Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libnop-0.0~git20200728.45dfe0f/examples/interface.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/examples/pipe.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/examples/shared.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/examples/simple_protocol.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/examples/stream.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/examples/stream_utilities.h
Examining data/libnop-0.0~git20200728.45dfe0f/examples/string_to_hex.h
Examining data/libnop-0.0~git20200728.45dfe0f/examples/table.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/examples/variant.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/array.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/encoding.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/encoding_byte.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/enum.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/handle.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/logical_buffer.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/macros.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/map.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/members.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/optional.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/pair.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/reference_wrapper.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/result.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/serializer.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/string.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/table.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/tuple.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/utility.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/value.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/variant.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/base/vector.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/protocol.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/rpc/interface.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/rpc/simple_method_receiver.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/rpc/simple_method_sender.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/serializer.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/status.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/structure.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/table.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/traits/function_traits.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/traits/is_comparable.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/traits/is_detected.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/traits/is_fungible.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/traits/is_template_base_of.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/traits/void.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/types/detail/logical_buffer.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/types/detail/member_pointer.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/types/detail/variant.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/types/enum_flags.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/types/file_handle.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/types/handle.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/types/optional.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/types/result.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/types/thread_local.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/types/variant.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/backtrace.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/bounded_reader.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/bounded_writer.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/buffer_reader.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/buffer_writer.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/compiler.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/constexpr_buffer_writer.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/die.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/endian.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/fd_reader.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/fd_writer.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/pedantic_buffer_reader.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/pedantic_buffer_writer.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/sip_hash.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/stream_reader.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/stream_writer.h
Examining data/libnop-0.0~git20200728.45dfe0f/include/nop/value.h
Examining data/libnop-0.0~git20200728.45dfe0f/test/constexpr_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/encoding_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/endian_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/enum_flags_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/fungible_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/handle_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/interface_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/mock_reader.h
Examining data/libnop-0.0~git20200728.45dfe0f/test/mock_writer.h
Examining data/libnop-0.0~git20200728.45dfe0f/test/nop_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/optional_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/result_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/serializer_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/sip_hash_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/test_reader.h
Examining data/libnop-0.0~git20200728.45dfe0f/test/test_utilities.h
Examining data/libnop-0.0~git20200728.45dfe0f/test/test_writer.h
Examining data/libnop-0.0~git20200728.45dfe0f/test/thread_local_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/utility_tests.cpp
Examining data/libnop-0.0~git20200728.45dfe0f/test/variant_tests.cpp
FINAL RESULTS:
data/libnop-0.0~git20200728.45dfe0f/examples/stream_utilities.h:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_[kBufferSize];
data/libnop-0.0~git20200728.45dfe0f/include/nop/types/file_handle.h:68:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return UniqueFileHandle{::open(path.c_str(), flags, mode)};
data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/buffer_reader.h:64:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(begin, &buffer_[index_], length_bytes);
data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/buffer_writer.h:63:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&buffer_[index_], begin, length_bytes);
data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/pedantic_buffer_reader.h:65:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(begin, &buffer_[index_], length_bytes);
data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/pedantic_buffer_writer.h:69:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&buffer_[index_], begin, length_bytes);
data/libnop-0.0~git20200728.45dfe0f/test/handle_tests.cpp:115:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/zero", O_RDONLY);
data/libnop-0.0~git20200728.45dfe0f/test/serializer_tests.cpp:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[128];
data/libnop-0.0~git20200728.45dfe0f/test/serializer_tests.cpp:6359:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char expected[4] = {'a', 'b', 'c', 'd'};
data/libnop-0.0~git20200728.45dfe0f/test/serializer_tests.cpp:7439:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char expected[4] = {'a', 'b', 'c', 'd'};
data/libnop-0.0~git20200728.45dfe0f/examples/pipe.cpp:154:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int count = read(handle.get(), &data[0], data.size());
data/libnop-0.0~git20200728.45dfe0f/examples/stream_utilities.h:144:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int count = read(fd_, &buffer_[4], kBufferSize - 4);
data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/fd_reader.h:66:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const int ret = ::read(fd_, byte, sizeof(*byte));
data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/stream_reader.h:45:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream_.read(reinterpret_cast<CharType*>(byte), sizeof(std::uint8_t));
data/libnop-0.0~git20200728.45dfe0f/include/nop/utility/stream_reader.h:56:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream_.read(begin_char, length_bytes);
data/libnop-0.0~git20200728.45dfe0f/test/handle_tests.cpp:128:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(file_handle2.get(), buffer.data(), buffer.size()));
data/libnop-0.0~git20200728.45dfe0f/test/handle_tests.cpp:133:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(handle.get(), buffer.data(), buffer.size()));
data/libnop-0.0~git20200728.45dfe0f/test/handle_tests.cpp:136:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(file_handle2.get(), buffer.data(), buffer.size()));
data/libnop-0.0~git20200728.45dfe0f/test/handle_tests.cpp:143:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXPECT_EQ(-1, read(fd, buffer.data(), buffer.size()));
ANALYSIS SUMMARY:
Hits = 19
Lines analyzed = 24837 in approximately 0.97 seconds (25716 lines/second)
Physical Source Lines of Code (SLOC) = 17483
Hits@level = [0] 0 [1] 9 [2] 10 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 19 [1+] 19 [2+] 10 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.08677 [1+] 1.08677 [2+] 0.571984 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.