Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/empty_source_list/requirement.hpp
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/empty_source_list/test_bar.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/empty_source_list/test_foo.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/globbing/src/requirement.cpp
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/globbing/src/requirement.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/globbing/src/test_bar.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/globbing/src/test_foo.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/globbing_edmundo/hello.cc
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/globbing_edmundo/hellotest.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/globbing_edmundo/main.cpp
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/include_CCFLAGS/src/not-with-pedantic.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/include_CCFLAGS/src/only_with_ansi.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/include_CXXFLAGS/src/not-with-pedantic.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/libpath/src/foo.cpp
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/libpath/test/test.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/libpath_multitarget/src1/foo.cpp
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/libpath_multitarget/src2/bar.cpp
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/libpath_multitarget/test/test1.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/libpath_multitarget/test/test2.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/multifile_tests/src/requirement.cpp
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/multifile_tests/src/requirement.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/multifile_tests/src/test_bar.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/multifile_tests/src/test_foo.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/need_cpppath/src/cpppath.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/need_cpppath/src/cpppathdir/include.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/printer_propagation/cxxtest/CrazyRunner.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/printer_propagation/src/failtest.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/recursive_sources/src/requirement.cpp
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/recursive_sources/src/requirement.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/recursive_sources/src/test_bar.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/recursive_sources/src/test_foo.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/string_cpppath/src/cpppath.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/string_cpppath/src/cpppathdir/include.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/target_syntax/src/cpppath.t.h
Examining data/cxxtest-4.4+git171022/build_tools/SCons/test/target_syntax/src/cpppathdir/include.h
Examining data/cxxtest-4.4+git171022/cxxtest/Descriptions.cpp
Examining data/cxxtest-4.4+git171022/cxxtest/Descriptions.h
Examining data/cxxtest-4.4+git171022/cxxtest/DummyDescriptions.cpp
Examining data/cxxtest-4.4+git171022/cxxtest/DummyDescriptions.h
Examining data/cxxtest-4.4+git171022/cxxtest/ErrorFormatter.h
Examining data/cxxtest-4.4+git171022/cxxtest/ErrorPrinter.h
Examining data/cxxtest-4.4+git171022/cxxtest/Flags.h
Examining data/cxxtest-4.4+git171022/cxxtest/GlobalFixture.cpp
Examining data/cxxtest-4.4+git171022/cxxtest/GlobalFixture.h
Examining data/cxxtest-4.4+git171022/cxxtest/Gui.h
Examining data/cxxtest-4.4+git171022/cxxtest/LinkedList.cpp
Examining data/cxxtest-4.4+git171022/cxxtest/LinkedList.h
Examining data/cxxtest-4.4+git171022/cxxtest/MSVCErrorPrinter.h
Examining data/cxxtest-4.4+git171022/cxxtest/Mock.h
