Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/bomber-20.04.3/src/bomberwidget.h Examining data/bomber-20.04.3/src/board.cpp Examining data/bomber-20.04.3/src/bomber.h Examining data/bomber-20.04.3/src/explodable.h Examining data/bomber-20.04.3/src/bomberwidget.cpp Examining data/bomber-20.04.3/src/board.h Examining data/bomber-20.04.3/src/building.h Examining data/bomber-20.04.3/src/building.cpp Examining data/bomber-20.04.3/src/plane.h Examining data/bomber-20.04.3/src/bomb.cpp Examining data/bomber-20.04.3/src/main.cpp Examining data/bomber-20.04.3/src/explodable.cpp Examining data/bomber-20.04.3/src/bomb.h Examining data/bomber-20.04.3/src/bomber.cpp Examining data/bomber-20.04.3/src/plane.cpp FINAL RESULTS: data/bomber-20.04.3/src/board.cpp:146:41: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. unsigned int height = (KRandom::random() % (max - min)) + min; data/bomber-20.04.3/src/building.cpp:90:35: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. unsigned int style = KRandom::random() % styleCount; data/bomber-20.04.3/src/building.cpp:94:41: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. unsigned int varient = KRandom::random() % (maxVarient); data/bomber-20.04.3/src/explodable.cpp:94:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. setFrame(KRandom::random()); ANALYSIS SUMMARY: Hits = 4 Lines analyzed = 2204 in approximately 0.07 seconds (32496 lines/second) Physical Source Lines of Code (SLOC) = 1218 Hits@level = [0] 0 [1] 0 [2] 0 [3] 4 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 4 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.28407 [1+] 3.28407 [2+] 3.28407 [3+] 3.28407 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.