Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/cppunit-1.15.1/include/cppunit/TestComposite.h Examining data/cppunit-1.15.1/include/cppunit/TestCase.h Examining data/cppunit-1.15.1/include/cppunit/TestRunner.h Examining data/cppunit-1.15.1/include/cppunit/portability/Stream.h Examining data/cppunit-1.15.1/include/cppunit/portability/FloatingPoint.h Examining data/cppunit-1.15.1/include/cppunit/Message.h Examining data/cppunit-1.15.1/include/cppunit/XmlOutputterHook.h Examining data/cppunit-1.15.1/include/cppunit/TestResult.h Examining data/cppunit-1.15.1/include/cppunit/config/config-mac.h Examining data/cppunit-1.15.1/include/cppunit/config/CppUnitApi.h Examining data/cppunit-1.15.1/include/cppunit/config/SourcePrefix.h Examining data/cppunit-1.15.1/include/cppunit/config/config-msvc6.h Examining data/cppunit-1.15.1/include/cppunit/config/config-bcb5.h Examining data/cppunit-1.15.1/include/cppunit/config/config-evc4.h Examining data/cppunit-1.15.1/include/cppunit/config/SelectDllLoader.h Examining data/cppunit-1.15.1/include/cppunit/SourceLine.h Examining data/cppunit-1.15.1/include/cppunit/SynchronizedObject.h Examining data/cppunit-1.15.1/include/cppunit/TestSuccessListener.h Examining data/cppunit-1.15.1/include/cppunit/Outputter.h Examining data/cppunit-1.15.1/include/cppunit/TestLeaf.h Examining data/cppunit-1.15.1/include/cppunit/Test.h Examining data/cppunit-1.15.1/include/cppunit/TestResultCollector.h Examining data/cppunit-1.15.1/include/cppunit/Portability.h Examining data/cppunit-1.15.1/include/cppunit/TestFixture.h Examining data/cppunit-1.15.1/include/cppunit/TextTestProgressListener.h Examining data/cppunit-1.15.1/include/cppunit/plugin/DynamicLibraryManagerException.h Examining data/cppunit-1.15.1/include/cppunit/plugin/PlugInManager.h Examining data/cppunit-1.15.1/include/cppunit/plugin/PlugInParameters.h Examining data/cppunit-1.15.1/include/cppunit/plugin/DynamicLibraryManager.h Examining data/cppunit-1.15.1/include/cppunit/plugin/TestPlugInDefaultImpl.h Examining data/cppunit-1.15.1/include/cppunit/plugin/TestPlugIn.h Examining data/cppunit-1.15.1/include/cppunit/AdditionalMessage.h Examining data/cppunit-1.15.1/include/cppunit/TestFailure.h Examining data/cppunit-1.15.1/include/cppunit/TextOutputter.h Examining data/cppunit-1.15.1/include/cppunit/TestPath.h Examining data/cppunit-1.15.1/include/cppunit/TextTestRunner.h Examining data/cppunit-1.15.1/include/cppunit/XmlOutputter.h Examining data/cppunit-1.15.1/include/cppunit/Protector.h Examining data/cppunit-1.15.1/include/cppunit/TestSuite.h Examining data/cppunit-1.15.1/include/cppunit/TestCaller.h Examining data/cppunit-1.15.1/include/cppunit/ui/text/TestRunner.h Examining data/cppunit-1.15.1/include/cppunit/ui/text/TextTestRunner.h Examining data/cppunit-1.15.1/include/cppunit/TextTestResult.h Examining data/cppunit-1.15.1/include/cppunit/TestListener.h Examining data/cppunit-1.15.1/include/cppunit/TestAssert.h Examining data/cppunit-1.15.1/include/cppunit/Asserter.h Examining data/cppunit-1.15.1/include/cppunit/tools/Algorithm.h Examining data/cppunit-1.15.1/include/cppunit/tools/XmlElement.h Examining data/cppunit-1.15.1/include/cppunit/tools/XmlDocument.h Examining data/cppunit-1.15.1/include/cppunit/tools/StringHelper.h Examining data/cppunit-1.15.1/include/cppunit/tools/StringTools.h Examining data/cppunit-1.15.1/include/cppunit/BriefTestProgressListener.h Examining data/cppunit-1.15.1/include/cppunit/extensions/TestSetUp.h Examining data/cppunit-1.15.1/include/cppunit/extensions/TestSuiteBuilderContext.h Examining data/cppunit-1.15.1/include/cppunit/extensions/TestCaseDecorator.h Examining data/cppunit-1.15.1/include/cppunit/extensions/TestFactoryRegistry.h Examining data/cppunit-1.15.1/include/cppunit/extensions/TestFixtureFactory.h Examining data/cppunit-1.15.1/include/cppunit/extensions/Orthodox.h Examining