stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/evdns.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/buffer.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/buffer_compat.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/bufferevent.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/bufferevent_compat.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/bufferevent_ssl.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/bufferevent_struct.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/dns.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/dns_compat.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/dns_struct.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/event-config.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/event.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/event_compat.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/event_struct.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/http.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/http_compat.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/http_struct.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/keyvalq_struct.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/listener.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/rpc.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/rpc_compat.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/rpc_struct.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/tag.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/tag_compat.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/thread.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/util.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/evhttp.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/evrpc.h
Examining data/dlang-libevent-2.0.16.1~really2.0.2/C/evutil.h

FINAL RESULTS:

data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/buffer.h:479:25:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  __attribute__((format(printf, 2, 3)))
data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/util.h:446:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 3, 4)))
data/dlang-libevent-2.0.16.1~really2.0.2/C/event2/dns_struct.h:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[1];

ANALYSIS SUMMARY:

Hits = 3
Lines analyzed = 8569 in approximately 0.32 seconds (26464 lines/second)
Physical Source Lines of Code (SLOC) = 2000
Hits@level = [0]   0 [1]   0 [2]   1 [3]   0 [4]   2 [5]   0
Hits@level+ = [0+]   3 [1+]   3 [2+]   3 [3+]   2 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 1.5 [1+] 1.5 [2+] 1.5 [3+]   1 [4+]   1 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.