stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/brisk-menu-0.6.2/src/backend/all-items/all-backend.c
Examining data/brisk-menu-0.6.2/src/backend/all-items/all-backend.h
Examining data/brisk-menu-0.6.2/src/backend/all-items/all-section.c
Examining data/brisk-menu-0.6.2/src/backend/all-items/all-section.h
Examining data/brisk-menu-0.6.2/src/backend/apps/apps-backend.c
Examining data/brisk-menu-0.6.2/src/backend/apps/apps-backend.h
Examining data/brisk-menu-0.6.2/src/backend/apps/apps-item.c
Examining data/brisk-menu-0.6.2/src/backend/apps/apps-item.h
Examining data/brisk-menu-0.6.2/src/backend/apps/apps-section.c
Examining data/brisk-menu-0.6.2/src/backend/apps/apps-section.h
Examining data/brisk-menu-0.6.2/src/backend/backend.c
Examining data/brisk-menu-0.6.2/src/backend/backend.h
Examining data/brisk-menu-0.6.2/src/backend/favourites/favourites-backend.c
Examining data/brisk-menu-0.6.2/src/backend/favourites/favourites-backend.h
Examining data/brisk-menu-0.6.2/src/backend/favourites/favourites-desktop.c
Examining data/brisk-menu-0.6.2/src/backend/favourites/favourites-section.c
Examining data/brisk-menu-0.6.2/src/backend/favourites/favourites-section.h
Examining data/brisk-menu-0.6.2/src/backend/item.c
Examining data/brisk-menu-0.6.2/src/backend/item.h
Examining data/brisk-menu-0.6.2/src/backend/section.c
Examining data/brisk-menu-0.6.2/src/backend/section.h
Examining data/brisk-menu-0.6.2/src/frontend/classic/category-button.c
Examining data/brisk-menu-0.6.2/src/frontend/classic/category-button.h
Examining data/brisk-menu-0.6.2/src/frontend/classic/classic-entry-button.c
Examining data/brisk-menu-0.6.2/src/frontend/classic/classic-entry-button.h
Examining data/brisk-menu-0.6.2/src/frontend/classic/classic-window.c
Examining data/brisk-menu-0.6.2/src/frontend/classic/classic-window.h
Examining data/brisk-menu-0.6.2/src/frontend/classic/desktop-button.c
Examining data/brisk-menu-0.6.2/src/frontend/classic/desktop-button.h
Examining data/brisk-menu-0.6.2/src/frontend/classic/sidebar-scroller.c
Examining data/brisk-menu-0.6.2/src/frontend/classic/sidebar-scroller.h
Examining data/brisk-menu-0.6.2/src/frontend/dash/category-button.c
Examining data/brisk-menu-0.6.2/src/frontend/dash/category-button.h
Examining data/brisk-menu-0.6.2/src/frontend/dash/dash-entry-button.c
Examining data/brisk-menu-0.6.2/src/frontend/dash/dash-entry-button.h
Examining data/brisk-menu-0.6.2/src/frontend/dash/dash-window.c
Examining data/brisk-menu-0.6.2/src/frontend/dash/dash-window.h
Examining data/brisk-menu-0.6.2/src/frontend/entry-button.c
Examining data/brisk-menu-0.6.2/src/frontend/entry-button.h
Examining data/brisk-menu-0.6.2/src/frontend/launcher.c
Examining data/brisk-menu-0.6.2/src/frontend/launcher.h
Examining data/brisk-menu-0.6.2/src/frontend/menu-context.c
Examining data/brisk-menu-0.6.2/src/frontend/menu-grabs.c
Examining data/brisk-menu-0.6.2/src/frontend/menu-keyboard.c
Examining data/brisk-menu-0.6.2/src/frontend/menu-loader.c
Examining data/brisk-menu-0.6.2/src/frontend/menu-private.h
Examining data/brisk-menu-0.6.2/src/frontend/menu-search.c
Examining data/brisk-menu-0.6.2/src/frontend/menu-session.c
Examining data/brisk-menu-0.6.2/src/frontend/menu-settings.c
Examining data/brisk-menu-0.6.2/src/frontend/menu-sort.c
Examining data/brisk-menu-0.6.2/src/frontend/menu-window.c
Examining data/brisk-menu-0.6.2/src/frontend/menu-window.h
Examining data/brisk-menu-0.6.2/src/lib/authors.h
Examining data/brisk-menu-0.6.2/src/lib/key-binder.c
Examining data/brisk-menu-0.6.2/src/lib/key-binder.h
Examining data/brisk-menu-0.6.2/src/lib/styles.h
Examining data/brisk-menu-0.6.2/src/lib/util.h
Examining data/brisk-menu-0.6.2/src/mate-applet/applet.c
Examining data/brisk-menu-0.6.2/src/mate-applet/applet.h
Examining data/brisk-menu-0.6.2/src/mate-applet/main.c
Examining data/brisk-menu-0.6.2/src/test/brisk-test-backends.c

FINAL RESULTS:

data/brisk-menu-0.6.2/src/mate-applet/main.c:86:16:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
        home = g_get_home_dir();
data/brisk-menu-0.6.2/src/frontend/menu-search.c:113:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(self->search_term) > 0) {
data/brisk-menu-0.6.2/src/frontend/menu-sort.c:40:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                score += 20 + (int)strlen(find);

ANALYSIS SUMMARY:

Hits = 3
Lines analyzed = 10330 in approximately 0.28 seconds (36697 lines/second)
Physical Source Lines of Code (SLOC) = 5796
Hits@level = [0]   2 [1]   2 [2]   0 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]   5 [1+]   3 [2+]   1 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 0.862664 [1+] 0.517598 [2+] 0.172533 [3+] 0.172533 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.