Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/folks-0.14.0/backends/telepathy/lib/tp-lowlevel.c
Examining data/folks-0.14.0/backends/telepathy/lib/tp-lowlevel.h
Examining data/folks-0.14.0/folks/redeclare-internal-api.h
Examining data/folks-0.14.0/folks/small-set-internal.h
Examining data/folks-0.14.0/folks/small-set.c
Examining data/folks-0.14.0/folks/small-set.h
Examining data/folks-0.14.0/folks/warnings.h
Examining data/folks-0.14.0/tests/lib/gtestdbus.c
Examining data/folks-0.14.0/tests/lib/gtestdbus.h
Examining data/folks-0.14.0/tests/lib/haze-remove-directory.c
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/backend.c
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/backend.h
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/contact-list-manager.c
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/contact-list-manager.h
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/contacts-conn.c
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/contacts-conn.h
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/debug.h
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/room-list-chan.c
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/room-list-chan.h
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/simple-account-manager.c
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/simple-account-manager.h
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/simple-account.c
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/simple-account.h
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/simple-conn.c
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/simple-conn.h
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/textchan-null.c
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/textchan-null.h
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/tp-test-contactlist.h
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/util.c
Examining data/folks-0.14.0/tests/lib/telepathy/contactlist/util.h
Examining data/folks-0.14.0/tests/lib/telepathy/test-case-helper.c
Examining data/folks-0.14.0/tests/lib/test-case-helper.c

FINAL RESULTS:

data/folks-0.14.0/tests/lib/gtestdbus.c:219:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
      if (sscanf (command, ADD_PID_FORMAT, &pid) == 1)
data/folks-0.14.0/tests/lib/gtestdbus.c:223:16:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
      else if (sscanf (command, REMOVE_PID_FORMAT, &pid) == 1)
data/folks-0.14.0/tests/lib/telepathy/contactlist/util.c:345:48:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
          address = g_unix_socket_address_new (tmpnam (NULL));
data/folks-0.14.0/folks/small-set.c:131:16:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      gboolean equal;
data/folks-0.14.0/folks/small-set.c:139:11:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      if (equal)
data/folks-0.14.0/tests/lib/telepathy/contactlist/util.c:276:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          gchar *value = line + strlen (TRACER_T);

ANALYSIS SUMMARY:

Hits = 6
Lines analyzed = 8867 in approximately 0.25 seconds (35413 lines/second)
Physical Source Lines of Code (SLOC) = 6385
Hits@level = [0]   0 [1]   3 [2]   0 [3]   1 [4]   2 [5]   0
Hits@level+ = [0+]   6 [1+]   6 [2+]   3 [3+]   3 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 0.939702 [1+] 0.939702 [2+] 0.469851 [3+] 0.469851 [4+] 0.313234 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.