Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sagemath-9.2/sage/build/pkgs/iml/patches/gsl_cblas.h
Examining data/sagemath-9.2/sage/src/mac-app/AppController.h
Examining data/sagemath-9.2/sage/src/mac-app/AppDelegate.h
Examining data/sagemath-9.2/sage/src/mac-app/InputPanelController.h
Examining data/sagemath-9.2/sage/src/mac-app/MyDocument.h
Examining data/sagemath-9.2/sage/src/mac-app/PreferencePanelController.h
Examining data/sagemath-9.2/sage/src/sage/combinat/matrices/dancing_links_c.h
Examining data/sagemath-9.2/sage/src/sage/cpython/cython_metaclass.h
Examining data/sagemath-9.2/sage/src/sage/cpython/debugimpl.c
Examining data/sagemath-9.2/sage/src/sage/cpython/python_debug.h
Examining data/sagemath-9.2/sage/src/sage/cpython/pyx_visit.h
Examining data/sagemath-9.2/sage/src/sage/cpython/string_impl.h
Examining data/sagemath-9.2/sage/src/sage/data_structures/bitset_intrinsics.h
Examining data/sagemath-9.2/sage/src/sage/ext/ccobject.h
Examining data/sagemath-9.2/sage/src/sage/ext/mod_int.h
Examining data/sagemath-9.2/sage/src/sage/geometry/polyhedron/combinatorial_polyhedron/bit_vector_operations.cc
Examining data/sagemath-9.2/sage/src/sage/geometry/triangulation/data.cc
Examining data/sagemath-9.2/sage/src/sage/geometry/triangulation/data.h
Examining data/sagemath-9.2/sage/src/sage/geometry/triangulation/functions.cc
Examining data/sagemath-9.2/sage/src/sage/geometry/triangulation/functions.h
Examining data/sagemath-9.2/sage/src/sage/geometry/triangulation/triangulations.cc
Examining data/sagemath-9.2/sage/src/sage/geometry/triangulation/triangulations.h
Examining data/sagemath-9.2/sage/src/sage/graphs/base/boost_interface.cpp
Examining data/sagemath-9.2/sage/src/sage/graphs/cliquer/cl.c
Examining data/sagemath-9.2/sage/src/sage/graphs/graph_decompositions/tdlib/sage_tdlib.cpp
Examining data/sagemath-9.2/sage/src/sage/groups/perm_gps/partn_ref2/refinement_generic.h
Examining data/sagemath-9.2/sage/src/sage/libs/arb/arb_wrap.h
Examining data/sagemath-9.2/sage/src/sage/libs/eclib/wrap.cpp
Examining data/sagemath-9.2/sage/src/sage/libs/eclsig.h
Examining data/sagemath-9.2/sage/src/sage/libs/flint/flint_ntl_wrap.h
Examining data/sagemath-9.2/sage/src/sage/libs/flint/flint_wrap.h
Examining data/sagemath-9.2/sage/src/sage/libs/giac/misc.h
Examining data/sagemath-9.2/sage/src/sage/libs/lcalc/lcalc_sage.h
Examining data/sagemath-9.2/sage/src/sage/libs/ntl/ntlwrap.h
Examining data/sagemath-9.2/sage/src/sage/libs/ntl/ntlwrap_impl.h
Examining data/sagemath-9.2/sage/src/sage/libs/polybori/pb_wrap.h
Examining data/sagemath-9.2/sage/src/sage/libs/pynac/pynac_wrap.h
Examining data/sagemath-9.2/sage/src/sage/matroids/minorfix.h
Examining data/sagemath-9.2/sage/src/sage/misc/inherit_comparison_impl.c
Examining data/sagemath-9.2/sage/src/sage/modular/arithgroup/farey.cpp
Examining data/sagemath-9.2/sage/src/sage/modular/arithgroup/farey.hpp
Examining data/sagemath-9.2/sage/src/sage/modular/arithgroup/sl2z.cpp
Examining data/sagemath-9.2/sage/src/sage/modular/arithgroup/sl2z.hpp
Examining data/sagemath-9.2/sage/src/sage/rings/bernmm/bern_modp.cpp
Examining data/sagemath-9.2/sage/src/sage/rings/bernmm/bern_modp.h
Examining data/sagemath-9.2/sage/src/sage/rings/bernmm/bern_modp_util.cpp
Examining data/sagemath-9.2/sage/src/sage/rings/bernmm/bern_modp_util.h
Examining data/sagemath-9.2/sage/src/sage/rings/bernmm/bern_rat.cpp
Examining data/sagemath-9.2/sage/src/sage/rings/bernmm/bern_rat.h
Examining data/sagemath-9.2/sage/src/sage/rings/bernmm/bernmm-test.cpp
Examining data/sagemath-9.2/sage/src/sage/rings/finite_rings/integer_mod_limits.h
Examining data/sagemath-9.2/sage/src/sage/rings/integer_fake.h
Examining data/sagemath-9.2/sage/src/sage/rings/padics/transcendantal.c
Examining data/sagemath-9.2/sage/src/sage/rings/polynomial/weil/power_sums.c
Examining data/sagemath-9.2/sage/src/sage/rings/polynomial/weil/power_sums.h
Examining data/sagemath-9.2/sage/src/sage/schemes/hyperelliptic_curves/hypellfrob/hypellfrob.cpp
Examining data/sagemath-9.2/sage/src/sage/schemes/hyperelliptic_curves/hypellfrob/hypellfrob.h
Examining data/sagemath-9.2/sage/src/sage/schemes/hyperelliptic_curves/hypellfrob/recurrences_ntl.cpp
Examining data/sagemath-9.2/sage/src/sage/schemes/hyperelliptic_curves/hypellfrob/recurrences_ntl.h
Examining data/sagemath-9.2/sage/src/sage/schemes/hyperelliptic_curves/hypellfrob/recurrences_zn_poly.cpp
Examining data/sagemath-9.2/sage/src/sage/schemes/hyperelliptic_curves/hypellfrob/recurrences_zn_poly.h
Examining data/sagemath-9.2/sage/src/sage/stats/distributions/dgs.h
Examining data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_bern.c
Examining data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_bern.h
Examining data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_gauss.h