data/cppunit-1.15.1/include/cppunit/extensions/ExceptionTestCaseDecorator.h Examining data/cppunit-1.15.1/include/cppunit/extensions/HelperMacros.h Examining data/cppunit-1.15.1/include/cppunit/extensions/TestFactory.h Examining data/cppunit-1.15.1/include/cppunit/extensions/TestNamer.h Examining data/cppunit-1.15.1/include/cppunit/extensions/TestDecorator.h Examining data/cppunit-1.15.1/include/cppunit/extensions/TestSuiteFactory.h Examining data/cppunit-1.15.1/include/cppunit/extensions/TypeInfoHelper.h Examining data/cppunit-1.15.1/include/cppunit/extensions/RepeatedTest.h Examining data/cppunit-1.15.1/include/cppunit/extensions/AutoRegisterSuite.h Examining data/cppunit-1.15.1/include/cppunit/Exception.h Examining data/cppunit-1.15.1/include/cppunit/CompilerOutputter.h Examining data/cppunit-1.15.1/src/cppunit/ProtectorChain.h Examining data/cppunit-1.15.1/src/cppunit/TestFactoryRegistry.cpp Examining data/cppunit-1.15.1/src/cppunit/CompilerOutputter.cpp Examining data/cppunit-1.15.1/src/cppunit/TestSuite.cpp Examining data/cppunit-1.15.1/src/cppunit/DynamicLibraryManager.cpp Examining data/cppunit-1.15.1/src/cppunit/ProtectorContext.h Examining data/cppunit-1.15.1/src/cppunit/TestRunner.cpp Examining data/cppunit-1.15.1/src/cppunit/TestAssert.cpp Examining data/cppunit-1.15.1/src/cppunit/BriefTestProgressListener.cpp Examining data/cppunit-1.15.1/src/cppunit/XmlOutputter.cpp Examining data/cppunit-1.15.1/src/cppunit/TestLeaf.cpp Examining data/cppunit-1.15.1/src/cppunit/TestResult.cpp Examining data/cppunit-1.15.1/src/cppunit/TestPlugInDefaultImpl.cpp Examining data/cppunit-1.15.1/src/cppunit/TextTestRunner.cpp Examining data/cppunit-1.15.1/src/cppunit/Protector.cpp Examining data/cppunit-1.15.1/src/cppunit/Win32DynamicLibraryManager.cpp Examining data/cppunit-1.15.1/src/cppunit/UnixDynamicLibraryManager.cpp Examining data/cppunit-1.15.1/src/cppunit/Exception.cpp Examining data/cppunit-1.15.1/src/cppunit/AdditionalMessage.cpp Examining data/cppunit-1.15.1/src/cppunit/TestCaseDecorator.cpp Examining data/cppunit-1.15.1/src/cppunit/DynamicLibraryManagerException.cpp Examining data/cppunit-1.15.1/src/cppunit/TestCase.cpp Examining data/cppunit-1.15.1/src/cppunit/ProtectorChain.cpp Examining data/cppunit-1.15.1/src/cppunit/StringTools.cpp Examining data/cppunit-1.15.1/src/cppunit/TestNamer.cpp Examining data/cppunit-1.15.1/src/cppunit/Message.cpp Examining data/cppunit-1.15.1/src/cppunit/Test.cpp Examining data/cppunit-1.15.1/src/cppunit/TestSetUp.cpp Examining data/cppunit-1.15.1/src/cppunit/XmlDocument.cpp Examining data/cppunit-1.15.1/src/cppunit/TestSuccessListener.cpp Examining data/cppunit-1.15.1/src/cppunit/RepeatedTest.cpp Examining data/cppunit-1.15.1/src/cppunit/PlugInManager.cpp Examining data/cppunit-1.15.1/src/cppunit/DllMain.cpp Examining data/cppunit-1.15.1/src/cppunit/SynchronizedObject.cpp Examining data/cppunit-1.15.1/src/cppunit/TypeInfoHelper.cpp Examining data/cppunit-1.15.1/src/cppunit/TestResultCollector.cpp Examining data/cppunit-1.15.1/src/cppunit/TextOutputter.cpp Examining data/cppunit-1.15.1/src/cppunit/TestDecorator.cpp Examining data/cppunit-1.15.1/src/cppunit/XmlOutputterHook.cpp Examining data/cppunit-1.15.1/src/cppunit/TestFailure.cpp Examining data/cppunit-1.15.1/src/cppunit/TextTestProgressListener.cpp Examining data/cppunit-1.15.1/src/cppunit/TextTestResult.cpp Examining data/cppunit-1.15.1/src/cppunit/Asserter.cpp Examining data/cppunit-1.15.1/src/cppunit/SourceLine.cpp Examining data/cppunit-1.15.1/src/cppunit/PlugInParameters.cpp Examining data/cppunit-1.15.1/src/cppunit/TestPath.cpp Examining data/cppunit-1.15.1/src/cppunit/DefaultProtector.cpp Examining data/cppunit-1.15.1/src/cppunit/XmlElement.cpp Examining data/cppunit-1.15.1/src/cppunit/DefaultProtector.h Examining data/cppunit-1.15.1/src/cppunit/TestComposite.cpp Examining data/cppunit-1.15.1/src/cppunit/TestSuiteBuilderContext.cpp Examining