Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bijiben-3.38.0/src/bijiben-shell-search-provider.c
Examining data/bijiben-3.38.0/src/bjb-application.c
Examining data/bijiben-3.38.0/src/bjb-application.h
Examining data/bijiben-3.38.0/src/bjb-color-button.c
Examining data/bijiben-3.38.0/src/bjb-color-button.h
Examining data/bijiben-3.38.0/src/bjb-controller.c
Examining data/bijiben-3.38.0/src/bjb-controller.h
Examining data/bijiben-3.38.0/src/bjb-editor-toolbar.c
Examining data/bijiben-3.38.0/src/bjb-editor-toolbar.h
Examining data/bijiben-3.38.0/src/bjb-empty-results-box.c
Examining data/bijiben-3.38.0/src/bjb-empty-results-box.h
Examining data/bijiben-3.38.0/src/bjb-import-dialog.c
Examining data/bijiben-3.38.0/src/bjb-import-dialog.h
Examining data/bijiben-3.38.0/src/bjb-list-view-row.c
Examining data/bijiben-3.38.0/src/bjb-list-view-row.h
Examining data/bijiben-3.38.0/src/bjb-list-view.c
Examining data/bijiben-3.38.0/src/bjb-list-view.h
Examining data/bijiben-3.38.0/src/bjb-main-toolbar.c
Examining data/bijiben-3.38.0/src/bjb-main-toolbar.h
Examining data/bijiben-3.38.0/src/bjb-main-view.c
Examining data/bijiben-3.38.0/src/bjb-main-view.h
Examining data/bijiben-3.38.0/src/bjb-main.c
Examining data/bijiben-3.38.0/src/bjb-note-view.c
Examining data/bijiben-3.38.0/src/bjb-note-view.h
Examining data/bijiben-3.38.0/src/bjb-organize-dialog.c
Examining data/bijiben-3.38.0/src/bjb-organize-dialog.h
Examining data/bijiben-3.38.0/src/bjb-search-toolbar.c
Examining data/bijiben-3.38.0/src/bjb-search-toolbar.h
Examining data/bijiben-3.38.0/src/bjb-selection-toolbar.c
Examining data/bijiben-3.38.0/src/bjb-selection-toolbar.h
Examining data/bijiben-3.38.0/src/bjb-settings-dialog.c
Examining data/bijiben-3.38.0/src/bjb-settings-dialog.h
Examining data/bijiben-3.38.0/src/bjb-settings.c
Examining data/bijiben-3.38.0/src/bjb-settings.h
Examining data/bijiben-3.38.0/src/bjb-share.c
Examining data/bijiben-3.38.0/src/bjb-share.h
Examining data/bijiben-3.38.0/src/bjb-utils.c
Examining data/bijiben-3.38.0/src/bjb-utils.h
Examining data/bijiben-3.38.0/src/bjb-window-base.c
Examining data/bijiben-3.38.0/src/bjb-window-base.h
Examining data/bijiben-3.38.0/src/libbiji/biji-date-time.c
Examining data/bijiben-3.38.0/src/libbiji/biji-date-time.h
Examining data/bijiben-3.38.0/src/libbiji/biji-error.c
Examining data/bijiben-3.38.0/src/libbiji/biji-error.h
Examining data/bijiben-3.38.0/src/libbiji/biji-info-set.c
Examining data/bijiben-3.38.0/src/libbiji/biji-info-set.h
Examining data/bijiben-3.38.0/src/libbiji/biji-item.c
Examining data/bijiben-3.38.0/src/libbiji/biji-item.h
Examining data/bijiben-3.38.0/src/libbiji/biji-manager.c
Examining data/bijiben-3.38.0/src/libbiji/biji-manager.h
Examining data/bijiben-3.38.0/src/libbiji/biji-note-id.c
Examining data/bijiben-3.38.0/src/libbiji/biji-note-id.h
Examining data/bijiben-3.38.0/src/libbiji/biji-note-obj.c
Examining data/bijiben-3.38.0/src/libbiji/biji-note-obj.h
Examining data/bijiben-3.38.0/src/libbiji/biji-notebook.c
Examining data/bijiben-3.38.0/src/libbiji/biji-notebook.h
Examining data/bijiben-3.38.0/src/libbiji/biji-string.c
Examining data/bijiben-3.38.0/src/libbiji/biji-string.h
Examining data/bijiben-3.38.0/src/libbiji/biji-timeout.c
Examining data/bijiben-3.38.0/src/libbiji/biji-timeout.h
Examining data/bijiben-3.38.0/src/libbiji/biji-tracker.c
Examining data/bijiben-3.38.0/src/libbiji/biji-tracker.h
Examining data/bijiben-3.38.0/src/libbiji/biji-zeitgeist.c
Examining data/bijiben-3.38.0/src/libbiji/biji-zeitgeist.h
Examining data/bijiben-3.38.0/src/libbiji/deserializer/biji-lazy-deserializer.c
Examining data/bijiben-3.38.0/src/libbiji/deserializer/biji-lazy-deserializer.h
Examining data/bijiben-3.38.0/src/libbiji/deserializer/biji-tomboy-reader.c
Examining data/bijiben-3.38.0/src/libbiji/deserializer/biji-tomboy-reader.h
Examining data/bijiben-3.38.0/src/libbiji/editor/biji-editor-selection.c
Examining data/bijiben-3.38.0/src/libbiji/editor/biji-editor-selection.h
Examining data/bijiben-3.38.0/src/libbiji/editor/biji-webkit-editor.c
Examining data/bijiben-3.38.0/src/libbiji/editor/biji-webkit-editor.h
Examining data/bijiben-3.38.0/src/libbiji/libbiji.h
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-import-provider.c
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-import-provider.h
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-local-note.c
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-local-note.h
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-local-provider.c
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-local-provider.h
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-memo-note.c
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-memo-note.h
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-memo-provider.c
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-memo-provider.h
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-note.c
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-note.h
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-provider.c
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-provider.h
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-provider.c
Examining data/bijiben-3.38.0/src/libbiji/provider/biji-provider.h
Examining data/bijiben-3.38.0/src/libbiji/serializer/biji-lazy-serializer.c
Examining data/bijiben-3.38.0/src/libbiji/serializer/biji-lazy-serializer.h

