Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-ranger-0.12.1/src/ForestProbability.h
Examining data/r-cran-ranger-0.12.1/src/ForestRegression.h
Examining data/r-cran-ranger-0.12.1/src/DataSparse.h
Examining data/r-cran-ranger-0.12.1/src/Forest.h
Examining data/r-cran-ranger-0.12.1/src/utility.cpp
Examining data/r-cran-ranger-0.12.1/src/Forest.cpp
Examining data/r-cran-ranger-0.12.1/src/TreeProbability.h
Examining data/r-cran-ranger-0.12.1/src/DataChar.h
Examining data/r-cran-ranger-0.12.1/src/ForestSurvival.cpp
Examining data/r-cran-ranger-0.12.1/src/utilityRcpp.cpp
Examining data/r-cran-ranger-0.12.1/src/TreeProbability.cpp
Examining data/r-cran-ranger-0.12.1/src/TreeRegression.h
Examining data/r-cran-ranger-0.12.1/src/ForestSurvival.h
Examining data/r-cran-ranger-0.12.1/src/ForestClassification.h
Examining data/r-cran-ranger-0.12.1/src/DataSparse.cpp
Examining data/r-cran-ranger-0.12.1/src/TreeClassification.cpp
Examining data/r-cran-ranger-0.12.1/src/TreeSurvival.h
Examining data/r-cran-ranger-0.12.1/src/ForestClassification.cpp
Examining data/r-cran-ranger-0.12.1/src/TreeClassification.h
Examining data/r-cran-ranger-0.12.1/src/Tree.h
Examining data/r-cran-ranger-0.12.1/src/Tree.cpp
Examining data/r-cran-ranger-0.12.1/src/DataFloat.h
Examining data/r-cran-ranger-0.12.1/src/Data.h
Examining data/r-cran-ranger-0.12.1/src/DataRcpp.h
Examining data/r-cran-ranger-0.12.1/src/ForestProbability.cpp
Examining data/r-cran-ranger-0.12.1/src/utility.h
Examining data/r-cran-ranger-0.12.1/src/rangerCpp.cpp
Examining data/r-cran-ranger-0.12.1/src/DataDouble.h
Examining data/r-cran-ranger-0.12.1/src/TreeRegression.cpp
Examining data/r-cran-ranger-0.12.1/src/globals.h
Examining data/r-cran-ranger-0.12.1/src/Data.cpp
Examining data/r-cran-ranger-0.12.1/src/AAA_check_cpp11.cpp
Examining data/r-cran-ranger-0.12.1/src/RcppExports.cpp
Examining data/r-cran-ranger-0.12.1/src/ForestRegression.cpp
Examining data/r-cran-ranger-0.12.1/src/TreeSurvival.cpp
Examining data/r-cran-ranger-0.12.1/inst/include/ranger.h
FINAL RESULTS:
data/r-cran-ranger-0.12.1/src/Data.cpp:51:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file.open(filename);
data/r-cran-ranger-0.12.1/src/Data.cpp:64:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file.open(filename);
data/r-cran-ranger-0.12.1/src/Forest.cpp:366:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
importance_file.open(filename, std::ios::out);
data/r-cran-ranger-0.12.1/src/Forest.cpp:406:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(filename, std::ios::binary);
data/r-cran-ranger-0.12.1/src/Forest.cpp:871:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile.open(filename, std::ios::binary);
data/r-cran-ranger-0.12.1/src/Forest.cpp:904:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile.open(filename, std::ios::binary);
data/r-cran-ranger-0.12.1/src/ForestClassification.cpp:196:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(filename, std::ios::out);
data/r-cran-ranger-0.12.1/src/ForestClassification.cpp:240:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(filename, std::ios::out);
data/r-cran-ranger-0.12.1/src/ForestProbability.cpp:209:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(filename, std::ios::out);
data/r-cran-ranger-0.12.1/src/ForestProbability.cpp:227:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(filename, std::ios::out);
data/r-cran-ranger-0.12.1/src/ForestRegression.cpp:156:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(filename, std::ios::out);
data/r-cran-ranger-0.12.1/src/ForestRegression.cpp:174:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(filename, std::ios::out);
data/r-cran-ranger-0.12.1/src/ForestSurvival.cpp:198:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(filename, std::ios::out);
data/r-cran-ranger-0.12.1/src/ForestSurvival.cpp:217:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(filename, std::ios::out);
data/r-cran-ranger-0.12.1/src/utility.cpp:69:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_file.open(filename);
data/r-cran-ranger-0.12.1/src/Forest.cpp:878:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &num_dependent_variables, sizeof(num_dependent_variables));
data/r-cran-ranger-0.12.1/src/Forest.cpp:881:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &length, sizeof(size_t));
data/r-cran-ranger-0.12.1/src/Forest.cpp:886:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &num_trees, sizeof(num_trees));
data/r-cran-ranger-0.12.1/src/Forest.cpp:911:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &num_dependent_variables, sizeof(num_dependent_variables));
data/r-cran-ranger-0.12.1/src/Forest.cpp:914:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &length, sizeof(size_t));
data/r-cran-ranger-0.12.1/src/Forest.cpp:916:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) temp, length * sizeof(char));
data/r-cran-ranger-0.12.1/src/ForestClassification.cpp:288:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &num_variables_saved, sizeof(num_variables_saved));
data/r-cran-ranger-0.12.1/src/ForestClassification.cpp:292:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &treetype, sizeof(treetype));
data/r-cran-ranger-0.12.1/src/ForestProbability.cpp:282:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &num_variables_saved, sizeof(num_variables_saved));
data/r-cran-ranger-0.12.1/src/ForestProbability.cpp:286:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &treetype, sizeof(treetype));
data/r-cran-ranger-0.12.1/src/ForestRegression.cpp:219:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &num_variables_saved, sizeof(num_variables_saved));
data/r-cran-ranger-0.12.1/src/ForestRegression.cpp:223:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &treetype, sizeof(treetype));
data/r-cran-ranger-0.12.1/src/ForestSurvival.cpp:273:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &num_variables_saved, sizeof(num_variables_saved));
data/r-cran-ranger-0.12.1/src/ForestSurvival.cpp:277:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*) &treetype, sizeof(treetype));
data/r-cran-ranger-0.12.1/src/utility.h:87:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read((char*) &length, sizeof(length));
data/r-cran-ranger-0.12.1/src/utility.h:89:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read((char*) result.data(), length * sizeof(T));
data/r-cran-ranger-0.12.1/src/utility.h:96:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read((char*) &length, sizeof(length));
data/r-cran-ranger-0.12.1/src/utility.h:101:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read((char*) &temp, sizeof(temp));
data/r-cran-ranger-0.12.1/src/utility.h:133:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read((char*) &length, sizeof(length));
ANALYSIS SUMMARY:
Hits = 34
Lines analyzed = 10608 in approximately 0.25 seconds (41962 lines/second)
Physical Source Lines of Code (SLOC) = 7216
Hits@level = [0] 0 [1] 19 [2] 15 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 34 [1+] 34 [2+] 15 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 4.71175 [1+] 4.71175 [2+] 2.07871 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.