Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/scram-0.16.2/gui/align.h
Examining data/scram-0.16.2/gui/command.h
Examining data/scram-0.16.2/gui/diagram.cpp
Examining data/scram-0.16.2/gui/diagram.h
Examining data/scram-0.16.2/gui/elementcontainermodel.cpp
Examining data/scram-0.16.2/gui/elementcontainermodel.h
Examining data/scram-0.16.2/gui/eventdialog.cpp
Examining data/scram-0.16.2/gui/eventdialog.h
Examining data/scram-0.16.2/gui/guiassert.h
Examining data/scram-0.16.2/gui/importancetablemodel.cpp
Examining data/scram-0.16.2/gui/importancetablemodel.h
Examining data/scram-0.16.2/gui/language.cpp
Examining data/scram-0.16.2/gui/language.h
Examining data/scram-0.16.2/gui/main.cpp
Examining data/scram-0.16.2/gui/mainwindow.cpp
Examining data/scram-0.16.2/gui/mainwindow.h
Examining data/scram-0.16.2/gui/model.cpp
Examining data/scram-0.16.2/gui/model.h
Examining data/scram-0.16.2/gui/modeltree.cpp
Examining data/scram-0.16.2/gui/modeltree.h
Examining data/scram-0.16.2/gui/overload.h
Examining data/scram-0.16.2/gui/preferencesdialog.cpp
Examining data/scram-0.16.2/gui/preferencesdialog.h
Examining data/scram-0.16.2/gui/printable.cpp
Examining data/scram-0.16.2/gui/printable.h
Examining data/scram-0.16.2/gui/producttablemodel.cpp
Examining data/scram-0.16.2/gui/producttablemodel.h
Examining data/scram-0.16.2/gui/reporttree.cpp
Examining data/scram-0.16.2/gui/reporttree.h
Examining data/scram-0.16.2/gui/settingsdialog.cpp
Examining data/scram-0.16.2/gui/settingsdialog.h
Examining data/scram-0.16.2/gui/tests/data.h
Examining data/scram-0.16.2/gui/tests/help.h
Examining data/scram-0.16.2/gui/tests/testlanguage.cpp
Examining data/scram-0.16.2/gui/tests/testmodel.cpp
Examining data/scram-0.16.2/gui/tests/testvalidator.cpp
Examining data/scram-0.16.2/gui/validator.cpp
Examining data/scram-0.16.2/gui/validator.h
Examining data/scram-0.16.2/gui/zoomableview.cpp
Examining data/scram-0.16.2/gui/zoomableview.h
Examining data/scram-0.16.2/src/alignment.cc
Examining data/scram-0.16.2/src/alignment.h
Examining data/scram-0.16.2/src/analysis.cc
Examining data/scram-0.16.2/src/analysis.h
Examining data/scram-0.16.2/src/bdd.cc
Examining data/scram-0.16.2/src/bdd.h
Examining data/scram-0.16.2/src/ccf_group.cc
Examining data/scram-0.16.2/src/ccf_group.h
Examining data/scram-0.16.2/src/config.cc
Examining data/scram-0.16.2/src/config.h
Examining data/scram-0.16.2/src/cycle.h
Examining data/scram-0.16.2/src/element.cc
Examining data/scram-0.16.2/src/element.h
Examining data/scram-0.16.2/src/env.cc
Examining data/scram-0.16.2/src/env.h
Examining data/scram-0.16.2/src/error.h
Examining data/scram-0.16.2/src/event.cc
Examining data/scram-0.16.2/src/event.h
Examining data/scram-0.16.2/src/event_tree.cc
Examining data/scram-0.16.2/src/event_tree.h
Examining data/scram-0.16.2/src/event_tree_analysis.cc
Examining data/scram-0.16.2/src/event_tree_analysis.h
Examining data/scram-0.16.2/src/expression.cc
Examining data/scram-0.16.2/src/expression.h
Examining data/scram-0.16.2/src/expression/boolean.h
Examining data/scram-0.16.2/src/expression/conditional.cc
Examining data/scram-0.16.2/src/expression/conditional.h
Examining data/scram-0.16.2/src/expression/constant.cc
Examining data/scram-0.16.2/src/expression/constant.h
Examining data/scram-0.16.2/src/expression/exponential.cc
Examining data/scram-0.16.2/src/expression/exponential.h
Examining data/scram-0.16.2/src/expression/extern.cc
Examining data/scram-0.16.2/src/expression/extern.h
Examining data/scram-0.16.2/src/expression/numerical.cc
Examining data/scram-0.16.2/src/expression/numerical.h
Examining data/scram-0.16.2/src/expression/random_deviate.cc
Examining data/scram-0.16.2/src/expression/random_deviate.h
Examining data/scram-0.16.2/src/expression/test_event.cc
Examining data/scram-0.16.2/src/expression/test_event.h