Examining data/cxxtest-4.4+git171022/cxxtest/ParenPrinter.h
Examining data/cxxtest-4.4+git171022/cxxtest/QtGui.h
Examining data/cxxtest-4.4+git171022/cxxtest/RealDescriptions.cpp
Examining data/cxxtest-4.4+git171022/cxxtest/RealDescriptions.h
Examining data/cxxtest-4.4+git171022/cxxtest/Root.cpp
Examining data/cxxtest-4.4+git171022/cxxtest/SelfTest.h
Examining data/cxxtest-4.4+git171022/cxxtest/StdHeaders.h
Examining data/cxxtest-4.4+git171022/cxxtest/StdTestSuite.h
Examining data/cxxtest-4.4+git171022/cxxtest/StdValueTraits.h
Examining data/cxxtest-4.4+git171022/cxxtest/StdioFilePrinter.h
Examining data/cxxtest-4.4+git171022/cxxtest/StdioPrinter.h
Examining data/cxxtest-4.4+git171022/cxxtest/TeeListener.h
Examining data/cxxtest-4.4+git171022/cxxtest/TestListener.h
Examining data/cxxtest-4.4+git171022/cxxtest/TestMain.h
Examining data/cxxtest-4.4+git171022/cxxtest/TestRunner.h
Examining data/cxxtest-4.4+git171022/cxxtest/TestSuite.cpp
Examining data/cxxtest-4.4+git171022/cxxtest/TestSuite.h
Examining data/cxxtest-4.4+git171022/cxxtest/TestTracker.cpp
Examining data/cxxtest-4.4+git171022/cxxtest/TestTracker.h
Examining data/cxxtest-4.4+git171022/cxxtest/ValueTraits.cpp
Examining data/cxxtest-4.4+git171022/cxxtest/ValueTraits.h
Examining data/cxxtest-4.4+git171022/cxxtest/Win32Gui.h
Examining data/cxxtest-4.4+git171022/cxxtest/X11Gui.h
Examining data/cxxtest-4.4+git171022/cxxtest/XUnitPrinter.h
Examining data/cxxtest-4.4+git171022/cxxtest/XmlFormatter.h
Examining data/cxxtest-4.4+git171022/cxxtest/XmlPrinter.h
Examining data/cxxtest-4.4+git171022/cxxtest/YesNoRunner.h
Examining data/cxxtest-4.4+git171022/cxxtest/unix.h
Examining data/cxxtest-4.4+git171022/doc/examples/Assertions.h
Examining data/cxxtest-4.4+git171022/doc/examples/BadTestSuite1.h
Examining data/cxxtest-4.4+git171022/doc/examples/MockTestSuite.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyClass.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite1.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite10.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite11.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite12.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite2.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite3.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite4.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite5.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite6.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite7.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite8.h
Examining data/cxxtest-4.4+git171022/doc/examples/MyTestSuite9.h
Examining data/cxxtest-4.4+git171022/doc/examples/Namespace1.h
Examining data/cxxtest-4.4+git171022/doc/examples/Namespace2.h
Examining data/cxxtest-4.4+git171022/doc/examples/TMyClass.h
Examining data/cxxtest-4.4+git171022/doc/examples/rand_example.cpp
Examining data/cxxtest-4.4+git171022/doc/examples/time_mock.cpp
Examining data/cxxtest-4.4+git171022/doc/examples/time_mock.h
Examining data/cxxtest-4.4+git171022/doc/examples/time_real.cpp
Examining data/cxxtest-4.4+git171022/sample/CreatedTest.h
Examining data/cxxtest-4.4+git171022/sample/DeltaTest.h
Examining data/cxxtest-4.4+git171022/sample/EnumTraits.h
Examining data/cxxtest-4.4+git171022/sample/ExceptionTest.h
Examining data/cxxtest-4.4+git171022/sample/FixtureTest.h
Examining data/cxxtest-4.4+git171022/sample/MessageTest.h
Examining data/cxxtest-4.4+git171022/sample/SCons/include/stack.h
Examining data/cxxtest-4.4+git171022/sample/SCons/src/stack.c
Examining data/cxxtest-4.4+git171022/sample/SCons/tests/stack_test.h
Examining data/cxxtest-4.4+git171022/sample/SimpleTest.h
Examining data/cxxtest-4.4+git171022/sample/TraitsTest.h
Examining data/cxxtest-4.4+git171022/sample/gui/GreenYellowRed.h
Examining data/cxxtest-4.4+git171022/sample/mock/Dice.cpp
Examining data/cxxtest-4.4+git171022/sample/mock/Dice.h
