Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/scram-0.16.2/gui/align.h Examining data/scram-0.16.2/gui/command.h Examining data/scram-0.16.2/gui/diagram.cpp Examining data/scram-0.16.2/gui/diagram.h Examining data/scram-0.16.2/gui/elementcontainermodel.cpp Examining data/scram-0.16.2/gui/elementcontainermodel.h Examining data/scram-0.16.2/gui/eventdialog.cpp Examining data/scram-0.16.2/gui/eventdialog.h Examining data/scram-0.16.2/gui/guiassert.h Examining data/scram-0.16.2/gui/importancetablemodel.cpp Examining data/scram-0.16.2/gui/importancetablemodel.h Examining data/scram-0.16.2/gui/language.cpp Examining data/scram-0.16.2/gui/language.h Examining data/scram-0.16.2/gui/main.cpp Examining data/scram-0.16.2/gui/mainwindow.cpp Examining data/scram-0.16.2/gui/mainwindow.h Examining data/scram-0.16.2/gui/model.cpp Examining data/scram-0.16.2/gui/model.h Examining data/scram-0.16.2/gui/modeltree.cpp Examining data/scram-0.16.2/gui/modeltree.h Examining data/scram-0.16.2/gui/overload.h Examining data/scram-0.16.2/gui/preferencesdialog.cpp Examining data/scram-0.16.2/gui/preferencesdialog.h Examining data/scram-0.16.2/gui/printable.cpp Examining data/scram-0.16.2/gui/printable.h Examining data/scram-0.16.2/gui/producttablemodel.cpp Examining data/scram-0.16.2/gui/producttablemodel.h Examining data/scram-0.16.2/gui/reporttree.cpp Examining data/scram-0.16.2/gui/reporttree.h Examining data/scram-0.16.2/gui/settingsdialog.cpp Examining data/scram-0.16.2/gui/settingsdialog.h Examining data/scram-0.16.2/gui/tests/data.h Examining data/scram-0.16.2/gui/tests/help.h Examining data/scram-0.16.2/gui/tests/testlanguage.cpp Examining data/scram-0.16.2/gui/tests/testmodel.cpp Examining data/scram-0.16.2/gui/tests/testvalidator.cpp Examining data/scram-0.16.2/gui/validator.cpp Examining data/scram-0.16.2/gui/validator.h Examining data/scram-0.16.2/gui/zoomableview.cpp Examining data/scram-0.16.2/gui/zoomableview.h Examining data/scram-0.16.2/src/alignment.cc Examining data/scram-0.16.2/src/alignment.h Examining data/scram-0.16.2/src/analysis.cc Examining data/scram-0.16.2/src/analysis.h Examining data/scram-0.16.2/src/bdd.cc Examining data/scram-0.16.2/src/bdd.h Examining data/scram-0.16.2/src/ccf_group.cc Examining data/scram-0.16.2/src/ccf_group.h Examining data/scram-0.16.2/src/config.cc Examining data/scram-0.16.2/src/config.h Examining data/scram-0.16.2/src/cycle.h Examining data/scram-0.16.2/src/element.cc Examining data/scram-0.16.2/src/element.h Examining data/scram-0.16.2/src/env.cc Examining data/scram-0.16.2/src/env.h Examining data/scram-0.16.2/src/error.h Examining data/scram-0.16.2/src/event.cc Examining data/scram-0.16.2/src/event.h Examining data/scram-0.16.2/src/event_tree.cc Examining data/scram-0.16.2/src/event_tree.h Examining data/scram-0.16.2/src/event_tree_analysis.cc Examining data/scram-0.16.2/src/event_tree_analysis.h Examining data/scram-0.16.2/src/expression.cc Examining data/scram-0.16.2/src/expression.h Examining data/scram-0.16.2/src/expression/boolean.h Examining data/scram-0.16.2/src/expression/conditional.cc Examining data/scram-0.16.2/src/expression/conditional.h Examining data/scram-0.16.2/src/expression/constant.cc Examining data/scram-0.16.2/src/expression/constant.h Examining data/scram-0.16.2/src/expression/exponential.cc Examining data/scram-0.16.2/src/expression/exponential.h Examining data/scram-0.16.2/src/expression/extern.cc Examining data/scram-0.16.2/src/expression/extern.h Examining data/scram-0.16.2/src/expression/numerical.cc Examining data/scram-0.16.2/src/expression/numerical.h Examining data/scram-0.16.2/src/expression/random_deviate.cc Examining data/scram-0.16.2/src/expression/random_deviate.h Examining data/scram-0.16.2/src/expression/test_event.cc Examining data/scram-0.16.2/src/expression/test_event.h