Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/doctest-2.4.1+repack0/doctest/doctest.h
Examining data/doctest-2.4.1+repack0/doctest/extensions/doctest_mpi.h
Examining data/doctest-2.4.1+repack0/doctest/extensions/doctest_util.h
Examining data/doctest-2.4.1+repack0/doctest/extensions/mpi_reporter.h
Examining data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp
Examining data/doctest-2.4.1+repack0/doctest/parts/doctest_fwd.h
Examining data/doctest-2.4.1+repack0/examples/all_features/alternative_macros.cpp
Examining data/doctest-2.4.1+repack0/examples/all_features/assertion_macros.cpp
Examining data/doctest-2.4.1+repack0/examples/all_features/asserts_used_outside_of_tests.cpp
Examining data/doctest-2.4.1+repack0/examples/all_features/concurrency.cpp
Examining data/doctest-2.4.1+repack0/examples/all_features/doctest_proxy.h
Examining data/doctest-2.4.1+repack0/examples/all_features/enums.cpp
Examining data/doctest-2.4.1+repack0/examples/all_features/header.h
Examining data/doctest-2.4.1+repack0/examples/all_features/logging.cpp
Examining data/doctest-2.4.1+repack0/examples/all_features/main.cpp
Examining data/doctest-2.4.1+repack0/examples/all_features/reporters_and_listeners.cpp
Examining data/doctest-2.4.1+repack0/examples/all_features/stringification.cpp
Examining data/doctest-2.4.1+repack0/examples/all_features/subcases.cpp
Examining data/doctest-2.4.1+repack0/examples/all_features/templated_test_cases.cpp
Examining data/doctest-2.4.1+repack0/examples/all_features/test_cases_and_suites.cpp
Examining data/doctest-2.4.1+repack0/examples/exe_with_static_libs/lib_1_src1.cpp
Examining data/doctest-2.4.1+repack0/examples/exe_with_static_libs/lib_1_src2.cpp
Examining data/doctest-2.4.1+repack0/examples/exe_with_static_libs/lib_2_src.cpp
Examining data/doctest-2.4.1+repack0/examples/exe_with_static_libs/main.cpp
Examining data/doctest-2.4.1+repack0/examples/executable_dll_and_plugin/dll.cpp
Examining data/doctest-2.4.1+repack0/examples/executable_dll_and_plugin/implementation.cpp
Examining data/doctest-2.4.1+repack0/examples/executable_dll_and_plugin/implementation_2.cpp
Examining data/doctest-2.4.1+repack0/examples/executable_dll_and_plugin/main.cpp
Examining data/doctest-2.4.1+repack0/examples/executable_dll_and_plugin/plugin.cpp
Examining data/doctest-2.4.1+repack0/examples/installed_doctest_cmake/dll/dll.cpp
Examining data/doctest-2.4.1+repack0/examples/installed_doctest_cmake/dll/dll.h
Examining data/doctest-2.4.1+repack0/examples/installed_doctest_cmake/dll/exporting.h
Examining data/doctest-2.4.1+repack0/examples/installed_doctest_cmake/dll/main.cpp
Examining data/doctest-2.4.1+repack0/examples/installed_doctest_cmake/executable/main.cpp
Examining data/doctest-2.4.1+repack0/examples/mpi/main.cpp
Examining data/doctest-2.4.1+repack0/examples/mpi/mpi.cpp
Examining data/doctest-2.4.1+repack0/scripts/coverage_maxout.cpp
Examining data/doctest-2.4.1+repack0/scripts/development_only/doctest/doctest.h
Examining data/doctest-2.4.1+repack0/scripts/hello_world.cpp
Examining data/doctest-2.4.1+repack0/scripts/how_stuff_works/how_captures_work.cpp
Examining data/doctest-2.4.1+repack0/scripts/how_stuff_works/how_exception_translators_work.cpp
Examining data/doctest-2.4.1+repack0/scripts/how_stuff_works/how_subcases_work.cpp
Examining data/doctest-2.4.1+repack0/scripts/playground/main.cpp
Examining data/doctest-2.4.1+repack0/scripts/playground/test.cpp
FINAL RESULTS:
data/doctest-2.4.1+repack0/doctest/doctest.h:3347:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::sprintf(buf, fmt, in); \
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:705:14: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
std::sprintf(buf, fmt, in); \
data/doctest-2.4.1+repack0/doctest/doctest.h:6054:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(p->rand_seed);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:3412:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(p->rand_seed);
data/doctest-2.4.1+repack0/examples/executable_dll_and_plugin/main.cpp:30:29: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define LoadDynamicLib(lib) LoadLibrary(lib ".dll")
data/doctest-2.4.1+repack0/examples/executable_dll_and_plugin/main.cpp:32:29: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define LoadDynamicLib(lib) LoadLibrary("lib" lib ".dll")
data/doctest-2.4.1+repack0/doctest/doctest.h:485:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[len];
data/doctest-2.4.1+repack0/doctest/doctest.h:2879:65: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void my_memcpy(void* dest, const void* src, unsigned num) { memcpy(dest, src, num); }
data/doctest-2.4.1+repack0/doctest/doctest.h:3056:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, other.buf, len);
data/doctest-2.4.1+repack0/doctest/doctest.h:3062:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.ptr, other.data.ptr, data.size + 1);
data/doctest-2.4.1+repack0/doctest/doctest.h:3082:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, in, in_size + 1);
data/doctest-2.4.1+repack0/doctest/doctest.h:3089:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.ptr, in, in_size + 1);
data/doctest-2.4.1+repack0/doctest/doctest.h:3114:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + my_old_size, other.c_str(), other_size + 1);
data/doctest-2.4.1+repack0/doctest/doctest.h:3120:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, buf, my_old_size); // skip the +1 ('\0') for speed
data/doctest-2.4.1+repack0/doctest/doctest.h:3127:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.ptr + my_old_size, other.c_str(), other_size + 1);
data/doctest-2.4.1+repack0/doctest/doctest.h:3133:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.ptr + my_old_size, other.c_str(), other_size + 1);
data/doctest-2.4.1+repack0/doctest/doctest.h:3142:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, data.ptr, my_old_size); // skip the +1 ('\0') for speed
data/doctest-2.4.1+repack0/doctest/doctest.h:3149:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.ptr + my_old_size, other.c_str(), other_size + 1);
data/doctest-2.4.1+repack0/doctest/doctest.h:3160:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, other.buf, len);
data/doctest-2.4.1+repack0/doctest/doctest.h:3170:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, other.buf, len);
data/doctest-2.4.1+repack0/doctest/doctest.h:3346:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64]; \