data/cppunit-1.15.1/src/cppunit/ShlDynamicLibraryManager.cpp Examining data/cppunit-1.15.1/src/DllPlugInTester/CommandLineParser.h Examining data/cppunit-1.15.1/src/DllPlugInTester/DllPlugInTester.cpp Examining data/cppunit-1.15.1/src/DllPlugInTester/CommandLineParser.cpp Examining data/cppunit-1.15.1/src/DllPlugInTester/DllPlugInTesterTest.cpp Examining data/cppunit-1.15.1/src/DllPlugInTester/CommandLineParserTest.h Examining data/cppunit-1.15.1/src/DllPlugInTester/CommandLineParserTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestResultCollectorTest.h Examining data/cppunit-1.15.1/examples/cppunittest/XmlUniformiserTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestCaseTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/ToolsSuite.h Examining data/cppunit-1.15.1/examples/cppunittest/MockTestListener.h Examining data/cppunit-1.15.1/examples/cppunittest/TestSuiteTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/OutputSuite.h Examining data/cppunit-1.15.1/examples/cppunittest/MessageTest.h Examining data/cppunit-1.15.1/examples/cppunittest/TestFailureTest.h Examining data/cppunit-1.15.1/examples/cppunittest/XmlUniformiser.cpp Examining data/cppunit-1.15.1/examples/cppunittest/MockProtector.h Examining data/cppunit-1.15.1/examples/cppunittest/MockTestCase.cpp Examining data/cppunit-1.15.1/examples/cppunittest/BaseTestCase.cpp Examining data/cppunit-1.15.1/examples/cppunittest/StringToolsTest.h Examining data/cppunit-1.15.1/examples/cppunittest/assertion_traitsTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestDecoratorTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/CppUnitTestPlugIn.cpp Examining data/cppunit-1.15.1/examples/cppunittest/ExtensionSuite.h Examining data/cppunit-1.15.1/examples/cppunittest/XmlUniformiser.h Examining data/cppunit-1.15.1/examples/cppunittest/ExceptionTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestDecoratorTest.h Examining data/cppunit-1.15.1/examples/cppunittest/assertion_traitsTest.h Examining data/cppunit-1.15.1/examples/cppunittest/TestFailureTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TrackedTestCase.cpp Examining data/cppunit-1.15.1/examples/cppunittest/ExceptionTest.h Examining data/cppunit-1.15.1/examples/cppunittest/TestCallerTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestResultTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestResultTest.h Examining data/cppunit-1.15.1/examples/cppunittest/TrackedTestCase.h Examining data/cppunit-1.15.1/examples/cppunittest/TestSetUpTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/RepeatedTestTest.h Examining data/cppunit-1.15.1/examples/cppunittest/CppUnitTestMain.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestAssertTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestTest.h Examining data/cppunit-1.15.1/examples/cppunittest/FailureException.h Examining data/cppunit-1.15.1/examples/cppunittest/HelperSuite.h Examining data/cppunit-1.15.1/examples/cppunittest/SubclassedTestCase.h Examining data/cppunit-1.15.1/examples/cppunittest/SynchronizedTestResult.h Examining data/cppunit-1.15.1/examples/cppunittest/MockTestListener.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestSetUpTest.h Examining data/cppunit-1.15.1/examples/cppunittest/OrthodoxTest.h Examining data/cppunit-1.15.1/examples/cppunittest/ExceptionTestCaseDecoratorTest.h Examining data/cppunit-1.15.1/examples/cppunittest/TestAssertTest.h Examining data/cppunit-1.15.1/examples/cppunittest/CoreSuite.h Examining data/cppunit-1.15.1/examples/cppunittest/MockFunctor.h Examining data/cppunit-1.15.1/examples/cppunittest/XmlElementTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/XmlOutputterTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestSuiteTest.h Examining data/cppunit-1.15.1/examples/cppunittest/XmlOutputterTest.h Examining data/cppunit-1.15.1/examples/cppunittest/TestResultCollectorTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/XmlUniformiserTest.h