Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cppunit-1.15.1/include/cppunit/TestComposite.h
Examining data/cppunit-1.15.1/include/cppunit/TestCase.h
Examining data/cppunit-1.15.1/include/cppunit/TestRunner.h
Examining data/cppunit-1.15.1/include/cppunit/portability/Stream.h
Examining data/cppunit-1.15.1/include/cppunit/portability/FloatingPoint.h
Examining data/cppunit-1.15.1/include/cppunit/Message.h
Examining data/cppunit-1.15.1/include/cppunit/XmlOutputterHook.h
Examining data/cppunit-1.15.1/include/cppunit/TestResult.h
Examining data/cppunit-1.15.1/include/cppunit/config/config-mac.h
Examining data/cppunit-1.15.1/include/cppunit/config/CppUnitApi.h
Examining data/cppunit-1.15.1/include/cppunit/config/SourcePrefix.h
Examining data/cppunit-1.15.1/include/cppunit/config/config-msvc6.h
Examining data/cppunit-1.15.1/include/cppunit/config/config-bcb5.h
Examining data/cppunit-1.15.1/include/cppunit/config/config-evc4.h
Examining data/cppunit-1.15.1/include/cppunit/config/SelectDllLoader.h
Examining data/cppunit-1.15.1/include/cppunit/SourceLine.h
Examining data/cppunit-1.15.1/include/cppunit/SynchronizedObject.h
Examining data/cppunit-1.15.1/include/cppunit/TestSuccessListener.h
Examining data/cppunit-1.15.1/include/cppunit/Outputter.h
Examining data/cppunit-1.15.1/include/cppunit/TestLeaf.h
Examining data/cppunit-1.15.1/include/cppunit/Test.h
Examining data/cppunit-1.15.1/include/cppunit/TestResultCollector.h
Examining data/cppunit-1.15.1/include/cppunit/Portability.h
Examining data/cppunit-1.15.1/include/cppunit/TestFixture.h
Examining data/cppunit-1.15.1/include/cppunit/TextTestProgressListener.h
Examining data/cppunit-1.15.1/include/cppunit/plugin/DynamicLibraryManagerException.h
Examining data/cppunit-1.15.1/include/cppunit/plugin/PlugInManager.h
Examining data/cppunit-1.15.1/include/cppunit/plugin/PlugInParameters.h
Examining data/cppunit-1.15.1/include/cppunit/plugin/DynamicLibraryManager.h
Examining data/cppunit-1.15.1/include/cppunit/plugin/TestPlugInDefaultImpl.h
Examining data/cppunit-1.15.1/include/cppunit/plugin/TestPlugIn.h
Examining data/cppunit-1.15.1/include/cppunit/AdditionalMessage.h
Examining data/cppunit-1.15.1/include/cppunit/TestFailure.h
Examining data/cppunit-1.15.1/include/cppunit/TextOutputter.h
Examining data/cppunit-1.15.1/include/cppunit/TestPath.h
Examining data/cppunit-1.15.1/include/cppunit/TextTestRunner.h
Examining data/cppunit-1.15.1/include/cppunit/XmlOutputter.h
Examining data/cppunit-1.15.1/include/cppunit/Protector.h
Examining data/cppunit-1.15.1/include/cppunit/TestSuite.h
Examining data/cppunit-1.15.1/include/cppunit/TestCaller.h
Examining data/cppunit-1.15.1/include/cppunit/ui/text/TestRunner.h
Examining data/cppunit-1.15.1/include/cppunit/ui/text/TextTestRunner.h
Examining data/cppunit-1.15.1/include/cppunit/TextTestResult.h
Examining data/cppunit-1.15.1/include/cppunit/TestListener.h
Examining data/cppunit-1.15.1/include/cppunit/TestAssert.h
Examining data/cppunit-1.15.1/include/cppunit/Asserter.h
Examining data/cppunit-1.15.1/include/cppunit/tools/Algorithm.h
Examining data/cppunit-1.15.1/include/cppunit/tools/XmlElement.h
Examining data/cppunit-1.15.1/include/cppunit/tools/XmlDocument.h
Examining data/cppunit-1.15.1/include/cppunit/tools/StringHelper.h
Examining data/cppunit-1.15.1/include/cppunit/tools/StringTools.h
Examining data/cppunit-1.15.1/include/cppunit/BriefTestProgressListener.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/TestSetUp.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/TestSuiteBuilderContext.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/TestCaseDecorator.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/TestFactoryRegistry.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/TestFixtureFactory.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/Orthodox.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/ExceptionTestCaseDecorator.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/HelperMacros.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/TestFactory.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/TestNamer.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/TestDecorator.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/TestSuiteFactory.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/TypeInfoHelper.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/RepeatedTest.h
Examining data/cppunit-1.15.1/include/cppunit/extensions/AutoRegisterSuite.h
Examining data/cppunit-1.15.1/include/cppunit/Exception.h
Examining data/cppunit-1.15.1/include/cppunit/CompilerOutputter.h
Examining data/cppunit-1.15.1/src/cppunit/ProtectorChain.h
Examining data/cppunit-1.15.1/src/cppunit/TestFactoryRegistry.cpp
