Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tao-pegtl-2.8.3/include/tao/pegtl.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/analyze_cycles.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/counted.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/generic.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/grammar_info.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/insert_guard.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/rule_info.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analysis/rule_type.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/analyze.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/apply_mode.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/argv_input.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/ascii.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/buffer_input.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_action.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_action_and_state.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_action_and_states.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_control.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_state.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/change_states.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/config.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/abnf.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/alphabet.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/changes.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/counter.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/http.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/icu/internal.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/icu/utf16.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/icu/utf32.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/icu/utf8.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/if_then.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/integer.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/json.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/json_pointer.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/parse_tree.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/parse_tree_to_dot.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/raw_string.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/remove_first_state.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/remove_last_states.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/rep_one_min_max.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/rep_string.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/shuffle_states.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/to_string.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/tracer.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/unescape.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/contrib/uri.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/cstream_input.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/disable_action.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/discard_input.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/discard_input_on_failure.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/discard_input_on_success.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/enable_action.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/eol.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/eol_pair.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/file_input.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/input_error.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/action.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/action_input.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/alnum.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/alpha.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/always_false.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/any.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/apply.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/apply0.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/apply0_single.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/apply_single.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/at.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/bof.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/bol.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/bump.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/bump_help.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/bytes.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/control.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/cr_crlf_eol.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/cr_eol.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/crlf_eol.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/cstream_reader.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/cstring_reader.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/demangle.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/demangle_cxxabi.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/demangle_nop.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/demangle_sanitise.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/disable.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/discard.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/dusel_mode.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/duseltronik.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/enable.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_win.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/eof.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/eol.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/eolf.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_posix.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_opener.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_reader.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/has_apply.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/has_apply0.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/has_match.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/identifier.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/if_apply.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/if_missing.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/if_must.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/if_must_else.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/if_then_else.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/input_pair.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/integer_sequence.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/istream_reader.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/istring.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/iterator.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/lf_crlf_eol.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/lf_eol.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/list.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/list_must.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/list_tail.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/list_tail_pad.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/marker.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/must.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/not_at.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/one.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/opt.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/pad.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/pad_opt.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_char.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_mask_uint.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_mask_uint8.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_uint.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_uint8.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf16.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf32.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf8.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/pegtl_string.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/plus.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/raise.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/range.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/ranges.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rematch.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rep.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rep_min.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rep_min_max.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rep_opt.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/require.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/result_on_found.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/rules.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/seq.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/skip_control.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/sor.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/star.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/star_must.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/state.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/string.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/trivial.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/try_catch_type.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/internal/until.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/istream_input.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/match.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/memory_input.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/mmap_input.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/normal.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/nothing.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/parse.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/parse_error.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/position.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/read_input.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/require_apply.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/require_apply0.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/rewind_mode.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/rules.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/string_input.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/tracking_mode.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/uint16.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/uint32.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/uint64.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/uint8.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/utf16.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/utf32.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/utf8.hpp Examining data/tao-pegtl-2.8.3/include/tao/pegtl/version.hpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/abnf2pegtl.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/analyze.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/calculator.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/chomsky_hierarchy.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/csv1.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/csv2.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/double.hpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/dynamic_match.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/hello_world.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/indent_aware.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_build.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_classes.hpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_count.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_errors.hpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_parse.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/json_unescape.hpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/lua53_parse.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/modulus_match.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/parse_tree.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/parse_tree_user_state.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/proto3.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/recover.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/s_expression.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/sum.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/symbol_table.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/unescape.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/uri.cpp Examining data/tao-pegtl-2.8.3/src/example/pegtl/uri_trace.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/action_enable.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/action_match.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/actions_one.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/actions_three.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/actions_two.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/analyze_cycles.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/argv_input.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_classes.