Examining data/cxxtest-4.4+git171022/sample/mock/MockStdlib.h
Examining data/cxxtest-4.4+git171022/sample/mock/T/stdlib.h
Examining data/cxxtest-4.4+git171022/sample/mock/TestDice.h
Examining data/cxxtest-4.4+git171022/sample/mock/mock_stdlib.cpp
Examining data/cxxtest-4.4+git171022/sample/mock/real_stdlib.cpp
Examining data/cxxtest-4.4+git171022/sample/mock/roll.cpp
Examining data/cxxtest-4.4+git171022/sample/yes_no_runner.cpp
Examining data/cxxtest-4.4+git171022/test/AborterNoThrow.h
Examining data/cxxtest-4.4+git171022/test/BadTest.h
Examining data/cxxtest-4.4+git171022/test/CharAssertions.h
Examining data/cxxtest-4.4+git171022/test/Comments.h
Examining data/cxxtest-4.4+git171022/test/Comments2.h
Examining data/cxxtest-4.4+git171022/test/CppTemplateTest.h
Examining data/cxxtest-4.4+git171022/test/DeepAbort.h
Examining data/cxxtest-4.4+git171022/test/DefaultAbort.h
Examining data/cxxtest-4.4+git171022/test/DefaultTraits.h
Examining data/cxxtest-4.4+git171022/test/DoubleCall.h
Examining data/cxxtest-4.4+git171022/test/DynamicAbort.h
Examining data/cxxtest-4.4+git171022/test/DynamicMax.h
Examining data/cxxtest-4.4+git171022/test/EmptySuite.h
Examining data/cxxtest-4.4+git171022/test/Exceptions.h
Examining data/cxxtest-4.4+git171022/test/Factor.h
Examining data/cxxtest-4.4+git171022/test/ForceNoEh.h
Examining data/cxxtest-4.4+git171022/test/GfSetUpFails.h
Examining data/cxxtest-4.4+git171022/test/GfSetUpThrows.h
Examining data/cxxtest-4.4+git171022/test/GfTearDownFails.h
Examining data/cxxtest-4.4+git171022/test/GfTearDownThrows.h
Examining data/cxxtest-4.4+git171022/test/GlobalFixtures.h
Examining data/cxxtest-4.4+git171022/test/GoodSuite.h
Examining data/cxxtest-4.4+git171022/test/GuiWait.h
Examining data/cxxtest-4.4+git171022/test/HaveStd.h
Examining data/cxxtest-4.4+git171022/test/IncludeTest.h
Examining data/cxxtest-4.4+git171022/test/InheritedTest.h
Examining data/cxxtest-4.4+git171022/test/Int64.h
Examining data/cxxtest-4.4+git171022/test/LessThanEquals.h
Examining data/cxxtest-4.4+git171022/test/LongLong.h
Examining data/cxxtest-4.4+git171022/test/LongTraits.h
Examining data/cxxtest-4.4+git171022/test/MaxDump.h
Examining data/cxxtest-4.4+git171022/test/MockTest.h
Examining data/cxxtest-4.4+git171022/test/Namespace1.h
Examining data/cxxtest-4.4+git171022/test/Namespace2.h
Examining data/cxxtest-4.4+git171022/test/NoEh.h
Examining data/cxxtest-4.4+git171022/test/NullPtrGuards.h
Examining data/cxxtest-4.4+git171022/test/Part1.h
Examining data/cxxtest-4.4+git171022/test/Part2.h
Examining data/cxxtest-4.4+git171022/test/Relation.h
Examining data/cxxtest-4.4+git171022/test/SameData.h
Examining data/cxxtest-4.4+git171022/test/SameFiles.h
Examining data/cxxtest-4.4+git171022/test/SameFilesLonger.h
Examining data/cxxtest-4.4+git171022/test/SameZero.h
Examining data/cxxtest-4.4+git171022/test/SetUpWorldError.h
Examining data/cxxtest-4.4+git171022/test/SetUpWorldFails.h
Examining data/cxxtest-4.4+git171022/test/SetUpWorldThrows.h
Examining data/cxxtest-4.4+git171022/test/SimpleInheritedTest.h
Examining data/cxxtest-4.4+git171022/test/SimpleInheritedTest2.h
Examining data/cxxtest-4.4+git171022/test/Something.h
Examining data/cxxtest-4.4+git171022/test/StlTraits.h
Examining data/cxxtest-4.4+git171022/test/TearDownWorldFails.h
Examining data/cxxtest-4.4+git171022/test/TearDownWorldThrows.h
Examining data/cxxtest-4.4+git171022/test/TestNonFinite.h
Examining data/cxxtest-4.4+git171022/test/ThrowNoStd.h
Examining data/cxxtest-4.4+git171022/test/ThrowsAssert.h
Examining data/cxxtest-4.4+git171022/test/TraitsTest.h
Examining data/cxxtest-4.4+git171022/test/Tsm.h
Examining data/cxxtest-4.4+git171022/test/UserTraits.h
Examining data/cxxtest-4.4+git171022/test/VoidTraits.h
Examining data/cxxtest-4.4+git171022/test/WideCharTest.h