Examining data/scram-0.16.2/src/ext/algorithm.h Examining data/scram-0.16.2/src/ext/bits.h Examining data/scram-0.16.2/src/ext/combination_iterator.h Examining data/scram-0.16.2/src/ext/find_iterator.h Examining data/scram-0.16.2/src/ext/float_compare.h Examining data/scram-0.16.2/src/ext/index_map.h Examining data/scram-0.16.2/src/ext/linear_map.h Examining data/scram-0.16.2/src/ext/multi_index.h Examining data/scram-0.16.2/src/ext/scope_guard.h Examining data/scram-0.16.2/src/ext/source_info.h Examining data/scram-0.16.2/src/ext/variant.h Examining data/scram-0.16.2/src/fault_tree.cc Examining data/scram-0.16.2/src/fault_tree.h Examining data/scram-0.16.2/src/fault_tree_analysis.cc Examining data/scram-0.16.2/src/fault_tree_analysis.h Examining data/scram-0.16.2/src/importance_analysis.cc Examining data/scram-0.16.2/src/importance_analysis.h Examining data/scram-0.16.2/src/initializer.cc Examining data/scram-0.16.2/src/initializer.h Examining data/scram-0.16.2/src/instruction.h Examining data/scram-0.16.2/src/logger.cc Examining data/scram-0.16.2/src/logger.h Examining data/scram-0.16.2/src/mocus.cc Examining data/scram-0.16.2/src/mocus.h Examining data/scram-0.16.2/src/model.cc Examining data/scram-0.16.2/src/model.h Examining data/scram-0.16.2/src/parameter.cc Examining data/scram-0.16.2/src/parameter.h Examining data/scram-0.16.2/src/pdag.cc Examining data/scram-0.16.2/src/pdag.h Examining data/scram-0.16.2/src/preprocessor.cc Examining data/scram-0.16.2/src/preprocessor.h Examining data/scram-0.16.2/src/probability_analysis.cc Examining data/scram-0.16.2/src/probability_analysis.h Examining data/scram-0.16.2/src/reporter.cc Examining data/scram-0.16.2/src/reporter.h Examining data/scram-0.16.2/src/risk_analysis.cc Examining data/scram-0.16.2/src/risk_analysis.h Examining data/scram-0.16.2/src/scram.cc Examining data/scram-0.16.2/src/serialization.cc Examining data/scram-0.16.2/src/serialization.h Examining data/scram-0.16.2/src/settings.cc Examining data/scram-0.16.2/src/settings.h Examining data/scram-0.16.2/src/substitution.cc Examining data/scram-0.16.2/src/substitution.h Examining data/scram-0.16.2/src/uncertainty_analysis.cc Examining data/scram-0.16.2/src/uncertainty_analysis.h Examining data/scram-0.16.2/src/version.h Examining data/scram-0.16.2/src/xml.cc Examining data/scram-0.16.2/src/xml.h Examining data/scram-0.16.2/src/xml_stream.h Examining data/scram-0.16.2/src/zbdd.cc Examining data/scram-0.16.2/src/zbdd.h Examining data/scram-0.16.2/tests/alignment_tests.cc Examining data/scram-0.16.2/tests/bench_200_event_tests.cc Examining data/scram-0.16.2/tests/bench_CEA9601_tests.cc Examining data/scram-0.16.2/tests/bench_attack.cc Examining data/scram-0.16.2/tests/bench_baobab1_tests.cc Examining data/scram-0.16.2/tests/bench_baobab2_tests.cc Examining data/scram-0.16.2/tests/bench_bscu_tests.cc Examining data/scram-0.16.2/tests/bench_chinese_tree_tests.cc Examining data/scram-0.16.2/tests/bench_core_tests.cc Examining data/scram-0.16.2/tests/bench_gas_leak.cc Examining data/scram-0.16.2/tests/bench_hipps_tests.cc Examining data/scram-0.16.2/tests/bench_lift_tests.cc Examining data/scram-0.16.2/tests/bench_ne574_tests.cc Examining data/scram-0.16.2/tests/bench_small_tree_tests.cc Examining data/scram-0.16.2/tests/bench_theatre_tests.cc Examining data/scram-0.16.2/tests/bench_three_motor_tests.cc Examining data/scram-0.16.2/tests/bench_two_train_tests.cc Examining data/scram-0.16.2/tests/ccf_group_tests.cc Examining data/scram-0.16.2/tests/config_tests.cc Examining data/scram-0.16.2/tests/element_tests.cc Examining data/scram-0.16.2/tests/event_tests.cc Examining data/scram-0.16.2/tests/expression_tests.cc Examining data/scram-0.16.2/tests/extern_function_tests.cc Examining data/scram-0.16.2/tests/fault_tree_tests.cc Examining