Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cpputest-4.0/generated/CppUTestGeneratedConfig.h
Examining data/cpputest-4.0/platforms/iar/tests/CppUTestExt/AllTests.cpp
Examining data/cpputest-4.0/platforms/iar/tests/AllTests.cpp
Examining data/cpputest-4.0/platforms/iar/tests/AllTests.h
Examining data/cpputest-4.0/platforms/CCStudio/tests/CppUTest/AllTestsForTarget.cpp
Examining data/cpputest-4.0/platforms/CCStudio/tests/CppUTestExt/AllTestsForTarget.cpp
Examining data/cpputest-4.0/include/Platforms/c2000/stdint.h
Examining data/cpputest-4.0/include/CppUTest/JUnitTestOutput.h
Examining data/cpputest-4.0/include/CppUTest/TestRegistry.h
Examining data/cpputest-4.0/include/CppUTest/CommandLineTestRunner.h
Examining data/cpputest-4.0/include/CppUTest/SimpleMutex.h
Examining data/cpputest-4.0/include/CppUTest/MemoryLeakWarningPlugin.h
Examining data/cpputest-4.0/include/CppUTest/TestHarness_c.h
Examining data/cpputest-4.0/include/CppUTest/TeamCityTestOutput.h
Examining data/cpputest-4.0/include/CppUTest/TestFailure.h
Examining data/cpputest-4.0/include/CppUTest/TestFilter.h
Examining data/cpputest-4.0/include/CppUTest/TestHarness.h
Examining data/cpputest-4.0/include/CppUTest/CppUTestConfig.h
Examining data/cpputest-4.0/include/CppUTest/PlatformSpecificFunctions_c.h
Examining data/cpputest-4.0/include/CppUTest/Utest.h
Examining data/cpputest-4.0/include/CppUTest/SimpleStringInternalCache.h
Examining data/cpputest-4.0/include/CppUTest/TestTestingFixture.h
Examining data/cpputest-4.0/include/CppUTest/CppUTestGeneratedConfig.h
Examining data/cpputest-4.0/include/CppUTest/StandardCLibrary.h
Examining data/cpputest-4.0/include/CppUTest/TestOutput.h
Examining data/cpputest-4.0/include/CppUTest/MemoryLeakDetectorNewMacros.h
Examining data/cpputest-4.0/include/CppUTest/TestResult.h
Examining data/cpputest-4.0/include/CppUTest/TestMemoryAllocator.h
Examining data/cpputest-4.0/include/CppUTest/MemoryLeakDetectorMallocMacros.h
Examining data/cpputest-4.0/include/CppUTest/SimpleString.h
Examining data/cpputest-4.0/include/CppUTest/CommandLineArguments.h
Examining data/cpputest-4.0/include/CppUTest/UtestMacros.h
Examining data/cpputest-4.0/include/CppUTest/PlatformSpecificFunctions.h
Examining data/cpputest-4.0/include/CppUTest/TestPlugin.h
Examining data/cpputest-4.0/include/CppUTest/MemoryLeakDetector.h
Examining data/cpputest-4.0/include/CppUTestExt/MockCheckedExpectedCall.h
Examining data/cpputest-4.0/include/CppUTestExt/MockExpectedCallsList.h
Examining data/cpputest-4.0/include/CppUTestExt/MockSupport_c.h
Examining data/cpputest-4.0/include/CppUTestExt/IEEE754ExceptionsPlugin.h
Examining data/cpputest-4.0/include/CppUTestExt/MockNamedValue.h
Examining data/cpputest-4.0/include/CppUTestExt/MemoryReportAllocator.h
Examining data/cpputest-4.0/include/CppUTestExt/GTestConvertor.h
Examining data/cpputest-4.0/include/CppUTestExt/MockSupportPlugin.h
Examining data/cpputest-4.0/include/CppUTestExt/MockCheckedActualCall.h
Examining data/cpputest-4.0/include/CppUTestExt/MemoryReportFormatter.h
Examining data/cpputest-4.0/include/CppUTestExt/CodeMemoryReportFormatter.h
Examining data/cpputest-4.0/include/CppUTestExt/MockExpectedCall.h
Examining data/cpputest-4.0/include/CppUTestExt/GTest.h
Examining data/cpputest-4.0/include/CppUTestExt/GTestSupport.h
Examining data/cpputest-4.0/include/CppUTestExt/MockFailure.h
Examining data/cpputest-4.0/include/CppUTestExt/MockActualCall.h
Examining data/cpputest-4.0/include/CppUTestExt/MockSupport.h
Examining data/cpputest-4.0/include/CppUTestExt/GMock.h
Examining data/cpputest-4.0/include/CppUTestExt/OrderedTest.h
Examining data/cpputest-4.0/include/CppUTestExt/MemoryReporterPlugin.h
Examining data/cpputest-4.0/tests/CppUTest/CompatabilityTests.cpp
