Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/artha-1.0.5/src/suggestions.h
Examining data/artha-1.0.5/src/gui.c
Examining data/artha-1.0.5/src/hotkey_editor.c
Examining data/artha-1.0.5/src/eggaccelerators.h
Examining data/artha-1.0.5/src/wni.c
Examining data/artha-1.0.5/src/libnotify.c
Examining data/artha-1.0.5/src/instance_handler.h
Examining data/artha-1.0.5/src/hotkey_editor.h
Examining data/artha-1.0.5/src/suggestions.c
Examining data/artha-1.0.5/src/addons.h
Examining data/artha-1.0.5/src/mod_notify.h
Examining data/artha-1.0.5/src/tomboyutil.c
Examining data/artha-1.0.5/src/libnotify.h
Examining data/artha-1.0.5/src/instance_handler.c
Examining data/artha-1.0.5/src/wni.h
Examining data/artha-1.0.5/src/gui.h
Examining data/artha-1.0.5/src/mod_notify.c
Examining data/artha-1.0.5/src/eggaccelerators.c
Examining data/artha-1.0.5/src/tomboyutil.h

FINAL RESULTS:

data/artha-1.0.5/src/gui.c:421:15:  [4] (shell) ShellExecute:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	return ((int)ShellExecute(hMainWindow, "open", uri, NULL, NULL, SW_SHOWNORMAL) > 32);
data/artha-1.0.5/src/libnotify.c:857:4:  [4] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
			wcscpy(&wide_string[++i], ellipses);
data/artha-1.0.5/src/libnotify.c:173:3:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
		InitializeCriticalSection(&thread_guard);
data/artha-1.0.5/src/libnotify.c:348:2:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
	EnterCriticalSection(&thread_guard);
data/artha-1.0.5/src/libnotify.c:536:4:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
			EnterCriticalSection(&thread_guard);
data/artha-1.0.5/src/gui.c:2461:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *hist_file = fopen(hist_file_path, "r");
data/artha-1.0.5/src/gui.c:2898:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *hist_file = fopen(hist_file_path, "a+");
data/artha-1.0.5/src/libnotify.c:96:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t summary[MAX_SUMMARY_LENGTH];
data/artha-1.0.5/src/libnotify.c:97:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t body[MAX_BODY_LENGTH];
data/artha-1.0.5/src/libnotify.c:851:10:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
	if(0 != MultiByteToWideChar(CP_ACP, 0, byte_string, conv_len, wide_string, max_buffer))
data/artha-1.0.5/src/gui.c:2469:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t lookup_len = strlen(lookup);
data/artha-1.0.5/src/libnotify.c:850:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int conv_len = ((gint)strlen(byte_string) >= max_buffer) ? conversion_limit : -1;
data/artha-1.0.5/src/suggestions.c:81:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if(strlen(lang_code) >= strlen(dict_lang_tag))
data/artha-1.0.5/src/suggestions.c:81:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if(strlen(lang_code) >= strlen(dict_lang_tag))
data/artha-1.0.5/src/wni.c:447:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(str) - 1;	// skip the last close brace (len - 1)
data/artha-1.0.5/src/wni.c:566:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	check_len = strlen(term) + 1;	// check till \0 so that "Kelly" & "Kelly Gene" don't match
data/artha-1.0.5/src/wni.c:637:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			last_char_index = strlen(line) - 1;
data/artha-1.0.5/src/wni.c:675:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			temp += strlen(synptr->words[wdnum]) + 11;
data/artha-1.0.5/src/wni.c:876:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	check_len = strlen(lemma) + 1;
data/artha-1.0.5/src/wni.c:980:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	check_len = strlen(lemma) + 1;
data/artha-1.0.5/src/wni.c:1077:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if(0 != g_ascii_strncasecmp(lemma, cursyn->words[j], strlen(cursyn->words[j]) + 1))
data/artha-1.0.5/src/wni.c:1144:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				if(0 != g_ascii_strncasecmp(lemma, cursyn->words[j], strlen(cursyn->words[j]) + 1))
data/artha-1.0.5/src/wni.c:1452:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if(	strlen(search_str) > 0 && 

ANALYSIS SUMMARY:

Hits = 23
Lines analyzed = 8823 in approximately 0.21 seconds (41367 lines/second)
Physical Source Lines of Code (SLOC) = 6242
Hits@level = [0]   2 [1]  13 [2]   5 [3]   3 [4]   2 [5]   0
Hits@level+ = [0+]  25 [1+]  23 [2+]  10 [3+]   5 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 4.00513 [1+] 3.68472 [2+] 1.60205 [3+] 0.801025 [4+] 0.32041 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.