stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/schroedinger-maeparser-1.2.4/Buffer.cpp
Examining data/schroedinger-maeparser-1.2.4/Buffer.hpp
Examining data/schroedinger-maeparser-1.2.4/MaeBlock.cpp
Parsing failed to find end of parameter list; semicolon terminated it in (
        lmap.begin(), lmap.end(), rmap.begin(),
        [](decltype(*begin(lmap)) l, decltype(*begin(lmap)) r) {
            return l.first == r.first && *(l.second) == *(r.second);
        });
    
Examining data/schroedinger-maeparser-1.2.4/MaeBlock.hpp
Examining data/schroedinger-maeparser-1.2.4/MaeConstants.hpp
Examining data/schroedinger-maeparser-1.2.4/MaeParser.cpp
Parsing failed to find end of parameter list; semicolon terminated it in (m_msg, MAEPARSER_EXCEPTION_BUFFER_SIZE,
              "Line %Iu, column %Iu: %s\n",
#else
    snprintf(m_msg, MAEPARSER_EXCEPTION_BUFFER_SIZE,
             "Line %zu, column %zu: %s\n",
#endif
      
Examining data/schroedinger-maeparser-1.2.4/MaeParser.hpp
Examining data/schroedinger-maeparser-1.2.4/MaeParserConfig.hpp
Examining data/schroedinger-maeparser-1.2.4/Reader.cpp
Examining data/schroedinger-maeparser-1.2.4/Reader.hpp
Examining data/schroedinger-maeparser-1.2.4/Writer.cpp
Examining data/schroedinger-maeparser-1.2.4/Writer.hpp
Examining data/schroedinger-maeparser-1.2.4/test/BufferTest.cpp
Examining data/schroedinger-maeparser-1.2.4/test/MaeBlockTest.cpp
Examining data/schroedinger-maeparser-1.2.4/test/MaeParserTest.cpp
Examining data/schroedinger-maeparser-1.2.4/test/MainTestSuite.cpp
Examining data/schroedinger-maeparser-1.2.4/test/ReaderTest.cpp
Examining data/schroedinger-maeparser-1.2.4/test/TestCommon.hpp
Examining data/schroedinger-maeparser-1.2.4/test/UsageDemo.cpp
Examining data/schroedinger-maeparser-1.2.4/test/WriterTest.cpp

FINAL RESULTS:

data/schroedinger-maeparser-1.2.4/MaeParser.hpp:83:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char m_msg[MAEPARSER_EXCEPTION_BUFFER_SIZE];
data/schroedinger-maeparser-1.2.4/test/ReaderTest.cpp:239:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen(uncompressed_sample.c_str(), "r");
data/schroedinger-maeparser-1.2.4/test/ReaderTest.cpp:270:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen(uncompressed_sample.c_str(), "r");
data/schroedinger-maeparser-1.2.4/test/ReaderTest.cpp:285:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen(uncompressed_sample.c_str(), "r");
data/schroedinger-maeparser-1.2.4/test/ReaderTest.cpp:303:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen(uncompressed_sample.c_str(), "r");
data/schroedinger-maeparser-1.2.4/Buffer.cpp:178:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    m_stream.read(ptr, size);
data/schroedinger-maeparser-1.2.4/MaeBlock.cpp:100:22:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    auto diff = std::mismatch(

ANALYSIS SUMMARY:

Hits = 7
Lines analyzed = 5202 in approximately 0.13 seconds (39824 lines/second)
Physical Source Lines of Code (SLOC) = 3887
Hits@level = [0]   3 [1]   2 [2]   5 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  10 [1+]   7 [2+]   5 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 2.57268 [1+] 1.80087 [2+] 1.28634 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.