Examining data/cpputest-4.0/tests/CppUTest/SetPluginTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/UtestPlatformTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/UtestTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/SimpleStringTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/CommandLineTestRunnerTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/TestFailureNaNTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/TestRegistryTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/CheatSheetTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/TestMemoryAllocatorTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/TeamCityOutputTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/SimpleStringCacheTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/PreprocessorTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/TestFilterTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/MemoryLeakWarningTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/TestFailureTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/AllocLetTestFreeTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/CommandLineArgumentsTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/AllocLetTestFree.c
Examining data/cpputest-4.0/tests/CppUTest/AllocationInCFile.h
Examining data/cpputest-4.0/tests/CppUTest/PluginTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/TestOutputTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/TestHarness_cTestCFile.c
Examining data/cpputest-4.0/tests/CppUTest/AllocationInCppFile.h
Examining data/cpputest-4.0/tests/CppUTest/SimpleMutexTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/DummyMemoryLeakDetector.h
Examining data/cpputest-4.0/tests/CppUTest/MemoryOperatorOverloadTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/TestHarness_cTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/MemoryLeakDetectorTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/TestUTestMacro.cpp
Examining data/cpputest-4.0/tests/CppUTest/JUnitOutputTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/AllTests.cpp
Examining data/cpputest-4.0/tests/CppUTest/AllTests.h
Examining data/cpputest-4.0/tests/CppUTest/TestUTestStringMacro.cpp
Examining data/cpputest-4.0/tests/CppUTest/AllocationInCFile.c
Examining data/cpputest-4.0/tests/CppUTest/TestResultTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/AllocationInCppFile.cpp
Examining data/cpputest-4.0/tests/CppUTest/TestInstallerTest.cpp
Examining data/cpputest-4.0/tests/CppUTest/AllocLetTestFree.h
Examining data/cpputest-4.0/tests/CppUTest/DummyMemoryLeakDetector.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockSupport_cTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockParameterTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockFailureTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockFakeLongLong.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockSupportTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/ExpectedFunctionsListTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/IEEE754PluginTest_c.c
Examining data/cpputest-4.0/tests/CppUTestExt/CodeMemoryReporterTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockComparatorCopierTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/GMockTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockPluginTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockExpectedCallTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockCallTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockSupport_cTestCFile.h
Examining data/cpputest-4.0/tests/CppUTestExt/IEEE754PluginTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockHierarchyTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/GTest1Test.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MemoryReportAllocatorTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockStrictOrderTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/GTest2ConvertorTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MemoryReportFormatterTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/OrderedTestTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockFailureReporterForTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockFailureReporterForTest.h
Examining data/cpputest-4.0/tests/CppUTestExt/MockReturnValueTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/IEEE754PluginTest_c.h
