Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/bijiben-3.38.0/src/bijiben-shell-search-provider.c Examining data/bijiben-3.38.0/src/bjb-application.c Examining data/bijiben-3.38.0/src/bjb-application.h Examining data/bijiben-3.38.0/src/bjb-color-button.c Examining data/bijiben-3.38.0/src/bjb-color-button.h Examining data/bijiben-3.38.0/src/bjb-controller.c Examining data/bijiben-3.38.0/src/bjb-controller.h Examining data/bijiben-3.38.0/src/bjb-editor-toolbar.c Examining data/bijiben-3.38.0/src/bjb-editor-toolbar.h Examining data/bijiben-3.38.0/src/bjb-empty-results-box.c Examining data/bijiben-3.38.0/src/bjb-empty-results-box.h Examining data/bijiben-3.38.0/src/bjb-import-dialog.c Examining data/bijiben-3.38.0/src/bjb-import-dialog.h Examining data/bijiben-3.38.0/src/bjb-list-view-row.c Examining data/bijiben-3.38.0/src/bjb-list-view-row.h Examining data/bijiben-3.38.0/src/bjb-list-view.c Examining data/bijiben-3.38.0/src/bjb-list-view.h Examining data/bijiben-3.38.0/src/bjb-main-toolbar.c Examining data/bijiben-3.38.0/src/bjb-main-toolbar.h Examining data/bijiben-3.38.0/src/bjb-main-view.c Examining data/bijiben-3.38.0/src/bjb-main-view.h Examining data/bijiben-3.38.0/src/bjb-main.c Examining data/bijiben-3.38.0/src/bjb-note-view.c Examining data/bijiben-3.38.0/src/bjb-note-view.h Examining data/bijiben-3.38.0/src/bjb-organize-dialog.c Examining data/bijiben-3.38.0/src/bjb-organize-dialog.h Examining data/bijiben-3.38.0/src/bjb-search-toolbar.c Examining data/bijiben-3.38.0/src/bjb-search-toolbar.h Examining data/bijiben-3.38.0/src/bjb-selection-toolbar.c Examining data/bijiben-3.38.0/src/bjb-selection-toolbar.h Examining data/bijiben-3.38.0/src/bjb-settings-dialog.c Examining data/bijiben-3.38.0/src/bjb-settings-dialog.h Examining data/bijiben-3.38.0/src/bjb-settings.c Examining data/bijiben-3.38.0/src/bjb-settings.h Examining data/bijiben-3.38.0/src/bjb-share.c Examining data/bijiben-3.38.0/src/bjb-share.h Examining data/bijiben-3.38.0/src/bjb-utils.c Examining data/bijiben-3.38.0/src/bjb-utils.h Examining data/bijiben-3.38.0/src/bjb-window-base.c Examining data/bijiben-3.38.0/src/bjb-window-base.h Examining data/bijiben-3.38.0/src/libbiji/biji-date-time.c Examining data/bijiben-3.38.0/src/libbiji/biji-date-time.h Examining data/bijiben-3.38.0/src/libbiji/biji-error.c Examining data/bijiben-3.38.0/src/libbiji/biji-error.h Examining data/bijiben-3.38.0/src/libbiji/biji-info-set.c Examining data/bijiben-3.38.0/src/libbiji/biji-info-set.h Examining data/bijiben-3.38.0/src/libbiji/biji-item.c Examining data/bijiben-3.38.0/src/libbiji/biji-item.h Examining data/bijiben-3.38.0/src/libbiji/biji-manager.c Examining data/bijiben-3.38.0/src/libbiji/biji-manager.h Examining data/bijiben-3.38.0/src/libbiji/biji-note-id.c Examining data/bijiben-3.38.0/src/libbiji/biji-note-id.h Examining data/bijiben-3.38.0/src/libbiji/biji-note-obj.c Examining data/bijiben-3.38.0/src/libbiji/biji-note-obj.h Examining data/bijiben-3.38.0/src/libbiji/biji-notebook.c Examining data/bijiben-3.38.0/src/libbiji/biji-notebook.h Examining data/bijiben-3.38.0/src/libbiji/biji-string.c Examining data/bijiben-3.38.0/src/libbiji/biji-string.h Examining data/bijiben-3.38.0/src/libbiji/biji-timeout.c Examining data/bijiben-3.38.0/src/libbiji/biji-timeout.h Examining data/bijiben-3.38.0/src/libbiji/biji-tracker.c Examining data/bijiben-3.38.0/src/libbiji/biji-tracker.h Examining data/bijiben-3.38.0/src/libbiji/biji-zeitgeist.c Examining data/bijiben-3.38.0/src/libbiji/biji-zeitgeist.h Examining data/bijiben-3.38.0/src/libbiji/deserializer/biji-lazy-deserializer.c Examining data/bijiben-3.38.0/src/libbiji/deserializer/biji-lazy-deserializer.h Examining data/bijiben-3.38.0/src/libbiji/deserializer/biji-tomboy-reader.c Examining data/bijiben-3.38.0/src/libbiji/deserializer/biji-tomboy-reader.h Examining data/bijiben-3.38.0/src/libbiji/editor/biji-editor-selection.c Examining data/bijiben-3.38.0/src/libbiji/editor/biji-editor-selection.h