Examining data/cxxtest-4.4+git171022/test/WorldFixtures.h
Examining data/cxxtest-4.4+git171022/test/anything.cpp
Examining data/cxxtest-4.4+git171022/test/cxxtest/DummyGui.h
Examining data/cxxtest-4.4+git171022/test/fake/X11/Xlib.h
Examining data/cxxtest-4.4+git171022/test/fake/X11/Xutil.h
Examining data/cxxtest-4.4+git171022/test/fake/commctrl.h
Examining data/cxxtest-4.4+git171022/test/fake/qapplication.h
Examining data/cxxtest-4.4+git171022/test/fake/qglobal.h
Examining data/cxxtest-4.4+git171022/test/fake/qlabel.h
Examining data/cxxtest-4.4+git171022/test/fake/qlayout.h
Examining data/cxxtest-4.4+git171022/test/fake/qmessagebox.h
Examining data/cxxtest-4.4+git171022/test/fake/qpixmap.h
Examining data/cxxtest-4.4+git171022/test/fake/qprogressbar.h
Examining data/cxxtest-4.4+git171022/test/fake/qstatusbar.h
Examining data/cxxtest-4.4+git171022/test/fake/qstring.h
Examining data/cxxtest-4.4+git171022/test/fake/qwidget.h
Examining data/cxxtest-4.4+git171022/test/fake/windows.h
Examining data/cxxtest-4.4+git171022/test/int64.cpp
Examining data/cxxtest-4.4+git171022/test/longlong.cpp
Examining data/cxxtest-4.4+git171022/test/main.cpp
Examining data/cxxtest-4.4+git171022/test/stpltpl.cpp
Examining data/cxxtest-4.4+git171022/test/tpltpl.cpp
Examining data/cxxtest-4.4+git171022/test/unit/LinkedList_test.t.h
Examining data/cxxtest-4.4+git171022/test/wchar.cpp
FINAL RESULTS:
data/cxxtest-4.4+git171022/cxxtest/ValueTraits.h:229:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(res, tmp.c_str());
data/cxxtest-4.4+git171022/cxxtest/Win32Gui.h:451:9: [4] (buffer) lstrcpyA:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
lstrcpyA(name, _title);
data/cxxtest-4.4+git171022/cxxtest/Win32Gui.h:452:9: [4] (buffer) lstrcatA:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcatA(name, " - ");
data/cxxtest-4.4+git171022/cxxtest/Win32Gui.h:453:9: [4] (buffer) lstrcatA:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcatA(name, a);
data/cxxtest-4.4+git171022/cxxtest/Win32Gui.h:454:9: [4] (buffer) lstrcatA:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcatA(name, b);
data/cxxtest-4.4+git171022/cxxtest/Win32Gui.h:455:9: [4] (buffer) lstrcatA:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcatA(name, c);
data/cxxtest-4.4+git171022/cxxtest/Win32Gui.h:456:9: [4] (buffer) lstrcatA:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcatA(name, d);
data/cxxtest-4.4+git171022/cxxtest/X11Gui.h:284:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s - %s::%s()", _programName, suiteName, testName);
data/cxxtest-4.4+git171022/cxxtest/X11Gui.h:335:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%u of %s (%u%%)", _testsDone, _strTotalTests, (_testsDone * 100) / _numTotalTests);
data/cxxtest-4.4+git171022/sample/TraitsTest.h:19:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
Pet(const char *petName) { strcpy(_name, petName); }
data/cxxtest-4.4+git171022/sample/TraitsTest.h:39:35: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
ValueTraits(const Pet &pet) { sprintf(_asString, "Pet(\"%s\")", pet.name()); }
data/cxxtest-4.4+git171022/test/fake/windows.h:104:12: [4] (buffer) lstrcpyA:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
inline int lstrcpyA(LPSTR, LPCSTR) { return 0; }
data/cxxtest-4.4+git171022/test/fake/windows.h:105:12: [4] (buffer) lstrcatA:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
inline int lstrcatA(LPSTR, LPCSTR) { return 0; }
data/cxxtest-4.4+git171022/test/fake/windows.h:106:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define wsprintfA sprintf
data/cxxtest-4.4+git171022/sample/mock/Dice.cpp:6:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
T::srand(T::time(0));
data/cxxtest-4.4+git171022/sample/mock/MockStdlib.h:11:10: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void srand(unsigned seed)