Examining data/cpputest-4.0/tests/CppUTestExt/MockCheatSheetTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockActualCallTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/OrderedTestTest.h
Examining data/cpputest-4.0/tests/CppUTestExt/AllTests.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/OrderedTestTest_c.c
Examining data/cpputest-4.0/tests/CppUTestExt/MemoryReporterPluginTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockNamedValueTest.cpp
Examining data/cpputest-4.0/tests/CppUTestExt/MockSupport_cTestCFile.c
Examining data/cpputest-4.0/platforms_examples/armcc/LPC1833/tests/test1.cpp
Examining data/cpputest-4.0/platforms_examples/armcc/LPC1833/tests/main.cpp
Examining data/cpputest-4.0/platforms_examples/armcc/LPC1833/src/dummy.c
Examining data/cpputest-4.0/platforms_examples/armcc/LPC1768/tests/main.cpp
Examining data/cpputest-4.0/platforms_examples/armcc/AT91SAM7A3/tests/main.cpp
Examining data/cpputest-4.0/examples/AllTests/MockPrinter.h
Examining data/cpputest-4.0/examples/AllTests/HelloTest.cpp
Examining data/cpputest-4.0/examples/AllTests/EventDispatcherTest.cpp
Examining data/cpputest-4.0/examples/AllTests/CircularBufferTest.cpp
Examining data/cpputest-4.0/examples/AllTests/PrinterTest.cpp
Examining data/cpputest-4.0/examples/AllTests/MockDocumentationTest.cpp
Examining data/cpputest-4.0/examples/AllTests/AllTests.cpp
Examining data/cpputest-4.0/examples/AllTests/AllTests.h
Examining data/cpputest-4.0/examples/AllTests/FEDemoTest.cpp
Examining data/cpputest-4.0/examples/ApplicationLib/Printer.h
Examining data/cpputest-4.0/examples/ApplicationLib/hello.c
Examining data/cpputest-4.0/examples/ApplicationLib/Printer.cpp
Examining data/cpputest-4.0/examples/ApplicationLib/CircularBuffer.h
Examining data/cpputest-4.0/examples/ApplicationLib/ExamplesNewOverrides.h
Examining data/cpputest-4.0/examples/ApplicationLib/CircularBuffer.cpp
Examining data/cpputest-4.0/examples/ApplicationLib/EventDispatcher.cpp
Examining data/cpputest-4.0/examples/ApplicationLib/hello.h
Examining data/cpputest-4.0/examples/ApplicationLib/EventDispatcher.h
Examining data/cpputest-4.0/scripts/UnityTemplates/ClassNameCTest.cpp
Examining data/cpputest-4.0/scripts/UnityTemplates/InterfaceCTest.cpp
Examining data/cpputest-4.0/scripts/UnityTemplates/ClassNameCIoDriverTest.cpp
Examining data/cpputest-4.0/scripts/UnityTemplates/FunctionNameCTest.cpp
Examining data/cpputest-4.0/scripts/UnityTemplates/ClassNameCMultipleInstanceTest.cpp
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ClassNameC.c
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ClassNameCTest.cpp
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ProjectTemplate/include/util/ProjectBuildTime.h
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ProjectTemplate/tests/util/ProjectBuildTimeTest.cpp
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ProjectTemplate/tests/AllTests.cpp
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ProjectTemplate/src/util/ProjectBuildTime.cpp
Examining data/cpputest-4.0/scripts/CppUnitTemplates/MockClassNameC.c
Examining data/cpputest-4.0/scripts/CppUnitTemplates/InterfaceCTest.cpp
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ClassNameCMultipleInstance.h
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ClassNameCPolymorphic.c
Examining data/cpputest-4.0/scripts/CppUnitTemplates/MockClassNameC.h
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ClassNameC.h
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ClassNameCMultipleInstance.c
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ClassNameTest.cpp
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ClassName.cpp
Examining data/cpputest-4.0/scripts/CppUnitTemplates/InterfaceTest.cpp
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ClassNameCMultipleInstanceTest.cpp
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ClassNameCPolymorphic.h
Examining data/cpputest-4.0/scripts/CppUnitTemplates/ClassName.h
Examining data/cpputest-4.0/scripts/CppUnitTemplates/MockClassName.h