Examining data/cppunit-1.15.1/src/cppunit/CompilerOutputter.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestSuite.cpp
Examining data/cppunit-1.15.1/src/cppunit/DynamicLibraryManager.cpp
Examining data/cppunit-1.15.1/src/cppunit/ProtectorContext.h
Examining data/cppunit-1.15.1/src/cppunit/TestRunner.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestAssert.cpp
Examining data/cppunit-1.15.1/src/cppunit/BriefTestProgressListener.cpp
Examining data/cppunit-1.15.1/src/cppunit/XmlOutputter.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestLeaf.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestResult.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestPlugInDefaultImpl.cpp
Examining data/cppunit-1.15.1/src/cppunit/TextTestRunner.cpp
Examining data/cppunit-1.15.1/src/cppunit/Protector.cpp
Examining data/cppunit-1.15.1/src/cppunit/Win32DynamicLibraryManager.cpp
Examining data/cppunit-1.15.1/src/cppunit/UnixDynamicLibraryManager.cpp
Examining data/cppunit-1.15.1/src/cppunit/Exception.cpp
Examining data/cppunit-1.15.1/src/cppunit/AdditionalMessage.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestCaseDecorator.cpp
Examining data/cppunit-1.15.1/src/cppunit/DynamicLibraryManagerException.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestCase.cpp
Examining data/cppunit-1.15.1/src/cppunit/ProtectorChain.cpp
Examining data/cppunit-1.15.1/src/cppunit/StringTools.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestNamer.cpp
Examining data/cppunit-1.15.1/src/cppunit/Message.cpp
Examining data/cppunit-1.15.1/src/cppunit/Test.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestSetUp.cpp
Examining data/cppunit-1.15.1/src/cppunit/XmlDocument.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestSuccessListener.cpp
Examining data/cppunit-1.15.1/src/cppunit/RepeatedTest.cpp
Examining data/cppunit-1.15.1/src/cppunit/PlugInManager.cpp
Examining data/cppunit-1.15.1/src/cppunit/DllMain.cpp
Examining data/cppunit-1.15.1/src/cppunit/SynchronizedObject.cpp
Examining data/cppunit-1.15.1/src/cppunit/TypeInfoHelper.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestResultCollector.cpp
Examining data/cppunit-1.15.1/src/cppunit/TextOutputter.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestDecorator.cpp
Examining data/cppunit-1.15.1/src/cppunit/XmlOutputterHook.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestFailure.cpp
Examining data/cppunit-1.15.1/src/cppunit/TextTestProgressListener.cpp
Examining data/cppunit-1.15.1/src/cppunit/TextTestResult.cpp
Examining data/cppunit-1.15.1/src/cppunit/Asserter.cpp
Examining data/cppunit-1.15.1/src/cppunit/SourceLine.cpp
Examining data/cppunit-1.15.1/src/cppunit/PlugInParameters.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestPath.cpp
Examining data/cppunit-1.15.1/src/cppunit/DefaultProtector.cpp
Examining data/cppunit-1.15.1/src/cppunit/XmlElement.cpp
Examining data/cppunit-1.15.1/src/cppunit/DefaultProtector.h
Examining data/cppunit-1.15.1/src/cppunit/TestComposite.cpp
Examining data/cppunit-1.15.1/src/cppunit/TestSuiteBuilderContext.cpp
Examining data/cppunit-1.15.1/src/cppunit/ShlDynamicLibraryManager.cpp
Examining data/cppunit-1.15.1/src/DllPlugInTester/CommandLineParser.h
Examining data/cppunit-1.15.1/src/DllPlugInTester/DllPlugInTester.cpp
Examining data/cppunit-1.15.1/src/DllPlugInTester/CommandLineParser.cpp
Examining data/cppunit-1.15.1/src/DllPlugInTester/DllPlugInTesterTest.cpp
Examining data/cppunit-1.15.1/src/DllPlugInTester/CommandLineParserTest.h
Examining data/cppunit-1.15.1/src/DllPlugInTester/CommandLineParserTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestResultCollectorTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/XmlUniformiserTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestCaseTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/ToolsSuite.h
Examining data/cppunit-1.15.1/examples/cppunittest/MockTestListener.h
Examining data/cppunit-1.15.1/examples/cppunittest/TestSuiteTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/OutputSuite.h
Examining data/cppunit-1.15.1/examples/cppunittest/MessageTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/TestFailureTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/XmlUniformiser.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/MockProtector.h
Examining data/cppunit-1.15.1/examples/cppunittest/MockTestCase.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/BaseTestCase.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/StringToolsTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/assertion_traitsTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestDecoratorTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/CppUnitTestPlugIn.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/ExtensionSuite.h