data/cxxtest-4.4+git171022/sample/mock/T/stdlib.h:9:27: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
CXXTEST_MOCK_VOID_GLOBAL( srand, ( unsigned seed ), ( seed ) );
data/cxxtest-4.4+git171022/cxxtest/ErrorFormatter.h:77:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[WorldDescription::MAX_STRLEN_TOTAL_TESTS];
data/cxxtest-4.4+git171022/cxxtest/ErrorPrinter.h:59:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1 + 3 * sizeof(unsigned)];
data/cxxtest-4.4+git171022/cxxtest/QtGui.h:168:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[WorldDescription::MAX_STRLEN_TOTAL_TESTS];
data/cxxtest-4.4+git171022/cxxtest/StdValueTraits.h:103:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[2] = { s[i], '\0' };
data/cxxtest-4.4+git171022/cxxtest/StdValueTraits.h:110:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[sizeof("\\xXX")];
data/cxxtest-4.4+git171022/cxxtest/StdValueTraits.h:134:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[sizeof("\\x12345678")];
data/cxxtest-4.4+git171022/cxxtest/TestSuite.cpp:170:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
is1.open(file1);
data/cxxtest-4.4+git171022/cxxtest/TestSuite.cpp:172:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
is2.open(file2);
data/cxxtest-4.4+git171022/cxxtest/ValueTraits.cpp:38:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char asHex[3];
data/cxxtest-4.4+git171022/cxxtest/ValueTraits.h:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _asString[sizeof("{ ") + sizeof("XX ") * MAX_BYTES + sizeof("... }")];
data/cxxtest-4.4+git171022/cxxtest/ValueTraits.h:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _asString[2 + 3 * sizeof(T)];
data/cxxtest-4.4+git171022/cxxtest/ValueTraits.h:275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _asString[1 + 3 * sizeof(T)];
data/cxxtest-4.4+git171022/cxxtest/ValueTraits.h:291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _asString[2 + 3 * sizeof(T)];
data/cxxtest-4.4+git171022/cxxtest/ValueTraits.h:306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _asString[1 + 3 * sizeof(T)];
data/cxxtest-4.4+git171022/cxxtest/ValueTraits.h:337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _asString[sizeof("'\\xXX'")];
data/cxxtest-4.4+git171022/cxxtest/ValueTraits.h:379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _asString[1 + MAX_DIGITS_ON_LEFT + 1 + DIGITS_ON_RIGHT + 1];
data/cxxtest-4.4+git171022/cxxtest/ValueTraits.h:415:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _fallback[sizeof("(" #TYPE ")") + 3 * sizeof(TYPE)]; \
data/cxxtest-4.4+git171022/cxxtest/Win32Gui.h:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _strTotalTests[WorldDescription::MAX_STRLEN_TOTAL_TESTS];
data/cxxtest-4.4+git171022/cxxtest/Win32Gui.h:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _statusTestsDone[sizeof("1000000000 of (100%)") + WorldDescription::MAX_STRLEN_TOTAL_TESTS];
data/cxxtest-4.4+git171022/cxxtest/Win32Gui.h:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _timeString[sizeof("00:00:00")];
data/cxxtest-4.4+git171022/cxxtest/X11Gui.h:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _strTotalTests[WorldDescription::MAX_STRLEN_TOTAL_TESTS];
data/cxxtest-4.4+git171022/cxxtest/X11Gui.h:334:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[sizeof("1000000000 of ") + sizeof(_strTotalTests) + sizeof(" (100%)")];
data/cxxtest-4.4+git171022/cxxtest/XmlFormatter.h:293:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[WorldDescription::MAX_STRLEN_TOTAL_TESTS];
data/cxxtest-4.4+git171022/cxxtest/XmlFormatter.h:600:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_date_string[27];
data/cxxtest-4.4+git171022/cxxtest/XmlPrinter.h:65:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1 + 3 * sizeof(unsigned)];
data/cxxtest-4.4+git171022/cxxtest/unix.h:48:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[WorldDescription::MAX_STRLEN_TOTAL_TESTS];