Examining data/cpputest-4.0/scripts/templates/ClassNameC.c
Examining data/cpputest-4.0/scripts/templates/ClassNameCTest.cpp
Examining data/cpputest-4.0/scripts/templates/ProjectTemplate/include/util/ProjectBuildTime.h
Examining data/cpputest-4.0/scripts/templates/ProjectTemplate/tests/util/ProjectBuildTimeTest.cpp
Examining data/cpputest-4.0/scripts/templates/ProjectTemplate/tests/AllTests.cpp
Examining data/cpputest-4.0/scripts/templates/ProjectTemplate/src/util/ProjectBuildTime.cpp
Examining data/cpputest-4.0/scripts/templates/MockClassNameC.c
Examining data/cpputest-4.0/scripts/templates/InterfaceCTest.cpp
Examining data/cpputest-4.0/scripts/templates/FunctionNameC.h
Examining data/cpputest-4.0/scripts/templates/ClassNameCMultipleInstance.h
Examining data/cpputest-4.0/scripts/templates/ClassNameCIoDriverTest.cpp
Examining data/cpputest-4.0/scripts/templates/ClassNameCIoDriver.h
Examining data/cpputest-4.0/scripts/templates/ClassNameCPolymorphic.c
Examining data/cpputest-4.0/scripts/templates/FunctionNameCTest.cpp
Examining data/cpputest-4.0/scripts/templates/MockClassNameC.h
Examining data/cpputest-4.0/scripts/templates/ClassNameC.h
Examining data/cpputest-4.0/scripts/templates/ClassNameCMultipleInstance.c
Examining data/cpputest-4.0/scripts/templates/FunctionNameC.c
Examining data/cpputest-4.0/scripts/templates/ClassNameTest.cpp
Examining data/cpputest-4.0/scripts/templates/ClassName.cpp
Examining data/cpputest-4.0/scripts/templates/InterfaceTest.cpp
Examining data/cpputest-4.0/scripts/templates/ClassNameCMultipleInstanceTest.cpp
Examining data/cpputest-4.0/scripts/templates/ClassNameCPolymorphic.h
Examining data/cpputest-4.0/scripts/templates/ClassNameCIoDriver.c
Examining data/cpputest-4.0/scripts/templates/ClassName.h
Examining data/cpputest-4.0/scripts/templates/MockClassName.h
Examining data/cpputest-4.0/src/Platforms/Iar/UtestPlatform.cpp
Examining data/cpputest-4.0/src/Platforms/Dos/UtestPlatform.cpp
Examining data/cpputest-4.0/src/Platforms/Symbian/SymbianMemoryLeakWarning.cpp
Examining data/cpputest-4.0/src/Platforms/Symbian/UtestPlatform.cpp
Examining data/cpputest-4.0/src/Platforms/Gcc/UtestPlatform.cpp
Examining data/cpputest-4.0/src/Platforms/VisualCpp/UtestPlatform.cpp
Examining data/cpputest-4.0/src/Platforms/Keil/UtestPlatform.cpp
Examining data/cpputest-4.0/src/Platforms/armcc/UtestPlatform.cpp
Examining data/cpputest-4.0/src/Platforms/C2000/UtestPlatform.cpp
Examining data/cpputest-4.0/src/Platforms/GccNoStdC/UtestPlatform.cpp
Examining data/cpputest-4.0/src/CppUTest/TestOutput.cpp
Examining data/cpputest-4.0/src/CppUTest/TestFilter.cpp
Examining data/cpputest-4.0/src/CppUTest/TestMemoryAllocator.cpp
Examining data/cpputest-4.0/src/CppUTest/TestFailure.cpp
Examining data/cpputest-4.0/src/CppUTest/SimpleString.cpp
Examining data/cpputest-4.0/src/CppUTest/MemoryLeakWarningPlugin.cpp
Examining data/cpputest-4.0/src/CppUTest/TeamCityTestOutput.cpp
Examining data/cpputest-4.0/src/CppUTest/Utest.cpp
Examining data/cpputest-4.0/src/CppUTest/TestHarness_c.cpp
Examining data/cpputest-4.0/src/CppUTest/SimpleStringInternalCache.cpp
Examining data/cpputest-4.0/src/CppUTest/TestResult.cpp
Examining data/cpputest-4.0/src/CppUTest/CommandLineArguments.cpp
Examining data/cpputest-4.0/src/CppUTest/MemoryLeakDetector.cpp
Examining data/cpputest-4.0/src/CppUTest/SimpleMutex.cpp
Examining data/cpputest-4.0/src/CppUTest/TestTestingFixture.cpp
Examining data/cpputest-4.0/src/CppUTest/JUnitTestOutput.cpp
Examining data/cpputest-4.0/src/CppUTest/TestPlugin.cpp
Examining data/cpputest-4.0/src/CppUTest/CommandLineTestRunner.cpp
Examining data/cpputest-4.0/src/CppUTest/TestRegistry.cpp
Examining data/cpputest-4.0/src/CppUTestExt/MemoryReporterPlugin.cpp
Examining data/cpputest-4.0/src/CppUTestExt/MockFailure.cpp
Examining data/cpputest-4.0/src/CppUTestExt/GTest.cpp
Examining data/cpputest-4.0/src/CppUTestExt/CodeMemoryReportFormatter.cpp
Examining data/cpputest-4.0/src/CppUTestExt/MockExpectedCallsList.cpp
Examining data/cpputest-4.0/src/CppUTestExt/MockNamedValue.cpp