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_eol.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_eolf.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_forty_two.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_identifier.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_istring.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_keyword.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_shebang.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_string.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_three.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/ascii_two.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/buffer_input.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/change_action_and_state.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/change_action_and_states.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/change_state.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/change_states.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_alphabet.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_http.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_if_then.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_integer.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_json.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_parse_tree.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_partial_trace.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_raw_string.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_rep_one_min_max.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_to_string.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_tracer.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_unescape.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/contrib_uri.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/data_cstring.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/demangle.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/discard_input.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/file_cstream.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/file_file.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/file_istream.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/file_mmap.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/file_read.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/internal_endian.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/internal_file_mapper.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/internal_file_opener.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/main.hpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/pegtl_string_t.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/position.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/result_type.hpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_action.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_apply.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_apply0.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_at.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_bof.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_bol.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_bytes.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_control.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_disable.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_enable.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_eof.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_failure.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_if_apply.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_if_must.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_if_must_else.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_if_then_else.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_list.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_list_must.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_list_tail.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_minus.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_must.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_not_at.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_opt.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_opt_must.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_pad.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_pad_opt.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_plus.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rematch.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rep.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rep_max.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rep_min.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rep_min_max.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_rep_opt.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_require.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_seq.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_sor.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_star.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_star_must.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_state.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_success.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_try_catch.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/rule_until.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/test.hpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/tester.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/uint16_general.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/uint32_general.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/uint64_general.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/uint8_general.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/utf16_general.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/utf32_general.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/utf8_general.cpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_analyze.hpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_char.hpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_fail.hpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_file.hpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_ifmt.hpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_impl.hpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_rule.hpp Examining data/tao-pegtl-2.8.3/src/test/pegtl/verify_seqs.hpp FINAL RESULTS: data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:67:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &u, &n, 4 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:69:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &n, &u, 4 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:90:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &u, &n, 8 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:92:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &n, &u, 8 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:160:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &u, &n, 4 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:162:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &n, &u, 4 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:183:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &u, &n, 8 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_gcc.hpp:185:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &n, &u, 8 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_win.hpp:65:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &u, &n, 4 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_win.hpp:67:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &n, &u, 4 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_win.hpp:88:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &u, &n, 8 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/endian_win.hpp:90:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( &n, &u, 8 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp:42:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_handle( open() ) data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp:70:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). HANDLE open() const data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp:110:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_handle( open( reader ) ) data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp:129:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). HANDLE open( const win32_file_opener& reader ) const data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_opener.hpp:27:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_fd( open() ) data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_opener.hpp:56:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open() const data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_opener.hpp:59:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). const int fd = ::open( m_source, // NOLINT data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_reader.hpp:28:35: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( auto* file = std::fopen( filename, "rb" ) ) // NOLINT data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_reader.hpp:30:35: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( auto* file = std::fopen( filename, "rbe" ) ) // NOLINT data/tao-pegtl-2.8.3/src/example/pegtl/calculator.cpp:103:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/tao-pegtl-2.8.3/src/example/pegtl/calculator.cpp:106:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open() data/tao-pegtl-2.8.3/src/example/pegtl/calculator.cpp:326:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s.open(); data/tao-pegtl-2.8.3/src/test/pegtl/argv_input.cpp:16:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[ 12 ]; // NOLINT data/tao-pegtl-2.8.3/src/test/pegtl/argv_input.cpp:17:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy( data, "foo\0bar\0baz", 12 ); data/tao-pegtl-2.8.3/src/test/pegtl/file_cstream.cpp:28:35: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). std::FILE* stream = std::fopen( filename, "rb" ); // NOLINT data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_mapper_win32.hpp:73:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::wstring ws( m_source, m_source + strlen( m_source ) ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/file_reader.hpp:87:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). std::string read() const data/tao-pegtl-2.8.3/include/tao/pegtl/internal/istream_reader.hpp:27:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_istream.read( buffer, std::streamsize( length ) ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_mask_uint.hpp:33:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const data_t data = R::read( in.current() ) & M; data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_uint.hpp:33:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const data_t data = R::read( in.current() ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf16.hpp:37:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char32_t t = R::read( in.current() ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf16.hpp:44:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char32_t u = R::read( in.current() + 2 ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/peek_utf32.hpp:34:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char32_t t = R::read( in.current() ); data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:23:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static std::uint16_t read( const void* d ) noexcept data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:33:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static std::uint16_t read( const void* d ) noexcept data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:43:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static std::uint32_t read( const void* d ) noexcept data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:53:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static std::uint32_t read( const void* d ) noexcept data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:63:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static std::uint64_t read( const void* d ) noexcept data/tao-pegtl-2.8.3/include/tao/pegtl/internal/read_uint.hpp:73:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static std::uint64_t read( const void* d ) noexcept data/tao-pegtl-2.8.3/include/tao/pegtl/memory_input.hpp:256:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : memory_input( in_begin, std::strlen( in_begin ), std::forward< T >( in_source ) ) data/tao-pegtl-2.8.3/include/tao/pegtl/read_input.hpp:51:94: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). string_input< P, Eol, const char* >( internal::file_reader( filename.c_str() ).read(), filename.c_str() ) data/tao-pegtl-2.8.3/include/tao/pegtl/read_input.hpp:58:103: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). string_input< P, Eol, const char* >( internal::file_reader( in_file, filename.c_str() ).read(), filename.c_str() ) ANALYSIS SUMMARY: Hits = 44 Lines analyzed = 24697 in approximately 0.68 seconds (36508 lines/second) Physical Source Lines of Code (SLOC) = 19072 Hits@level = [0] 2 [1] 17 [2] 27 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 46 [1+] 44 [2+] 27 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.41191 [1+] 2.30705 [2+] 1.41569 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.