FINAL RESULTS:

data/bijiben-3.38.0/src/bjb-settings.c:40:14:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  GSettings *system;
data/bijiben-3.38.0/src/bjb-settings.c:70:25:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  g_object_unref (self->system);
data/bijiben-3.38.0/src/bjb-settings.c:268:39:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  return g_settings_get_string (self->system,
data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-provider.c:817:9:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
        g_get_home_dir (),
data/bijiben-3.38.0/src/bjb-color-button.c:30:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *palette_str[BJB_NUM_COLORS] = {
data/bijiben-3.38.0/src/libbiji/provider/biji-local-provider.c:386:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char out[40];
data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-note.c:418:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[40];
data/bijiben-3.38.0/src/bjb-editor-toolbar.c:107:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (link == NULL || strlen (link) == 0)
data/bijiben-3.38.0/src/bjb-main-toolbar.c:322:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (str == NULL || strlen(str) == 0)
data/bijiben-3.38.0/src/bjb-main-toolbar.c:376:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (str) > 0)
data/bijiben-3.38.0/src/libbiji/deserializer/biji-lazy-deserializer.c:285:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen(self->content),
data/bijiben-3.38.0/src/libbiji/deserializer/biji-lazy-deserializer.c:417:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen(sane_html),
data/bijiben-3.38.0/src/libbiji/deserializer/biji-tomboy-reader.c:223:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen (text),
data/bijiben-3.38.0/src/libbiji/editor/biji-webkit-editor.c:512:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  html_data = g_bytes_new_take (body, strlen (body));
data/bijiben-3.38.0/src/libbiji/provider/biji-own-cloud-note.c:188:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen(str),

ANALYSIS SUMMARY:

Hits = 15
Lines analyzed = 21377 in approximately 0.46 seconds (46245 lines/second)
Physical Source Lines of Code (SLOC) = 14123
Hits@level = [0]   2 [1]   8 [2]   3 [3]   1 [4]   3 [5]   0
Hits@level+ = [0+]  17 [1+]  15 [2+]   7 [3+]   4 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 1.20371 [1+] 1.0621 [2+] 0.495645 [3+] 0.283226 [4+] 0.212419 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.