Examining data/cppunit-1.15.1/examples/cppunittest/MessageTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/ExceptionTestCaseDecoratorTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/XmlElementTest.h Examining data/cppunit-1.15.1/examples/cppunittest/TestCallerTest.h Examining data/cppunit-1.15.1/examples/cppunittest/MockTestCase.h Examining data/cppunit-1.15.1/examples/cppunittest/TestPathTest.h Examining data/cppunit-1.15.1/examples/cppunittest/TestPathTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/HelperMacrosTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/SubclassedTestCase.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestCaseTest.h Examining data/cppunit-1.15.1/examples/cppunittest/CppUnitTestSuite.cpp Examining data/cppunit-1.15.1/examples/cppunittest/RepeatedTestTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/BaseTestCase.h Examining data/cppunit-1.15.1/examples/cppunittest/StringToolsTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/OrthodoxTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/TestTest.cpp Examining data/cppunit-1.15.1/examples/cppunittest/UnitTestToolSuite.h Examining data/cppunit-1.15.1/examples/cppunittest/HelperMacrosTest.h Examining data/cppunit-1.15.1/examples/money/MoneyTest.cpp Examining data/cppunit-1.15.1/examples/money/StdAfx.cpp Examining data/cppunit-1.15.1/examples/money/MoneyTest.h Examining data/cppunit-1.15.1/examples/money/StdAfx.h Examining data/cppunit-1.15.1/examples/money/Money.h Examining data/cppunit-1.15.1/examples/money/MoneyApp.cpp Examining data/cppunit-1.15.1/examples/simple/SimplePlugIn.cpp Examining data/cppunit-1.15.1/examples/simple/ExampleTestCase.h Examining data/cppunit-1.15.1/examples/simple/Main.cpp Examining data/cppunit-1.15.1/examples/simple/ExampleTestCase.cpp Examining data/cppunit-1.15.1/examples/hierarchy/ChessTest.h Examining data/cppunit-1.15.1/examples/hierarchy/BoardGame.cpp Examining data/cppunit-1.15.1/examples/hierarchy/BoardGameTest.h Examining data/cppunit-1.15.1/examples/hierarchy/Chess.h Examining data/cppunit-1.15.1/examples/hierarchy/main.cpp Examining data/cppunit-1.15.1/examples/hierarchy/BoardGame.h Examining data/cppunit-1.15.1/examples/hierarchy/Chess.cpp Examining data/cppunit-1.15.1/examples/DumperPlugIn/DumperPlugIn.cpp Examining data/cppunit-1.15.1/examples/DumperPlugIn/DumperListener.cpp Examining data/cppunit-1.15.1/examples/DumperPlugIn/DumperListener.h Examining data/cppunit-1.15.1/examples/ClockerPlugIn/Timer.h Examining data/cppunit-1.15.1/examples/ClockerPlugIn/WinNtTimer.h Examining data/cppunit-1.15.1/examples/ClockerPlugIn/WinNtTimer.cpp Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerModel.h Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerXmlHook.cpp Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerListener.cpp Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerXmlHook.h Examining data/cppunit-1.15.1/examples/ClockerPlugIn/Timer.cpp Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerListener.h Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerPlugIn.cpp Examining data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerModel.cpp FINAL RESULTS: data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerModel.cpp:104:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. ::sprintf( buffer, format, time ); data/cppunit-1.15.1/examples/ClockerPlugIn/ClockerModel.cpp:93:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[320]; data/cppunit-1.15.1/include/cppunit/TestAssert.h:111:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/cppunit-1.15.1/include/cppunit/TestAssert.h:115:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.