Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/blobop.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/sqlexpr.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlernumerical.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datamodelarray.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/batch.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/value.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/quarklist.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/sqlbuilder.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlerbin.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/blob.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/serverprovider.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/value.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/connectionevent.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datacomparator.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/wrap_init.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/config.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlernumerical.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/serveroperation.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/sqlstatement.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/xatransaction.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/sqlstatement.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/sqlexpr.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/metastruct.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datamodeliter.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/numeric.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/metastore.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/dataproxy.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/init.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/row.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/sqlparser.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/xatransaction.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlerboolean.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/dataproxy.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/blob.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/transactionstatus.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/holder.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datamodel.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/statement.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlertime.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/quarklist.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/throw_exception.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/set.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlerbin.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/blobop.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/sqlparser.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/dataselect.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/column.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/dataaccesswrapper.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/dataselect.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/wrap_init.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/metastruct.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datahandler.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/dataaccesswrapper.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datamodelarray.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/blob_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/connectionevent_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/blobop_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/statement_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/datamodel_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/config_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/dataselect_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/datamodeliter_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/datahandler_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/handlernumerical_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/dataaccesswrapper_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/handlertime_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/handlerbin_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/handlerstring_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/transactionstatus_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/metastruct_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/connection_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/holder_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/datamodelarray_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/datamodelimport_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/handlertype_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/dataproxy_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/metastore_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/datacomparator_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/row_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/set_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/numeric_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/xatransaction_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/sqlparser_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/handlerboolean_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/column_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/serveroperation_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/sqlexpr_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/serverprovider_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/sqlstatement_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/sqlbuilder_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/batch_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/private/quarklist_p.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/init.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/batch.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/statement.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlerstring.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/serveroperation.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datahandler.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlertime.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/config.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/connectionevent.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datacomparator.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/serverprovider.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlerstring.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlertype.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datamodeliter.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlertype.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datamodel.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/row.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/sqlbuilder.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/transactionstatus.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/holder.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/connection.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/numeric.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/set.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/handlerboolean.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datamodelimport.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/datamodelimport.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/connection.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/throw_exception.cc Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/metastore.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm/column.h Examining data/libgdamm5.0-4.99.11/libgda/libgdamm.h Examining data/libgdamm5.0-4.99.11/examples/sqlbuilder/main.cc Examining data/libgdamm5.0-4.99.11/examples/simple/main.cc Examining data/libgdamm5.0-4.99.11/examples/config/main.cc Examining data/libgdamm5.0-4.99.11/tools/extra_defs_gen/generate_defs_gda.cc FINAL RESULTS: data/libgdamm5.0-4.99.11/libgda/libgdamm/connection.cc:898:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool Connection::open() data/libgdamm5.0-4.99.11/libgda/libgdamm/connection.h:382:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(); data/libgdamm5.0-4.99.11/libgda/libgdamm/blobop.cc:176:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long BlobOp::read(Blob& blob, long offset, long size) data/libgdamm5.0-4.99.11/libgda/libgdamm/blobop.h:139:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long read(Blob& blob, long offset, long size); data/libgdamm5.0-4.99.11/libgda/libgdamm/column.cc:41:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool Column::equal(const Glib::RefPtr<const Column>& src) const data/libgdamm5.0-4.99.11/libgda/libgdamm/column.h:141:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal(const Glib::RefPtr<const Column>& src) const; ANALYSIS SUMMARY: Hits = 6 Lines analyzed = 30039 in approximately 1.15 seconds (26130 lines/second) Physical Source Lines of Code (SLOC) = 14774 Hits@level = [0] 0 [1] 4 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.406119 [1+] 0.406119 [2+] 0.135373 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.