Examining data/cpputest-4.0/src/CppUTestExt/MockSupport_c.cpp
Examining data/cpputest-4.0/src/CppUTestExt/MockExpectedCall.cpp
Examining data/cpputest-4.0/src/CppUTestExt/MockActualCall.cpp
Examining data/cpputest-4.0/src/CppUTestExt/MemoryReportFormatter.cpp
Examining data/cpputest-4.0/src/CppUTestExt/MockSupportPlugin.cpp
Examining data/cpputest-4.0/src/CppUTestExt/MemoryReportAllocator.cpp
Examining data/cpputest-4.0/src/CppUTestExt/IEEE754ExceptionsPlugin.cpp
Examining data/cpputest-4.0/src/CppUTestExt/MockSupport.cpp
Examining data/cpputest-4.0/src/CppUTestExt/OrderedTest.cpp
FINAL RESULTS:
data/cpputest-4.0/examples/ApplicationLib/hello.c:36:42: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int (*PrintFormated)(const char*, ...) = printf;
data/cpputest-4.0/include/CppUTest/MemoryLeakDetector.h:61:54: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void add(const char* format, ...) _check_format_(printf, 2, 3);
data/cpputest-4.0/include/CppUTest/SimpleString.h:100:18: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
static char* StrNCpy(char* s1, const char* s2, size_t n);
data/cpputest-4.0/include/CppUTest/SimpleString.h:206:71: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
SimpleString StringFromFormat(const char* format, ...) _check_format_(printf, 1, 2);
data/cpputest-4.0/src/CppUTest/SimpleString.cpp:193:21: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char* SimpleString::StrNCpy(char* s1, const char* s2, size_t n)
data/cpputest-4.0/src/CppUTest/SimpleString.cpp:307:9: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrNCpy(next, other, otherStringLength + 1);
data/cpputest-4.0/src/CppUTest/SimpleString.cpp:408:17: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrNCpy(&newbuf[j], with, withlen + 1);
data/cpputest-4.0/src/CppUTest/SimpleString.cpp:490:5: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrNCpy(tbuffer + originalSize, rhs, additionalStringSize);
data/cpputest-4.0/src/CppUTest/SimpleString.cpp:558:5: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrNCpy(newBuffer, bufferToCopy, bufferSize);
data/cpputest-4.0/src/CppUTest/SimpleString.cpp:570:5: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
StrNCpy(bufferToCopy, getBuffer(), sizeToCopy);
data/cpputest-4.0/src/CppUTestExt/CodeMemoryReportFormatter.cpp:70:19: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
SimpleString::StrNCpy(newNode->variableName_, variableName, MAX_VARIABLE_NAME_LENGTH);
data/cpputest-4.0/src/Platforms/C2000/UtestPlatform.cpp:129:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int vsnprintf(char*, size_t, const char*, va_list); // not std::vsnprintf()
data/cpputest-4.0/src/Platforms/C2000/UtestPlatform.cpp:131:81: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int (*PlatformSpecificVSNprintf)(char *, size_t, const char*, va_list) = vsnprintf;
data/cpputest-4.0/src/Platforms/Dos/UtestPlatform.cpp:119:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return vsnprintf(str, size, format, args);
data/cpputest-4.0/src/Platforms/Gcc/UtestPlatform.cpp:236:102: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int (*PlatformSpecificVSNprintf)(char *str, size_t size, const char* format, va_list va_args_list) = vsnprintf;
data/cpputest-4.0/src/Platforms/Iar/UtestPlatform.cpp:127:94: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int (*PlatformSpecificVSNprintf)(char *str, size_t size, const char* format, va_list args) = vsnprintf;
data/cpputest-4.0/src/Platforms/Keil/UtestPlatform.cpp:138:105: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int (*PlatformSpecificVSNprintf)(char *str, size_t size, const char* format, va_list args) = vsnprintf;
data/cpputest-4.0/src/Platforms/Symbian/UtestPlatform.cpp:92:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return vsnprintf(str, size, format, args);
data/cpputest-4.0/src/Platforms/armcc/UtestPlatform.cpp:127:94: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int (*PlatformSpecificVSNprintf)(char *str, size_t size, const char* format, va_list args) = vsnprintf;