Examining data/cppunit-1.15.1/examples/cppunittest/XmlUniformiser.h
Examining data/cppunit-1.15.1/examples/cppunittest/ExceptionTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestDecoratorTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/assertion_traitsTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/TestFailureTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TrackedTestCase.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/ExceptionTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/TestCallerTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestResultTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestResultTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/TrackedTestCase.h
Examining data/cppunit-1.15.1/examples/cppunittest/TestSetUpTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/RepeatedTestTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/CppUnitTestMain.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestAssertTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/FailureException.h
Examining data/cppunit-1.15.1/examples/cppunittest/HelperSuite.h
Examining data/cppunit-1.15.1/examples/cppunittest/SubclassedTestCase.h
Examining data/cppunit-1.15.1/examples/cppunittest/SynchronizedTestResult.h
Examining data/cppunit-1.15.1/examples/cppunittest/MockTestListener.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestSetUpTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/OrthodoxTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/ExceptionTestCaseDecoratorTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/TestAssertTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/CoreSuite.h
Examining data/cppunit-1.15.1/examples/cppunittest/MockFunctor.h
Examining data/cppunit-1.15.1/examples/cppunittest/XmlElementTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/XmlOutputterTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestSuiteTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/XmlOutputterTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/TestResultCollectorTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/XmlUniformiserTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/MessageTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/ExceptionTestCaseDecoratorTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/XmlElementTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/TestCallerTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/MockTestCase.h
Examining data/cppunit-1.15.1/examples/cppunittest/TestPathTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/TestPathTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/HelperMacrosTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/SubclassedTestCase.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestCaseTest.h
Examining data/cppunit-1.15.1/examples/cppunittest/CppUnitTestSuite.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/RepeatedTestTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/BaseTestCase.h
Examining data/cppunit-1.15.1/examples/cppunittest/StringToolsTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/OrthodoxTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/TestTest.cpp
Examining data/cppunit-1.15.1/examples/cppunittest/UnitTestToolSuite.h
Examining data/cppunit-1.15.1/examples/cppunittest/HelperMacrosTest.h
Examining data/cppunit-1.15.1/examples/money/MoneyTest.cpp
Examining data/cppunit-1.15.1/examples/money/StdAfx.cpp
Examining data/cppunit-1.15.1/examples/money/MoneyTest.h
Examining data/cppunit-1.15.1/examples/money/StdAfx.h
Examining data/cppunit-1.15.1/examples/money/Money.h
Examining data/cppunit-1.15.1/examples/money/MoneyApp.cpp
Examining data/cppunit-1.15.1/examples/simple/SimplePlugIn.cpp
Examining data/cppunit-1.15.1/examples/simple/ExampleTestCase.h
Examining data/cppunit-1.15.1/examples/simple/Main.cpp
Examining data/cppunit-1.15.1/examples/simple/ExampleTestCase.cpp
Examining data/cppunit-1.15.1/examples/hierarchy/ChessTest.h
Examining data/cppunit-1.15.1/examples/hierarchy/BoardGame.cpp
Examining data/cppunit-1.15.1/examples/hierarchy/BoardGameTest.h
Examining data/cppunit-1.15.1/examples/hierarchy/Chess.h
Examining data/cppunit-1.15.1/examples/hierarchy/main.cpp
Examining data/cppunit-1.15.1/examples/hierarchy/BoardGame.h
Examining data/cppunit-1.15.1/examples/hierarchy/Chess.cpp
Examining data/cppunit-1.15.1/examples/DumperPlugIn/DumperPlugIn.cpp
Examining data/cppunit-1.15.1/examples/DumperPlugIn/DumperListener.cpp
Examining data/cppunit-1.15.1/examples/DumperPlugIn/DumperListener.h
Examining data/cppunit-1.15.1/examples/ClockerPlugIn/Timer.h