*g", precision, x); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:132:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/cppunit-1.15.1/include/cppunit/portability/Stream.h:133:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%hd", v ); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:139:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/cppunit-1.15.1/include/cppunit/portability/Stream.h:140:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%hu", v ); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:146:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/cppunit-1.15.1/include/cppunit/portability/Stream.h:147:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%d", v ); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:153:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/cppunit-1.15.1/include/cppunit/portability/Stream.h:154:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%u", v ); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:160:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/cppunit-1.15.1/include/cppunit/portability/Stream.h:161:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%ld", v ); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:167:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/cppunit-1.15.1/include/cppunit/portability/Stream.h:168:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%lu", v ); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:174:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/cppunit-1.15.1/include/cppunit/portability/Stream.h:175:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%.16g", double(v) ); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:181:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/cppunit-1.15.1/include/cppunit/portability/Stream.h:182:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%.16g", v ); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:188:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/cppunit-1.15.1/include/cppunit/portability/Stream.h:189:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%.16g", double(v) ); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:195:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/cppunit-1.15.1/include/cppunit/portability/Stream.h:196:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%p", v ); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:207:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[16]; data/cppunit-1.15.1/include/cppunit/portability/Stream.h:208:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buffer, "%c", c ); data/cppunit-1.15.1/include/cppunit/portability/Stream.h:252:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). , buffer_( fopen( path, "wt" ) ) data/cppunit-1.15.1/include/cppunit/TestAssert.h:57:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal( const T& x, const T& y ) data/cppunit-1.15.1/include/cppunit/TestAssert.h:89:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal( double x, double y ) data/cppunit-1.15.1/include/cppunit/TestAssert.h:166:30: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if ( !assertion_traits<T>::equal(expected,actual) ) // lazy toString conversion... data/cppunit-1.15.1/include/cppunit/portability/Stream.h:121:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return write( text, strlen(text) ); data/cppunit-1.15.1/src/cppunit/TestAssert.cpp:18:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal; data/cppunit-1.15.1/src/cppunit/TestAssert.cpp:37:30: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. Asserter::failNotEqualIf( !equal, ANALYSIS SUMMARY: Hits = 33 Lines analyzed = 21657 in approximately 0.58 seconds (37492 lines/second) Physical Source Lines of Code (SLOC) = 13382 Hits@level = [0] 0 [1] 6 [2] 26 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 33 [1+] 33 [2+] 27 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 2.466 [1+] 2.466 [2+] 2.01764 [3+] 0.0747272 [4+] 0.0747272 [5+] 0 Dot directories skipped = 5 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.