data/scram-0.16.2/tests/initializer_tests.cc Examining data/scram-0.16.2/tests/linear_map_tests.cc Examining data/scram-0.16.2/tests/pdag_tests.cc Examining data/scram-0.16.2/tests/performance_tests.cc Examining data/scram-0.16.2/tests/performance_tests.h Examining data/scram-0.16.2/tests/risk_analysis_tests.cc Examining data/scram-0.16.2/tests/risk_analysis_tests.h Examining data/scram-0.16.2/tests/scram_dummy_extern.cc Examining data/scram-0.16.2/tests/serialization_tests.cc Examining data/scram-0.16.2/tests/settings_tests.cc Examining data/scram-0.16.2/tests/utility.h Examining data/scram-0.16.2/tests/xml_stream_tests.cc FINAL RESULTS: data/scram-0.16.2/gui/main.cpp:143:29: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. language = QLocale::system().name(); data/scram-0.16.2/src/expression/extern.cc:30:66: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const fs::path& reference_dir, bool system, data/scram-0.16.2/src/expression/extern.cc:49:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system) data/scram-0.16.2/src/expression/extern.cc:53:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!system || ref_path.has_parent_path()) data/scram-0.16.2/src/expression/extern.cc:58:25: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. } catch (const boost::system::system_error& err) { data/scram-0.16.2/src/expression/extern.h:55:68: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const boost::filesystem::path& reference_dir, bool system, data/scram-0.16.2/src/expression/extern.h:70:27: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. } catch (const boost::system::system_error& err) { data/scram-0.16.2/src/scram.cc:313:20: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int nchar = std::vsnprintf(nullptr, 0, msg, args_for_nchar); data/scram-0.16.2/src/scram.cc:321:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. std::vsnprintf(buffer.data(), buffer.size(), msg, args); data/scram-0.16.2/src/expression/random_deviate.cc:169:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return boost::random::beta_distribution(alpha_.value(), data/scram-0.16.2/src/reporter.cc:107:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). std::fopen(file.c_str(), "w"), &std::fclose); data/scram-0.16.2/src/reporter.cc:277:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iso_extended[20] = {}; data/scram-0.16.2/src/serialization.cc:40:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). std::fopen(file.c_str(), "w"), &std::fclose); data/scram-0.16.2/src/xml_stream.h:99:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaces[kMaxIndent + 1]; ///< The indentation and terminator. data/scram-0.16.2/src/xml_stream.h:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/scram-0.16.2/gui/language.cpp:61:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename.erase(filename.size() - std::strlen(suffix)); data/scram-0.16.2/gui/language.cpp:62:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename.erase(0, std::strlen(prefix)); data/scram-0.16.2/src/ext/combination_iterator.h:69:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal(const combination_iterator& other) const { data/scram-0.16.2/src/xml.h:204:12: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal(const iterator& other) const { data/scram-0.16.2/src/zbdd.h:293:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal(const const_iterator& other) const { ANALYSIS SUMMARY: Hits = 20 Lines analyzed = 38831 in approximately 1.04 seconds (37499 lines/second) Physical Source Lines of Code (SLOC) = 24066 Hits@level = [0] 1 [1] 5 [2] 5 [3] 1 [4] 9 [5] 0 Hits@level+ = [0+] 21 [1+] 20 [2+] 15 [3+] 10 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 0.8726 [1+] 0.831048 [2+] 0.623286 [3+] 0.415524 [4+] 0.373972 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.