Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-dqrng-0.2.1+dfsg/inst/include/minimal_int_set.h
Examining data/r-cran-dqrng-0.2.1+dfsg/inst/include/dqrng_distribution.h
Examining data/r-cran-dqrng-0.2.1+dfsg/inst/include/dqrng.h
Examining data/r-cran-dqrng-0.2.1+dfsg/inst/include/convert_seed.h
Examining data/r-cran-dqrng-0.2.1+dfsg/inst/include/R_randgen.h
Examining data/r-cran-dqrng-0.2.1+dfsg/inst/include/dqrng_generator.h
Examining data/r-cran-dqrng-0.2.1+dfsg/inst/include/dqrng_RcppExports.h
Examining data/r-cran-dqrng-0.2.1+dfsg/inst/include/mystdint.h
Examining data/r-cran-dqrng-0.2.1+dfsg/inst/include/xoshiro.h
Examining data/r-cran-dqrng-0.2.1+dfsg/tests/testthat/cpp/convert.cpp
Examining data/r-cran-dqrng-0.2.1+dfsg/tests/testthat/cpp/default.cpp
Examining data/r-cran-dqrng-0.2.1+dfsg/tests/testthat/cpp/xoshiro-jump.cpp
Examining data/r-cran-dqrng-0.2.1+dfsg/src/generateSeedVectors.cpp
Examining data/r-cran-dqrng-0.2.1+dfsg/src/dqrng.cpp
Examining data/r-cran-dqrng-0.2.1+dfsg/src/RcppExports.cpp
FINAL RESULTS:
data/r-cran-dqrng-0.2.1+dfsg/inst/include/dqrng_distribution.h:30:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
using uniform_distribution = boost::random::uniform_real_distribution<double>;
data/r-cran-dqrng-0.2.1+dfsg/inst/include/dqrng_distribution.h:32:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
using normal_distribution = boost::random::normal_distribution<double>;
data/r-cran-dqrng-0.2.1+dfsg/inst/include/dqrng_distribution.h:33:41: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
using exponential_distribution = boost::random::exponential_distribution<double>;
data/r-cran-dqrng-0.2.1+dfsg/inst/include/dqrng_distribution.h:42:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
namespace random {
data/r-cran-dqrng-0.2.1+dfsg/inst/include/dqrng_generator.h:68:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
cache = uint32_t(random);
data/r-cran-dqrng-0.2.1+dfsg/inst/include/dqrng_generator.h:70:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random >> 32;
ANALYSIS SUMMARY:
Hits = 6
Lines analyzed = 1872 in approximately 0.07 seconds (25636 lines/second)
Physical Source Lines of Code (SLOC) = 1381
Hits@level = [0] 0 [1] 0 [2] 0 [3] 6 [4] 0 [5] 0
Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 6 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 4.34468 [1+] 4.34468 [2+] 4.34468 [3+] 4.34468 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.