Examining data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_gauss_dp.c
Examining data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_gauss_mp.c
Examining data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_misc.h
FINAL RESULTS:
data/sagemath-9.2/sage/src/sage/cpython/debugimpl.c:74:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(#val "\n"); \
data/sagemath-9.2/sage/src/sage/libs/eclib/wrap.cpp:29:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, instore.str().data());
data/sagemath-9.2/sage/src/sage/libs/ntl/ntlwrap_impl.h:138:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, instore.str().data());
data/sagemath-9.2/sage/src/sage/libs/ntl/ntlwrap_impl.h:342:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, instore.str().data());
data/sagemath-9.2/sage/src/sage/libs/ntl/ntlwrap_impl.h:423:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, instore.str().data());
data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_misc.h:89:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, lst);
data/sagemath-9.2/sage/src/sage/rings/bernmm/bernmm-test.cpp:263:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
long k = ((random() % 20000) / 2) * 2;
data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_bern.c:191:14: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
double c = drand48();
data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_gauss_dp.c:161:9: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
y = drand48();
data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_gauss_dp.c:172:9: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
y = drand48();
data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_gauss_dp.c:185:9: [3] (random) drand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
y = drand48();
data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_misc.h:70:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random() & n;
data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_misc.h:72:41: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
unsigned long pool = (((unsigned long)random()) << 0) ^ (((unsigned long)random()) << 22) ^ (((unsigned long)random()) << 44);
data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_misc.h:72:76: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
unsigned long pool = (((unsigned long)random()) << 0) ^ (((unsigned long)random()) << 22) ^ (((unsigned long)random()) << 44);
data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_misc.h:72:112: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
unsigned long pool = (((unsigned long)random()) << 0) ^ (((unsigned long)random()) << 22) ^ (((unsigned long)random()) << 44);
data/sagemath-9.2/sage/src/sage/stats/distributions/dgs_misc.h:81:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/sagemath-9.2/sage/src/sage/libs/ntl/ntlwrap_impl.h:37:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stack_bytes[4096];
data/sagemath-9.2/sage/src/sage/rings/bernmm/bernmm-test.cpp:326:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long k = atol(argv[2]);
data/sagemath-9.2/sage/src/sage/rings/bernmm/bernmm-test.cpp:327:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long threads = atol(argv[3]);
data/sagemath-9.2/sage/src/sage/rings/bernmm/bernmm-test.cpp:341:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long p = atol(argv[2]);
data/sagemath-9.2/sage/src/sage/rings/bernmm/bernmm-test.cpp:342:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long k = atol(argv[3]);
data/sagemath-9.2/sage/src/sage/cpython/string_impl.h:31:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return PyUnicode_Decode(c, strlen(c), enc, err);
data/sagemath-9.2/sage/src/sage/libs/eclib/wrap.cpp:27:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(instore.str().data());
data/sagemath-9.2/sage/src/sage/libs/ntl/ntlwrap_impl.h:136:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(instore.str().data());
data/sagemath-9.2/sage/src/sage/libs/ntl/ntlwrap_impl.h:340:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(instore.str().data());
data/sagemath-9.2/sage/src/sage/libs/ntl/ntlwrap_impl.h:421:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(instore.str().data());
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 15083 in approximately 1.83 seconds (8234 lines/second)
Physical Source Lines of Code (SLOC) = 9597
Hits@level = [0] 30 [1] 5 [2] 5 [3] 10 [4] 6 [5] 0
Hits@level+ = [0+] 56 [1+] 26 [2+] 21 [3+] 16 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 5.83516 [1+] 2.70918 [2+] 2.18818 [3+] 1.66719 [4+] 0.625195 [5+] 0
Symlinks skipped = 4 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 4 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.