Examining data/scram-0.16.2/src/ext/algorithm.h
Examining data/scram-0.16.2/src/ext/bits.h
Examining data/scram-0.16.2/src/ext/combination_iterator.h
Examining data/scram-0.16.2/src/ext/find_iterator.h
Examining data/scram-0.16.2/src/ext/float_compare.h
Examining data/scram-0.16.2/src/ext/index_map.h
Examining data/scram-0.16.2/src/ext/linear_map.h
Examining data/scram-0.16.2/src/ext/multi_index.h
Examining data/scram-0.16.2/src/ext/scope_guard.h
Examining data/scram-0.16.2/src/ext/source_info.h
Examining data/scram-0.16.2/src/ext/variant.h
Examining data/scram-0.16.2/src/fault_tree.cc
Examining data/scram-0.16.2/src/fault_tree.h
Examining data/scram-0.16.2/src/fault_tree_analysis.cc
Examining data/scram-0.16.2/src/fault_tree_analysis.h
Examining data/scram-0.16.2/src/importance_analysis.cc
Examining data/scram-0.16.2/src/importance_analysis.h
Examining data/scram-0.16.2/src/initializer.cc
Examining data/scram-0.16.2/src/initializer.h
Examining data/scram-0.16.2/src/instruction.h
Examining data/scram-0.16.2/src/logger.cc
Examining data/scram-0.16.2/src/logger.h
Examining data/scram-0.16.2/src/mocus.cc
Examining data/scram-0.16.2/src/mocus.h
Examining data/scram-0.16.2/src/model.cc
Examining data/scram-0.16.2/src/model.h
Examining data/scram-0.16.2/src/parameter.cc
Examining data/scram-0.16.2/src/parameter.h
Examining data/scram-0.16.2/src/pdag.cc
Examining data/scram-0.16.2/src/pdag.h
Examining data/scram-0.16.2/src/preprocessor.cc
Examining data/scram-0.16.2/src/preprocessor.h
Examining data/scram-0.16.2/src/probability_analysis.cc
Examining data/scram-0.16.2/src/probability_analysis.h
Examining data/scram-0.16.2/src/reporter.cc
Examining data/scram-0.16.2/src/reporter.h
Examining data/scram-0.16.2/src/risk_analysis.cc
Examining data/scram-0.16.2/src/risk_analysis.h
Examining data/scram-0.16.2/src/scram.cc
Examining data/scram-0.16.2/src/serialization.cc
Examining data/scram-0.16.2/src/serialization.h
Examining data/scram-0.16.2/src/settings.cc
Examining data/scram-0.16.2/src/settings.h
Examining data/scram-0.16.2/src/substitution.cc
Examining data/scram-0.16.2/src/substitution.h
Examining data/scram-0.16.2/src/uncertainty_analysis.cc
Examining data/scram-0.16.2/src/uncertainty_analysis.h
Examining data/scram-0.16.2/src/version.h
Examining data/scram-0.16.2/src/xml.cc
Examining data/scram-0.16.2/src/xml.h
Examining data/scram-0.16.2/src/xml_stream.h
Examining data/scram-0.16.2/src/zbdd.cc
Examining data/scram-0.16.2/src/zbdd.h
Examining data/scram-0.16.2/tests/alignment_tests.cc
Examining data/scram-0.16.2/tests/bench_200_event_tests.cc
Examining data/scram-0.16.2/tests/bench_CEA9601_tests.cc
Examining data/scram-0.16.2/tests/bench_attack.cc
Examining data/scram-0.16.2/tests/bench_baobab1_tests.cc
Examining data/scram-0.16.2/tests/bench_baobab2_tests.cc
Examining data/scram-0.16.2/tests/bench_bscu_tests.cc
Examining data/scram-0.16.2/tests/bench_chinese_tree_tests.cc
Examining data/scram-0.16.2/tests/bench_core_tests.cc
Examining data/scram-0.16.2/tests/bench_gas_leak.cc
Examining data/scram-0.16.2/tests/bench_hipps_tests.cc
Examining data/scram-0.16.2/tests/bench_lift_tests.cc
Examining data/scram-0.16.2/tests/bench_ne574_tests.cc
Examining data/scram-0.16.2/tests/bench_small_tree_tests.cc
Examining data/scram-0.16.2/tests/bench_theatre_tests.cc
Examining data/scram-0.16.2/tests/bench_three_motor_tests.cc
Examining data/scram-0.16.2/tests/bench_two_train_tests.cc
Examining data/scram-0.16.2/tests/ccf_group_tests.cc
Examining data/scram-0.16.2/tests/config_tests.cc
Examining data/scram-0.16.2/tests/element_tests.cc
Examining data/scram-0.16.2/tests/event_tests.cc
Examining data/scram-0.16.2/tests/expression_tests.cc
Examining data/scram-0.16.2/tests/extern_function_tests.cc
Examining data/scram-0.16.2/tests/fault_tree_tests.cc
