Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/achilles-2/acconfig.h
Examining data/achilles-2/angle.cc
Examining data/achilles-2/angle.h
Examining data/achilles-2/braininfo.cc
Examining data/achilles-2/braininfo.h
Examining data/achilles-2/color.cc
Examining data/achilles-2/color.h
Examining data/achilles-2/conf.h
Examining data/achilles-2/defines.h
Examining data/achilles-2/energy.h
Examining data/achilles-2/gene.h
Examining data/achilles-2/hebbian.h
Examining data/achilles-2/id.cc
Examining data/achilles-2/id.h
Examining data/achilles-2/idserver.cc
Examining data/achilles-2/idserver.h
Examining data/achilles-2/opengl.h
Examining data/achilles-2/org.h
Examining data/achilles-2/orglist.h
Examining data/achilles-2/quicksort.h
Examining data/achilles-2/universe.h
Examining data/achilles-2/vector.cc
Examining data/achilles-2/vector.h
Examining data/achilles-2/world.cc
Examining data/achilles-2/world.h
Examining data/achilles-2/energy.cc
Examining data/achilles-2/gene.cc
Examining data/achilles-2/hebbian.cc
Examining data/achilles-2/license.cc
Examining data/achilles-2/main.cc
Examining data/achilles-2/opengl.cc
Examining data/achilles-2/org.cc
Examining data/achilles-2/orglist.cc
Examining data/achilles-2/quicksort.cc
Examining data/achilles-2/screenshot.cc
Examining data/achilles-2/universe.cc

FINAL RESULTS:

data/achilles-2/main.cc:47:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand(time(NULL));
data/achilles-2/id.cc:32:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(s,"%ld.%d",timestamp,mod);
data/achilles-2/main.cc:64:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	FLOOR_BLOCKS_X = atoi(argv[i]);
data/achilles-2/main.cc:68:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	FLOOR_BLOCKS_Z = atoi(argv[i]);
data/achilles-2/main.cc:72:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	NUM_FOOD = atoi(argv[i]);
data/achilles-2/main.cc:79:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      NUM_ORGANISMS=atoi(argv[i]);
data/achilles-2/screenshot.cc:58:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  _fp = fopen(filename, "wb");
data/achilles-2/universe.cc:403:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[30];
data/achilles-2/universe.cc:448:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s1[30],s2[30];
data/achilles-2/universe.cc:325:3:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  getchar();
data/achilles-2/universe.cc:340:3:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  getchar();

ANALYSIS SUMMARY:

Hits = 11
Lines analyzed = 3398 in approximately 0.29 seconds (11574 lines/second)
Physical Source Lines of Code (SLOC) = 2069
Hits@level = [0]  23 [1]   2 [2]   8 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]  34 [1+]  11 [2+]   9 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 16.4331 [1+] 5.31658 [2+] 4.34993 [3+] 0.483325 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.