Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kubrick-20.04.3/src/scenelabel.cpp
Examining data/kubrick-20.04.3/src/game.cpp
Examining data/kubrick-20.04.3/src/kubrick.cpp
Examining data/kubrick-20.04.3/src/kubrick.h
Examining data/kubrick-20.04.3/src/movetracker.cpp
Examining data/kubrick-20.04.3/src/kbkglobal.h
Examining data/kubrick-20.04.3/src/quaternion.cpp
Examining data/kubrick-20.04.3/src/quaternion.h
Examining data/kubrick-20.04.3/src/scenelabel.h
Examining data/kubrick-20.04.3/src/cube.cpp
Examining data/kubrick-20.04.3/src/gameglview.cpp
Examining data/kubrick-20.04.3/src/main.cpp
Examining data/kubrick-20.04.3/src/gamedialog.h
Examining data/kubrick-20.04.3/src/cube.h
Examining data/kubrick-20.04.3/src/game.h
Examining data/kubrick-20.04.3/src/movetracker.h
Examining data/kubrick-20.04.3/src/gamedialog.cpp
Examining data/kubrick-20.04.3/src/gameglview.h
FINAL RESULTS:
data/kubrick-20.04.3/src/game.cpp:56:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random.setSeed (0); // Zero gets us an arbitrary seed.
data/kubrick-20.04.3/src/game.cpp:1204:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double pickShape = random.getDouble ();
data/kubrick-20.04.3/src/game.cpp:1634:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (lo + (int) random.getLong (hi - lo + 1));
data/kubrick-20.04.3/src/game.h:195:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
KRandomSequence random; // Random number generator object.
data/kubrick-20.04.3/src/kubrick.cpp:467:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ident [10];
data/kubrick-20.04.3/src/kubrick.cpp:468:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ident, "slice n");
data/kubrick-20.04.3/src/kubrick.cpp:470:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (ident, "slice %d", i);
ANALYSIS SUMMARY:
Hits = 7
Lines analyzed = 6273 in approximately 0.49 seconds (12829 lines/second)
Physical Source Lines of Code (SLOC) = 3986
Hits@level = [0] 9 [1] 0 [2] 3 [3] 4 [4] 0 [5] 0
Hits@level+ = [0+] 16 [1+] 7 [2+] 7 [3+] 4 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 4.01405 [1+] 1.75615 [2+] 1.75615 [3+] 1.00351 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.