Examining data/bijiben-3.38.0/src/libbiji/editor/biji-webkit-editor.c Examining data/bijiben-3.38.0/src/libbiji/editor/biji-webkit-editor.h Examining data/bijiben-3.38.0/src/libbiji/libbiji.h Examining data/bijiben-3.38.0/src/libbiji/provider/biji-import-provider.c Examining data/bijiben-3.38.0/src/libbiji/provider/biji-import-provider.h Examining data/bijiben-3.38.0/src/libbiji/provider/biji-local-note.c Examining data/bijiben-3.38.0/src/libbiji/provider/biji-local-note.h Examining data/bijiben-3.38.0/src/libbiji/provider/biji-local-provider.c Examining data/bijiben-3.38.0/src/libbiji/provider/biji-local-provider.h Examining data/bijiben-3.38.0/src/libbiji/provider/biji-memo-note.c Examining data/bijiben-3.38.0/src/libbiji/provider/biji-memo-note.h Examining data/bijiben-3.38.0/src/libbiji/provider/biji-memo-provider.c Examining data/bijiben-3.38.0/src/libbiji/provider/biji-memo-provider.h Examining data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-note.c Examining data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-note.h Examining data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-provider.c Examining data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-provider.h Examining data/bijiben-3.38.0/src/libbiji/provider/biji-provider.c Examining data/bijiben-3.38.0/src/libbiji/provider/biji-provider.h Examining data/bijiben-3.38.0/src/libbiji/serializer/biji-lazy-serializer.c Examining data/bijiben-3.38.0/src/libbiji/serializer/biji-lazy-serializer.h FINAL RESULTS: data/bijiben-3.38.0/src/bjb-settings.c:40:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. GSettings *system; data/bijiben-3.38.0/src/bjb-settings.c:70:25: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. g_object_unref (self->system); data/bijiben-3.38.0/src/bjb-settings.c:268:39: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return g_settings_get_string (self->system, data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-provider.c:817:9: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. g_get_home_dir (), data/bijiben-3.38.0/src/bjb-color-button.c:30:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *palette_str[BJB_NUM_COLORS] = { data/bijiben-3.38.0/src/libbiji/provider/biji-local-provider.c:386:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[40]; data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-note.c:418:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[40]; data/bijiben-3.38.0/src/bjb-editor-toolbar.c:107:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (link == NULL || strlen (link) == 0) data/bijiben-3.38.0/src/bjb-main-toolbar.c:322:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (str == NULL || strlen(str) == 0) data/bijiben-3.38.0/src/bjb-main-toolbar.c:376:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (str) > 0) data/bijiben-3.38.0/src/libbiji/deserializer/biji-lazy-deserializer.c:285:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(self->content), data/bijiben-3.38.0/src/libbiji/deserializer/biji-lazy-deserializer.c:417:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(sane_html), data/bijiben-3.38.0/src/libbiji/deserializer/biji-tomboy-reader.c:223:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (text), data/bijiben-3.38.0/src/libbiji/editor/biji-webkit-editor.c:512:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). html_data = g_bytes_new_take (body, strlen (body)); data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-note.c:188:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(str), ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 21377 in approximately 0.46 seconds (46245 lines/second) Physical Source Lines of Code (SLOC) = 14123 Hits@level = [0] 2 [1] 8 [2] 3 [3] 1 [4] 3 [5] 0 Hits@level+ = [0+] 17 [1+] 15 [2+] 7 [3+] 4 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 1.20371 [1+] 1.0621 [2+] 0.495645 [3+] 0.283226 [4+] 0.212419 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.