abstract_config_node.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/abstract_config_node_value.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/config_node_array.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/config_node_comment.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/config_node_complex_value.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/config_node_concatenation.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/config_node_field.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/config_node_include.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/config_node_object.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/config_node_path.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/config_node_root.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/config_node_simple_value.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/nodes/config_node_single_token.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/parseable.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/path_builder.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/path_parser.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/replaceable_merge_stack.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/resolve_context.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/resolve_result.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/resolve_source.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/simple_config_document.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/simple_config_origin.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/simple_include_context.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/simple_includer.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/substitution_expression.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/token.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/tokenizer.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/tokens.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/unmergeable.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/config_boolean.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/config_concatenation.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/config_delayed_merge.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/config_delayed_merge_object.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/config_double.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/config_int.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/config_long.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/config_null.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/config_number.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/config_reference.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/config_string.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/simple_config_list.hpp
Examining data/cpp-hocon-0.3.0/lib/inc/internal/values/simple_config_object.hpp
Examining data/cpp-hocon-0.3.0/lib/src/config.cc
Examining data/cpp-hocon-0.3.0/lib/src/config_document_factory.cc
Examining data/cpp-hocon-0.3.0/lib/src/config_document_parser.cc
Examining data/cpp-hocon-0.3.0/lib/src/config_parse_options.cc
Examining data/cpp-hocon-0.3.0/lib/src/config_parser.cc
Examining data/cpp-hocon-0.3.0/lib/src/config_render_options.cc
Examining data/cpp-hocon-0.3.0/lib/src/config_resolve_options.cc
Examining data/cpp-hocon-0.3.0/lib/src/config_util.cc
Examining data/cpp-hocon-0.3.0/lib/src/config_value_factory.cc
Examining data/cpp-hocon-0.3.0/lib/src/default_transformer.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/abstract_config_node.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/config_node_array.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/config_node_comment.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/config_node_complex_value.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/config_node_concatenation.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/config_node_field.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/config_node_include.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/config_node_object.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/config_node_path.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/config_node_root.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/config_node_simple_value.cc
Examining data/cpp-hocon-0.3.0/lib/src/nodes/config_node_single_token.cc
Examining data/cpp-hocon-0.3.0/lib/src/parseable.cc
Examining data/cpp-hocon-0.3.0/lib/src/path.cc
Examining data/cpp-hocon-0.3.0/lib/src/path_builder.cc
Examining data/cpp-hocon-0.3.0/lib/src/path_parser.cc
Examining data/cpp-hocon-0.3.0/lib/src/resolve_context.cc
Examining data/cpp-hocon-0.3.0/lib/src/resolve_source.cc
Examining data/cpp-hocon-0.3.0/lib/src/simple_config_document.cc
Examining data/cpp-hocon-0.3.0/lib/src/simple_config_origin.cc
Examining data/cpp-hocon-0.3.0/lib/src/simple_include_context.cc
Examining data/cpp-hocon-0.3.0/lib/src/simple_includer.cc
Examining data/cpp-hocon-0.3.0/lib/src/substitution_expression.cc
Examining data/cpp-hocon-0.3.0/lib/src/token.cc
Examining data/cpp-hocon-0.3.0/lib/src/tokenizer.cc
Examining data/cpp-hocon-0.3.0/lib/src/tokens.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_boolean.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_concatenation.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_delayed_merge.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_delayed_merge_object.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_double.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_int.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_long.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_null.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_number.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_object.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_reference.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_string.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/config_value.cc
Examining data/cpp-hocon-0.3.0/lib/src/values/simple_config_list.cc
Parsing failed to find end of parameter list; semicolon terminated it in (begin(), end(), o.begin(),
[](shared_value const& a, shared_value const& b) { return a == b; })) {
return true;
}
return equal(begin(),
Parsing failed to find end of parameter list; semicolon terminated it in (begin(), end(), o.begin(), [](shared_value const& a, shared_value const& b) { return *a == *b; });
});
}
void simple_config_list::render(std::string& sb,
Examining data/cpp-hocon-0.3.0/lib/src/values/simple_config_object.cc
Examining data/cpp-hocon-0.3.0/lib/tests/concatenation_test.cc
Examining data/cpp-hocon-0.3.0/lib/tests/conf_parser_test.cc
Examining data/cpp-hocon-0.3.0/lib/tests/config_document_parser_test.cc
Examining data/cpp-hocon-0.3.0/lib/tests/config_document_tests.cc
Examining data/cpp-hocon-0.3.0/lib/tests/config_node_test.cc
Examining data/cpp-hocon-0.3.0/lib/tests/config_substitution_test.cc
Examining data/cpp-hocon-0.3.0/lib/tests/config_test.cc
Examining data/cpp-hocon-0.3.0/lib/tests/config_value_factory_test.cc
Examining data/cpp-hocon-0.3.0/lib/tests/config_value_test.cc
Examining data/cpp-hocon-0.3.0/lib/tests/main.cc
Examining data/cpp-hocon-0.3.0/lib/tests/path_test.cc
Examining data/cpp-hocon-0.3.0/lib/tests/program_options.cc
Examining data/cpp-hocon-0.3.0/lib/tests/test_utils.cc
Examining data/cpp-hocon-0.3.0/lib/tests/test_utils.hpp
Examining data/cpp-hocon-0.3.0/lib/tests/token_test.cc
Examining data/cpp-hocon-0.3.0/lib/tests/tokenizer_test.cc
FINAL RESULTS:
data/cpp-hocon-0.3.0/lib/src/tokenizer.cc:300:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf[5] = {};
data/cpp-hocon-0.3.0/lib/src/values/simple_config_list.cc:105:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal(begin(), end(), o.begin(),
data/cpp-hocon-0.3.0/lib/src/values/simple_config_list.cc:110:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal(begin(), end(), o.begin(), [](shared_value const& a, shared_value const& b) { return *a == *b; });
ANALYSIS SUMMARY:
Hits = 3
Lines analyzed = 17065 in approximately 0.58 seconds (29561 lines/second)
Physical Source Lines of Code (SLOC) = 11956
Hits@level = [0] 1 [1] 2 [2] 1 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 4 [1+] 3 [2+] 1 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.33456 [1+] 0.25092 [2+] 0.08364 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.