Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cpustat-0.02.13/cpustat.c

FINAL RESULTS:

data/cpustat-0.02.13/cpustat.c:1292:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		(void)fprintf(fp, ",%" PRIu64, sorted_cpu_infos[i]->total);
data/cpustat-0.02.13/cpustat.c:2102:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	(void)snprintf(buffer, sizeof(buffer), "%" PRId32, cpus);
data/cpustat-0.02.13/cpustat.c:2179:8:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	(void)printf(APP_NAME ", version " VERSION "\n\n"
data/cpustat-0.02.13/cpustat.c:2224:11:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
		int c = getopt(argc, argv, "acdDghiln:qr:sSt:Tp:xX");
data/cpustat-0.02.13/cpustat.c:128:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char 		comm[17];	/* Name of process/kernel task */
data/cpustat-0.02.13/cpustat.c:333:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[32];
data/cpustat-0.02.13/cpustat.c:336:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open("/proc/sys/kernel/pid_max", O_RDONLY);
data/cpustat-0.02.13/cpustat.c:726:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[16];
data/cpustat-0.02.13/cpustat.c:837:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buffer[4096];
data/cpustat-0.02.13/cpustat.c:843:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/cpustat-0.02.13/cpustat.c:853:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (UNLIKELY((fd = open(path, O_RDONLY)) < 0))
data/cpustat-0.02.13/cpustat.c:1073:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char str[256];
data/cpustat-0.02.13/cpustat.c:1076:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/cpustat-0.02.13/cpustat.c:1130:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[512], *ptr = buffer;
data/cpustat-0.02.13/cpustat.c:1174:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[256], *ptr = buffer;
data/cpustat-0.02.13/cpustat.c:1279:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(filename, "w")) == NULL) {
data/cpustat-0.02.13/cpustat.c:1466:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	(void)memcpy(info, new_info, sizeof(*info));
data/cpustat-0.02.13/cpustat.c:1773:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[4096];
data/cpustat-0.02.13/cpustat.c:1777:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen("/proc/stat", "r");
data/cpustat-0.02.13/cpustat.c:1833:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[128], *ptr = buffer;
data/cpustat-0.02.13/cpustat.c:1874:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char filename[PATH_MAX], *fnptr;
data/cpustat-0.02.13/cpustat.c:1875:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[4096];
data/cpustat-0.02.13/cpustat.c:1887:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fd = open(filename, O_RDONLY)) < 0)
data/cpustat-0.02.13/cpustat.c:1999:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char filename[PATH_MAX], *fnptr;
data/cpustat-0.02.13/cpustat.c:2007:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (LIKELY((fd = open(filename, O_RDONLY)) > -1)) {
data/cpustat-0.02.13/cpustat.c:2008:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buffer[64];
data/cpustat-0.02.13/cpustat.c:2033:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buffer[40];
data/cpustat-0.02.13/cpustat.c:2060:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buffer[4096];
data/cpustat-0.02.13/cpustat.c:2065:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (UNLIKELY((fd = open("/sys/devices/system/cpu/online", O_RDONLY)) < 0))
data/cpustat-0.02.13/cpustat.c:2115:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buffer[4096];
data/cpustat-0.02.13/cpustat.c:2120:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (UNLIKELY((fd = open("/proc/loadavg", O_RDONLY)) < 0))
data/cpustat-0.02.13/cpustat.c:2158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[128], *ptr = buffer;
data/cpustat-0.02.13/cpustat.c:339:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	n = read(fd, buf, sizeof(buf) - 1);
data/cpustat-0.02.13/cpustat.c:868:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	ret = read(fd, buffer, sizeof(buffer));
data/cpustat-0.02.13/cpustat.c:1083:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(tmp);
data/cpustat-0.02.13/cpustat.c:1085:8:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	(void)strncpy(ptr, tmp, sizeof(str));
data/cpustat-0.02.13/cpustat.c:1091:8:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
	(void)strncpy(ptr, "PID S  CPU    Time Task", sz);
data/cpustat-0.02.13/cpustat.c:1099:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		(void)strncpy(ptr, "  (", 4);
data/cpustat-0.02.13/cpustat.c:1890:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		len = read(fd, buffer, sizeof(buffer) - 1);
data/cpustat-0.02.13/cpustat.c:2011:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			ret = read(fd, buffer, sizeof(buffer) - 1);
data/cpustat-0.02.13/cpustat.c:2067:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	ret = read(fd, buffer, sizeof(buffer) - 1);
data/cpustat-0.02.13/cpustat.c:2122:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	len = read(fd, buffer, sizeof(buffer) - 1);

ANALYSIS SUMMARY:

Hits = 42
Lines analyzed = 2480 in approximately 0.08 seconds (31154 lines/second)
Physical Source Lines of Code (SLOC) = 1841
Hits@level = [0]  42 [1]  10 [2]  28 [3]   1 [4]   3 [5]   0
Hits@level+ = [0+]  84 [1+]  42 [2+]  32 [3+]   4 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 45.6274 [1+] 22.8137 [2+] 17.3819 [3+] 2.17273 [4+] 1.62955 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.