data/cpputest-4.0/tests/CppUTest/MemoryLeakDetectorTest.cpp:166:19: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
SimpleString::StrNCpy(mem, "test1", 6);
data/cpputest-4.0/tests/CppUTest/SimpleStringTest.cpp:941:46: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
STRCMP_EQUAL("womanXXXXX", SimpleString::StrNCpy(str, "woman", 5));
data/cpputest-4.0/tests/CppUTest/SimpleStringTest.cpp:947:41: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
STRCMP_EQUAL("woman", SimpleString::StrNCpy(str, "woman", 6));
data/cpputest-4.0/tests/CppUTest/SimpleStringTest.cpp:952:43: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
POINTERS_EQUAL(NULLPTR, SimpleString::StrNCpy(NULLPTR, "woman", 6));
data/cpputest-4.0/tests/CppUTest/SimpleStringTest.cpp:958:41: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
STRCMP_EQUAL("woman", SimpleString::StrNCpy(str, "woman", 8));
data/cpputest-4.0/tests/CppUTest/SimpleStringTest.cpp:964:46: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
STRCMP_EQUAL("XXXXXXXXXX", SimpleString::StrNCpy(str, "woman", 0));
data/cpputest-4.0/tests/CppUTest/SimpleStringTest.cpp:970:19: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
SimpleString::StrNCpy(str+3, "e", 1);
data/cpputest-4.0/tests/CppUTest/TestHarness_cTest.cpp:758:19: [4] (buffer) StrNCpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
SimpleString::StrNCpy(mem1, number_string, 10);
data/cpputest-4.0/src/Platforms/Dos/UtestPlatform.cpp:191:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/cpputest-4.0/src/Platforms/Gcc/UtestPlatform.cpp:295:47: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void (*PlatformSpecificSrand)(unsigned int) = srand;
data/cpputest-4.0/src/Platforms/VisualCpp/UtestPlatform.cpp:188:47: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void (*PlatformSpecificSrand)(unsigned int) = srand;
data/cpputest-4.0/src/Platforms/VisualCpp/UtestPlatform.cpp:209:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(critical_section);
data/cpputest-4.0/src/Platforms/VisualCpp/UtestPlatform.cpp:215:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection((CRITICAL_SECTION*)mutex);
data/cpputest-4.0/include/CppUTest/CppUTestConfig.h:283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[CPPUTEST_SIZE_OF_FAKE_LONG_LONG_TYPE];
data/cpputest-4.0/include/CppUTest/CppUTestConfig.h:292:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[CPPUTEST_SIZE_OF_FAKE_LONG_LONG_TYPE];
data/cpputest-4.0/include/CppUTest/MemoryLeakDetector.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_[SIMPLE_STRING_BUFFER_LEN];
data/cpputest-4.0/include/CppUTestExt/MockNamedValue.h:174:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longLongPlaceholder_[CPPUTEST_SIZE_OF_FAKE_LONG_LONG_TYPE];
data/cpputest-4.0/include/CppUTestExt/MockSupport_c.h:68:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longLongPlaceholder[CPPUTEST_SIZE_OF_FAKE_LONG_LONG_TYPE];
data/cpputest-4.0/src/CppUTest/SimpleString.cpp:503:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[2];
data/cpputest-4.0/src/CppUTest/SimpleString.cpp:867:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defaultBuffer[sizeOfdefaultBuffer];
data/cpputest-4.0/src/CppUTest/TeamCityTestOutput.cpp:58:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[3];
data/cpputest-4.0/src/CppUTestExt/CodeMemoryReportFormatter.cpp:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char variableName_[MAX_VARIABLE_NAME_LENGTH + 1];
data/cpputest-4.0/src/Platforms/C2000/UtestPlatform.cpp:58:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer [BUFFER_SIZE]; /* "never used" warning is OK */
data/cpputest-4.0/src/Platforms/C2000/UtestPlatform.cpp:135:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(filename, flag);
data/cpputest-4.0/src/Platforms/Dos/UtestPlatform.cpp:128:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(filename, flag);
data/cpputest-4.0/src/Platforms/Dos/UtestPlatform.cpp:175:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(s1, s2, size);
data/cpputest-4.0/src/Platforms/Gcc/UtestPlatform.cpp:213:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dateTime[80];
