Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/brisk-menu-0.6.2/src/backend/all-items/all-backend.c Examining data/brisk-menu-0.6.2/src/backend/all-items/all-backend.h Examining data/brisk-menu-0.6.2/src/backend/all-items/all-section.c Examining data/brisk-menu-0.6.2/src/backend/all-items/all-section.h Examining data/brisk-menu-0.6.2/src/backend/apps/apps-backend.c Examining data/brisk-menu-0.6.2/src/backend/apps/apps-backend.h Examining data/brisk-menu-0.6.2/src/backend/apps/apps-item.c Examining data/brisk-menu-0.6.2/src/backend/apps/apps-item.h Examining data/brisk-menu-0.6.2/src/backend/apps/apps-section.c Examining data/brisk-menu-0.6.2/src/backend/apps/apps-section.h Examining data/brisk-menu-0.6.2/src/backend/backend.c Examining data/brisk-menu-0.6.2/src/backend/backend.h Examining data/brisk-menu-0.6.2/src/backend/favourites/favourites-backend.c Examining data/brisk-menu-0.6.2/src/backend/favourites/favourites-backend.h Examining data/brisk-menu-0.6.2/src/backend/favourites/favourites-desktop.c Examining data/brisk-menu-0.6.2/src/backend/favourites/favourites-section.c Examining data/brisk-menu-0.6.2/src/backend/favourites/favourites-section.h Examining data/brisk-menu-0.6.2/src/backend/item.c Examining data/brisk-menu-0.6.2/src/backend/item.h Examining data/brisk-menu-0.6.2/src/backend/section.c Examining data/brisk-menu-0.6.2/src/backend/section.h Examining data/brisk-menu-0.6.2/src/frontend/classic/category-button.c Examining data/brisk-menu-0.6.2/src/frontend/classic/category-button.h Examining data/brisk-menu-0.6.2/src/frontend/classic/classic-entry-button.c Examining data/brisk-menu-0.6.2/src/frontend/classic/classic-entry-button.h Examining data/brisk-menu-0.6.2/src/frontend/classic/classic-window.c Examining data/brisk-menu-0.6.2/src/frontend/classic/classic-window.h Examining data/brisk-menu-0.6.2/src/frontend/classic/desktop-button.c Examining data/brisk-menu-0.6.2/src/frontend/classic/desktop-button.h Examining data/brisk-menu-0.6.2/src/frontend/classic/sidebar-scroller.c Examining data/brisk-menu-0.6.2/src/frontend/classic/sidebar-scroller.h Examining data/brisk-menu-0.6.2/src/frontend/dash/category-button.c Examining data/brisk-menu-0.6.2/src/frontend/dash/category-button.h Examining data/brisk-menu-0.6.2/src/frontend/dash/dash-entry-button.c Examining data/brisk-menu-0.6.2/src/frontend/dash/dash-entry-button.h Examining data/brisk-menu-0.6.2/src/frontend/dash/dash-window.c Examining data/brisk-menu-0.6.2/src/frontend/dash/dash-window.h Examining data/brisk-menu-0.6.2/src/frontend/entry-button.c Examining data/brisk-menu-0.6.2/src/frontend/entry-button.h Examining data/brisk-menu-0.6.2/src/frontend/launcher.c Examining data/brisk-menu-0.6.2/src/frontend/launcher.h Examining data/brisk-menu-0.6.2/src/frontend/menu-context.c Examining data/brisk-menu-0.6.2/src/frontend/menu-grabs.c Examining data/brisk-menu-0.6.2/src/frontend/menu-keyboard.c Examining data/brisk-menu-0.6.2/src/frontend/menu-loader.c Examining data/brisk-menu-0.6.2/src/frontend/menu-private.h Examining data/brisk-menu-0.6.2/src/frontend/menu-search.c Examining data/brisk-menu-0.6.2/src/frontend/menu-session.c Examining data/brisk-menu-0.6.2/src/frontend/menu-settings.c Examining data/brisk-menu-0.6.2/src/frontend/menu-sort.c Examining data/brisk-menu-0.6.2/src/frontend/menu-window.c Examining data/brisk-menu-0.6.2/src/frontend/menu-window.h Examining data/brisk-menu-0.6.2/src/lib/authors.h Examining data/brisk-menu-0.6.2/src/lib/key-binder.c Examining data/brisk-menu-0.6.2/src/lib/key-binder.h Examining data/brisk-menu-0.6.2/src/lib/styles.h Examining data/brisk-menu-0.6.2/src/lib/util.h Examining data/brisk-menu-0.6.2/src/mate-applet/applet.c Examining data/brisk-menu-0.6.2/src/mate-applet/applet.h Examining data/brisk-menu-0.6.2/src/mate-applet/main.c Examining data/brisk-menu-0.6.2/src/test/brisk-test-backends.c FINAL RESULTS: data/brisk-menu-0.6.2/src/mate-applet/main.c:86:16: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home = g_get_home_dir(); data/brisk-menu-0.6.2/src/frontend/menu-search.c:113:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(self->search_term) > 0) { data/brisk-menu-0.6.2/src/frontend/menu-sort.c:40:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). score += 20 + (int)strlen(find); ANALYSIS SUMMARY: Hits = 3 Lines analyzed = 10330 in approximately 0.28 seconds (36697 lines/second) Physical Source Lines of Code (SLOC) = 5796 Hits@level = [0] 2 [1] 2 [2] 0 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 5 [1+] 3 [2+] 1 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.862664 [1+] 0.517598 [2+] 0.172533 [3+] 0.172533 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.