data/doctest-2.4.1+repack0/doctest/doctest.h:4084:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char altStackMem[4 * SIGSTKSZ];
data/doctest-2.4.1+repack0/doctest/doctest.h:5007:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/doctest-2.4.1+repack0/doctest/doctest.h:5791:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int theInt = std::atoi(parsedValue.c_str()); // NOLINT
data/doctest-2.4.1+repack0/doctest/doctest.h:5990:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstr.open(p->out.c_str(), std::fstream::out);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:237:65: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void my_memcpy(void* dest, const void* src, unsigned num) { memcpy(dest, src, num); }
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:414:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, other.buf, len);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:420:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.ptr, other.data.ptr, data.size + 1);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:440:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, in, in_size + 1);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:447:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.ptr, in, in_size + 1);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:472:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + my_old_size, other.c_str(), other_size + 1);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:478:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, buf, my_old_size); // skip the +1 ('\0') for speed
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:485:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.ptr + my_old_size, other.c_str(), other_size + 1);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:491:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.ptr + my_old_size, other.c_str(), other_size + 1);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:500:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, data.ptr, my_old_size); // skip the +1 ('\0') for speed
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:507:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.ptr + my_old_size, other.c_str(), other_size + 1);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:518:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, other.buf, len);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:528:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, other.buf, len);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:704:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64]; \
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:1442:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char altStackMem[4 * SIGSTKSZ];
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:2365:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:3149:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int theInt = std::atoi(parsedValue.c_str()); // NOLINT
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:3348:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstr.open(p->out.c_str(), std::fstream::out);
data/doctest-2.4.1+repack0/doctest/parts/doctest_fwd.h:482:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[len];
data/doctest-2.4.1+repack0/scripts/how_stuff_works/how_captures_work.cpp:29:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct Chunk { char buf[sizeof(Capture<char>)]; };
data/doctest-2.4.1+repack0/doctest/doctest.h:3077:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: String(in, strlen(in)) {}
data/doctest-2.4.1+repack0/doctest/doctest.h:5318:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sizePrefixDisplay = static_cast<int>(strlen(DOCTEST_OPTIONS_PREFIX_DISPLAY));
data/doctest-2.4.1+repack0/doctest/doctest.h:5690:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(temp && (value || strlen(temp) == strlen(pattern))) { //!OCLINT prefer early exits and continue
data/doctest-2.4.1+repack0/doctest/doctest.h:5690:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(temp && (value || strlen(temp) == strlen(pattern))) { //!OCLINT prefer early exits and continue
data/doctest-2.4.1+repack0/doctest/doctest.h:5703:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp += strlen(pattern);
data/doctest-2.4.1+repack0/doctest/doctest.h:5704:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned len = strlen(temp);
data/doctest-2.4.1+repack0/doctest/doctest.h:5726:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(parseOptionImpl(argc, argv, pattern + strlen(DOCTEST_CONFIG_OPTIONS_PREFIX), value))
data/doctest-2.4.1+repack0/doctest/doctest.h:5747:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pch))
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:435:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: String(in, strlen(in)) {}
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:2676:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sizePrefixDisplay = static_cast<int>(strlen(DOCTEST_OPTIONS_PREFIX_DISPLAY));
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:3048:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(temp && (value || strlen(temp) == strlen(pattern))) { //!OCLINT prefer early exits and continue
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:3048:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(temp && (value || strlen(temp) == strlen(pattern))) { //!OCLINT prefer early exits and continue
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:3061:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp += strlen(pattern);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:3062:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned len = strlen(temp);
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:3084:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(parseOptionImpl(argc, argv, pattern + strlen(DOCTEST_CONFIG_OPTIONS_PREFIX), value))
data/doctest-2.4.1+repack0/doctest/parts/doctest.cpp:3105:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pch))
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 14963 in approximately 0.50 seconds (29868 lines/second)
Physical Source Lines of Code (SLOC) = 11442
Hits@level = [0] 11 [1] 16 [2] 39 [3] 4 [4] 2 [5] 0
Hits@level+ = [0+] 72 [1+] 61 [2+] 45 [3+] 6 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 6.29261 [1+] 5.33124 [2+] 3.93288 [3+] 0.524384 [4+] 0.174795 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.