data/cxxtest-4.4+git171022/cxxtest/unix.h:298:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1 + 3 * sizeof(unsigned)];
data/cxxtest-4.4+git171022/doc/examples/Assertions.h:88:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[26];
data/cxxtest-4.4+git171022/doc/examples/MyClass.h:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _s[256];
data/cxxtest-4.4+git171022/doc/examples/MyClass.h:34:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ValueTraits(const MyClass& m) { sprintf(_s, "MyClass( %i )", m.value); }
data/cxxtest-4.4+git171022/doc/examples/MyTestSuite5.h:23:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(_buffer, "Hello, world!");
data/cxxtest-4.4+git171022/doc/examples/MyTestSuite5.h:30:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_buffer, "Hello, world!", sizeof(char));
data/cxxtest-4.4+git171022/doc/examples/MyTestSuite7.h:11:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[3];
data/cxxtest-4.4+git171022/doc/examples/MyTestSuite7.h:20:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[3];
data/cxxtest-4.4+git171022/sample/FixtureTest.h:26:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(_buffer, "Hello, world!");
data/cxxtest-4.4+git171022/sample/TraitsTest.h:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _name[128];
data/cxxtest-4.4+git171022/sample/TraitsTest.h:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _asString[256];
data/cxxtest-4.4+git171022/test/DefaultTraits.h:13:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[8];
data/cxxtest-4.4+git171022/test/DefaultTraits.h:29:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[9];
data/cxxtest-4.4+git171022/test/DynamicMax.h:7:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[DATA_SIZE], y[DATA_SIZE];
data/cxxtest-4.4+git171022/test/DynamicMax.h:45:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[DATA_SIZE], y[DATA_SIZE];
data/cxxtest-4.4+git171022/test/Factor.h:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_STRLEN_TOTAL_TESTS * 2];
data/cxxtest-4.4+git171022/test/SameData.h:11:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[DATA_SIZE], y[DATA_SIZE];
data/cxxtest-4.4+git171022/test/SameZero.h:10:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4];
data/cxxtest-4.4+git171022/test/UserTraits.h:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _asString[128]; // Crude, but it should be enough
data/cxxtest-4.4+git171022/test/UserTraits.h:24:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ValueTraits(int i) { sprintf(_asString, "0x%X", i); }
data/cxxtest-4.4+git171022/cxxtest/X11Gui.h:282:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned length = strlen(_programName) + strlen(suiteName) + strlen(testName) + sizeof(" - ::()");
data/cxxtest-4.4+git171022/cxxtest/X11Gui.h:282:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned length = strlen(_programName) + strlen(suiteName) + strlen(testName) + sizeof(" - ::()");
data/cxxtest-4.4+git171022/cxxtest/X11Gui.h:282:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned length = strlen(_programName) + strlen(suiteName) + strlen(testName) + sizeof(" - ::()");
data/cxxtest-4.4+git171022/cxxtest/X11Gui.h:336:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = strlen(str);
data/cxxtest-4.4+git171022/cxxtest/XmlFormatter.h:609:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t n = strlen(ctime_r(&now, current_date_string));
ANALYSIS SUMMARY:
Hits = 68
Lines analyzed = 13254 in approximately 0.36 seconds (36362 lines/second)
Physical Source Lines of Code (SLOC) = 9744
Hits@level = [0] 13 [1] 5 [2] 46 [3] 3 [4] 14 [5] 0
Hits@level+ = [0+] 81 [1+] 68 [2+] 63 [3+] 17 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 8.31281 [1+] 6.97865 [2+] 6.46552 [3+] 1.74466 [4+] 1.43678 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.