Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/frog-0.20/src/FrogAPI.cxx
Examining data/frog-0.20/src/FrogData.cxx
Examining data/frog-0.20/src/mbma_rule.cxx
Examining data/frog-0.20/src/mbma_mod.cxx
Examining data/frog-0.20/src/mbma_brackets.cxx
Examining data/frog-0.20/src/clex.cxx
Examining data/frog-0.20/src/mblem_mod.cxx
Examining data/frog-0.20/src/csidp.cxx
Examining data/frog-0.20/src/ckyparser.cxx
Examining data/frog-0.20/src/Frog-util.cxx
Examining data/frog-0.20/src/mwu_chunker_mod.cxx
Examining data/frog-0.20/src/Parser.cxx
Examining data/frog-0.20/src/AlpinoParser.cxx
Examining data/frog-0.20/src/tagger_base.cxx
Examining data/frog-0.20/src/cgn_tagger_mod.cxx
Examining data/frog-0.20/src/iob_tagger_mod.cxx
Examining data/frog-0.20/src/ner_tagger_mod.cxx
Examining data/frog-0.20/src/ucto_tokenizer_mod.cxx
Examining data/frog-0.20/src/Frog.cxx
Examining data/frog-0.20/src/mblem_prog.cxx
Examining data/frog-0.20/src/mbma_prog.cxx
Examining data/frog-0.20/src/ner_prog.cxx
Examining data/frog-0.20/include/frog/FrogAPI.h
Examining data/frog-0.20/include/frog/FrogData.h
Examining data/frog-0.20/include/frog/Frog-util.h
Examining data/frog-0.20/include/frog/mblem_mod.h
Examining data/frog-0.20/include/frog/mbma_rule.h
Examining data/frog-0.20/include/frog/mbma_mod.h
Examining data/frog-0.20/include/frog/mbma_brackets.h
Examining data/frog-0.20/include/frog/clex.h
Examining data/frog-0.20/include/frog/mwu_chunker_mod.h
Examining data/frog-0.20/include/frog/tagger_base.h
Examining data/frog-0.20/include/frog/cgn_tagger_mod.h
Examining data/frog-0.20/include/frog/iob_tagger_mod.h
Examining data/frog-0.20/include/frog/Parser.h
Examining data/frog-0.20/include/frog/AlpinoParser.h
Examining data/frog-0.20/include/frog/ucto_tokenizer_mod.h
Examining data/frog-0.20/include/frog/ner_tagger_mod.h
Examining data/frog-0.20/include/frog/csidp.h
Examining data/frog-0.20/include/frog/ckyparser.h
FINAL RESULTS:
data/frog-0.20/src/AlpinoParser.cxx:176:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int res = system( cmd.c_str() );
data/frog-0.20/src/AlpinoParser.cxx:822:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int res = system( parseCmd.c_str() );
data/frog-0.20/src/Frog.cxx:688:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( system( remove_command.c_str() ) ){
data/frog-0.20/src/Frog.cxx:863:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(0));
data/frog-0.20/src/AlpinoParser.cxx:784:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( client.read(s) ){
data/frog-0.20/src/FrogAPI.cxx:855:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( conn.read(s) ){
data/frog-0.20/src/FrogAPI.cxx:885:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( !conn.read( json_line ) ){
data/frog-0.20/src/FrogAPI.cxx:914:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( !conn.read( data ) ){
data/frog-0.20/src/FrogAPI.cxx:921:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( conn.read(line) ){
data/frog-0.20/src/Parser.cxx:1030:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
data/frog-0.20/src/Parser.cxx:1048:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
data/frog-0.20/src/Parser.cxx:1072:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
data/frog-0.20/src/mblem_mod.cxx:483:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
data/frog-0.20/src/mblem_mod.cxx:501:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
data/frog-0.20/src/mblem_mod.cxx:522:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
data/frog-0.20/src/mbma_mod.cxx:1001:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
data/frog-0.20/src/mbma_mod.cxx:1019:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
data/frog-0.20/src/mbma_mod.cxx:1044:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
data/frog-0.20/src/tagger_base.cxx:346:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
data/frog-0.20/src/tagger_base.cxx:368:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
data/frog-0.20/src/tagger_base.cxx:393:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
client.read( line );
ANALYSIS SUMMARY:
Hits = 21
Lines analyzed = 16290 in approximately 0.42 seconds (38674 lines/second)
Physical Source Lines of Code (SLOC) = 12373
Hits@level = [0] 0 [1] 17 [2] 0 [3] 1 [4] 3 [5] 0
Hits@level+ = [0+] 21 [1+] 21 [2+] 4 [3+] 4 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 1.69724 [1+] 1.69724 [2+] 0.323285 [3+] 0.323285 [4+] 0.242463 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.