Examining data/cppunit-1.15.1/examples/ClockerPlugIn/WinNtTimer.h
Examining data/cppunit-1.15.1/examples/ClockerPlugIn/WinNtTimer.cpp
Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerModel.h
Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerXmlHook.cpp
Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerListener.cpp
Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerXmlHook.h
Examining data/cppunit-1.15.1/examples/ClockerPlugIn/Timer.cpp
Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerListener.h
Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerPlugIn.cpp
Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerModel.cpp
FINAL RESULTS:
data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerModel.cpp:104:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
::sprintf( buffer, format, time );
data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerModel.cpp:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[320];
data/cppunit-1.15.1/include/cppunit/TestAssert.h:111:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/cppunit-1.15.1/include/cppunit/TestAssert.h:115:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.*g", precision, x);
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:132:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:133:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%hd", v );
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:139:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:140:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%hu", v );
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:146:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:147:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%d", v );
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:153:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:154:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%u", v );
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:160:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:161:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%ld", v );
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:167:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:168:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%lu", v );
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:174:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:175:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%.16g", double(v) );
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:181:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:182:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%.16g", v );
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:188:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:189:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%.16g", double(v) );
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:195:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:196:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%p", v );
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:207:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16];
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:208:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buffer, "%c", c );
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:252:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
, buffer_( fopen( path, "wt" ) )
data/cppunit-1.15.1/include/cppunit/TestAssert.h:57:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal( const T& x, const T& y )
data/cppunit-1.15.1/include/cppunit/TestAssert.h:89:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal( double x, double y )
data/cppunit-1.15.1/include/cppunit/TestAssert.h:166:30: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ( !assertion_traits<T>::equal(expected,actual) ) // lazy toString conversion...
data/cppunit-1.15.1/include/cppunit/portability/Stream.h:121:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return write( text, strlen(text) );
data/cppunit-1.15.1/src/cppunit/TestAssert.cpp:18:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal;
data/cppunit-1.15.1/src/cppunit/TestAssert.cpp:37:30: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
Asserter::failNotEqualIf( !equal,
ANALYSIS SUMMARY:
Hits = 33
Lines analyzed = 21657 in approximately 0.58 seconds (37492 lines/second)
Physical Source Lines of Code (SLOC) = 13382
Hits@level = [0] 0 [1] 6 [2] 26 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 33 [1+] 33 [2+] 27 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 2.466 [1+] 2.466 [2+] 2.01764 [3+] 0.0747272 [4+] 0.0747272 [5+] 0
Dot directories skipped = 5 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.