Examining data/scram-0.16.2/tests/initializer_tests.cc
Examining data/scram-0.16.2/tests/linear_map_tests.cc
Examining data/scram-0.16.2/tests/pdag_tests.cc
Examining data/scram-0.16.2/tests/performance_tests.cc
Examining data/scram-0.16.2/tests/performance_tests.h
Examining data/scram-0.16.2/tests/risk_analysis_tests.cc
Examining data/scram-0.16.2/tests/risk_analysis_tests.h
Examining data/scram-0.16.2/tests/scram_dummy_extern.cc
Examining data/scram-0.16.2/tests/serialization_tests.cc
Examining data/scram-0.16.2/tests/settings_tests.cc
Examining data/scram-0.16.2/tests/utility.h
Examining data/scram-0.16.2/tests/xml_stream_tests.cc
FINAL RESULTS:
data/scram-0.16.2/gui/main.cpp:143:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
language = QLocale::system().name();
data/scram-0.16.2/src/expression/extern.cc:30:66: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const fs::path& reference_dir, bool system,
data/scram-0.16.2/src/expression/extern.cc:49:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system)
data/scram-0.16.2/src/expression/extern.cc:53:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!system || ref_path.has_parent_path())
data/scram-0.16.2/src/expression/extern.cc:58:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (const boost::system::system_error& err) {
data/scram-0.16.2/src/expression/extern.h:55:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const boost::filesystem::path& reference_dir, bool system,
data/scram-0.16.2/src/expression/extern.h:70:27: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} catch (const boost::system::system_error& err) {
data/scram-0.16.2/src/scram.cc:313:20: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int nchar = std::vsnprintf(nullptr, 0, msg, args_for_nchar);
data/scram-0.16.2/src/scram.cc:321:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
std::vsnprintf(buffer.data(), buffer.size(), msg, args);
data/scram-0.16.2/src/expression/random_deviate.cc:169:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return boost::random::beta_distribution(alpha_.value(),
data/scram-0.16.2/src/reporter.cc:107:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
std::fopen(file.c_str(), "w"), &std::fclose);
data/scram-0.16.2/src/reporter.cc:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iso_extended[20] = {};
data/scram-0.16.2/src/serialization.cc:40:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
std::fopen(file.c_str(), "w"), &std::fclose);
data/scram-0.16.2/src/xml_stream.h:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spaces[kMaxIndent + 1]; ///< The indentation and terminator.
data/scram-0.16.2/src/xml_stream.h:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[20];
data/scram-0.16.2/gui/language.cpp:61:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename.erase(filename.size() - std::strlen(suffix));
data/scram-0.16.2/gui/language.cpp:62:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename.erase(0, std::strlen(prefix));
data/scram-0.16.2/src/ext/combination_iterator.h:69:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const combination_iterator& other) const {
data/scram-0.16.2/src/xml.h:204:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const iterator& other) const {
data/scram-0.16.2/src/zbdd.h:293:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const const_iterator& other) const {
ANALYSIS SUMMARY:
Hits = 20
Lines analyzed = 38831 in approximately 1.04 seconds (37499 lines/second)
Physical Source Lines of Code (SLOC) = 24066
Hits@level = [0] 1 [1] 5 [2] 5 [3] 1 [4] 9 [5] 0
Hits@level+ = [0+] 21 [1+] 20 [2+] 15 [3+] 10 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 0.8726 [1+] 0.831048 [2+] 0.623286 [3+] 0.415524 [4+] 0.373972 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.