data/cpputest-4.0/src/Platforms/Gcc/UtestPlatform.cpp:245:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(filename, flag);
data/cpputest-4.0/src/Platforms/Gcc/UtestPlatform.cpp:274:63: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void* (*PlatformSpecificMemCpy)(void*, const void*, size_t) = memcpy;
data/cpputest-4.0/src/Platforms/Iar/UtestPlatform.cpp:164:63: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void* (*PlatformSpecificMemCpy)(void*, const void*, size_t) = memcpy;
data/cpputest-4.0/src/Platforms/Keil/UtestPlatform.cpp:132:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(str);
data/cpputest-4.0/src/Platforms/Keil/UtestPlatform.cpp:167:78: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void* (*PlatformSpecificMemCpy)(void* s1, const void* s2, size_t size) = memcpy;
data/cpputest-4.0/src/Platforms/Symbian/UtestPlatform.cpp:120:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(s1, s2, size);
data/cpputest-4.0/src/Platforms/Symbian/UtestPlatform.cpp:129:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(filename, flag);
data/cpputest-4.0/src/Platforms/VisualCpp/UtestPlatform.cpp:29:47: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define FOPEN(fp, filename, flag) *(fp) = fopen((filename), (flag))
data/cpputest-4.0/src/Platforms/VisualCpp/UtestPlatform.cpp:31:35: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define LOCALTIME(_tm, timer) memcpy(_tm, localtime(timer), sizeof(tm));
data/cpputest-4.0/src/Platforms/VisualCpp/UtestPlatform.cpp:110:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dateTime[80];
data/cpputest-4.0/src/Platforms/VisualCpp/UtestPlatform.cpp:193:74: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void* (*PlatformSpecificMemCpy)(void* s1, const void* s2, size_t size) = memcpy;
data/cpputest-4.0/src/Platforms/armcc/UtestPlatform.cpp:131:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(filename, flag);
data/cpputest-4.0/src/Platforms/armcc/UtestPlatform.cpp:159:63: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void* (*PlatformSpecificMemCpy)(void*, const void*, size_t) = memcpy;
data/cpputest-4.0/tests/CppUTest/MemoryLeakDetectorTest.cpp:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mem[amount_alloc];
data/cpputest-4.0/tests/CppUTest/SimpleStringTest.cpp:760:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/cpputest-4.0/tests/CppUTest/SimpleStringTest.cpp:769:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/cpputest-4.0/tests/CppUTest/SimpleStringTest.cpp:1093:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char value[129];
data/cpputest-4.0/tests/CppUTestExt/MockExpectedCallTest.cpp:593:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer_value[3];
data/cpputest-4.0/tests/CppUTestExt/MockExpectedCallTest.cpp:608:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer_value[3];
data/cpputest-4.0/include/CppUTestExt/MockNamedValue.h:69:44: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
MockFunctionComparator(isEqualFunction equal, valueToStringFunction valToString)
data/cpputest-4.0/include/CppUTestExt/MockNamedValue.h:70:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
: equal_(equal), valueToString_(valToString) {}
data/cpputest-4.0/src/CppUTestExt/MockSupport_c.cpp:80:92: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
MockCFunctionComparatorNode(MockCFunctionComparatorNode* next, MockTypeEqualFunction_c equal, MockTypeValueToStringFunction_c toString)
data/cpputest-4.0/src/CppUTestExt/MockSupport_c.cpp:81:31: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
: next_(next), equal_(equal), toString_(toString) {}
ANALYSIS SUMMARY:
Hits = 69
Lines analyzed = 45543 in approximately 1.35 seconds (33729 lines/second)
Physical Source Lines of Code (SLOC) = 32723
Hits@level = [0] 6 [1] 4 [2] 33 [3] 5 [4] 27 [5] 0
Hits@level+ = [0+] 75 [1+] 69 [2+] 65 [3+] 32 [4+] 27 [5+] 0
Hits/KSLOC@level+ = [0+] 2.29197 [1+] 2.10861 [2+] 1.98637 [3+] 0.977905 [4+] 0.825108 [5+] 0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.