Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gaviotatb-0.4/gtb-probe.h
Examining data/gaviotatb-0.4/progname.h
Examining data/gaviotatb-0.4/tbprobe.c
Examining data/gaviotatb-0.4/gtb-dec.c
Examining data/gaviotatb-0.4/compression/liblzf/lzf_c.c
Examining data/gaviotatb-0.4/compression/liblzf/lzfP.h
Examining data/gaviotatb-0.4/compression/liblzf/lzf_d.c
Examining data/gaviotatb-0.4/compression/liblzf/lzf.h
Examining data/gaviotatb-0.4/compression/lzma/Alloc.c
Examining data/gaviotatb-0.4/compression/lzma/LzFindMt.h
Examining data/gaviotatb-0.4/compression/lzma/Lzma86Dec.c
Examining data/gaviotatb-0.4/compression/lzma/Bra86.c
Examining data/gaviotatb-0.4/compression/lzma/Lzma86Enc.c
Examining data/gaviotatb-0.4/compression/lzma/LzFind.h
Examining data/gaviotatb-0.4/compression/lzma/Alloc.h
Examining data/gaviotatb-0.4/compression/lzma/Lzma86Enc.h
Examining data/gaviotatb-0.4/compression/lzma/LzFind.c
Examining data/gaviotatb-0.4/compression/lzma/LzmaEnc.c
Examining data/gaviotatb-0.4/compression/lzma/LzmaDec.c
Examining data/gaviotatb-0.4/compression/lzma/LzmaEnc.h
Examining data/gaviotatb-0.4/compression/lzma/Bra.h
Examining data/gaviotatb-0.4/compression/lzma/Lzma86Dec.h
Examining data/gaviotatb-0.4/compression/lzma/Types.h
Examining data/gaviotatb-0.4/compression/lzma/LzHash.h
Examining data/gaviotatb-0.4/compression/lzma/LzmaDec.h
Examining data/gaviotatb-0.4/compression/wrap.h
Examining data/gaviotatb-0.4/compression/huffman/hzip.h
Examining data/gaviotatb-0.4/compression/huffman/hzip.c
Examining data/gaviotatb-0.4/compression/wrap.c
Examining data/gaviotatb-0.4/version.h
Examining data/gaviotatb-0.4/gtb-types.h
Examining data/gaviotatb-0.4/gtb-att.c
Examining data/gaviotatb-0.4/gtb-dec.h
Examining data/gaviotatb-0.4/gtb-att.h
Examining data/gaviotatb-0.4/sysport/sysport.c
Examining data/gaviotatb-0.4/sysport/sysport.h
Examining data/gaviotatb-0.4/gtb-probe.c
FINAL RESULTS:
data/gaviotatb-0.4/gtb-probe.c:1077:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (localstr," main: %s\n", p);
data/gaviotatb-0.4/gtb-probe.c:1079:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (localstr," #%d: %s\n", g, p);
data/gaviotatb-0.4/gtb-probe.c:1699:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s.gtb", egkey[key].str);
data/gaviotatb-0.4/gtb-probe.c:1913:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s%s%s", path, egkey[key].str, extension);
data/gaviotatb-0.4/gtb-probe.c:1916:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s%s%s", path, egkey[key].str, extension);
data/gaviotatb-0.4/gtb-probe.c:1918:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s%s%s%s", path, FOLDERSEP, egkey[key].str, extension);
data/gaviotatb-0.4/gtb-probe.c:1943:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s%s%s", path, egkey[key].str, extension);
data/gaviotatb-0.4/gtb-probe.c:1946:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s%s%s", path, egkey[key].str, extension);
data/gaviotatb-0.4/gtb-probe.c:1948:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s%s%s%s", path, FOLDERSEP, egkey[key].str, extension);
data/gaviotatb-0.4/sysport/sysport.c:220:58: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
extern void mythread_spinx_init (mythread_spinx_t *m) { InitializeCriticalSection(m) ;} /**/
data/gaviotatb-0.4/sysport/sysport.c:222:61: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
extern void mythread_spinx_lock (mythread_spinx_t *m) { EnterCriticalSection (m) ;} /**/
data/gaviotatb-0.4/compression/huffman/hzip.c:80:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char streambuffer[MAXSTREAM];
data/gaviotatb-0.4/compression/lzma/Lzma86Enc.c:55:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filteredStream, src, srcLen);
data/gaviotatb-0.4/compression/lzma/LzmaDec.c:794:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->tempBuf, src, inSize);
data/gaviotatb-0.4/compression/lzma/LzmaDec.c:882:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, p->dic + dicPos, outSizeCur);
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:253:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, p->data, curSize);
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:380:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:381:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:384:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:385:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:386:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:387:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:388:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:389:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:391:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:392:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << p->lclp) * sizeof(CLzmaProb));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:407:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:408:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:411:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:413:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:414:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:415:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:416:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:417:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:418:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:419:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << dest->lclp) * sizeof(CLzmaProb));
data/gaviotatb-0.4/compression/lzma/LzmaEnc.c:2163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->data, data, size);
data/gaviotatb-0.4/gtb-att.c:123:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char attmap [64] [64];
data/gaviotatb-0.4/gtb-probe.c:304:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char Buffer_zipped [EGTB_MAXBLOCKSIZE];
data/gaviotatb-0.4/gtb-probe.c:305:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char Buffer_packed [EGTB_MAXBLOCKSIZE];
data/gaviotatb-0.4/gtb-probe.c:361:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *Square_str[64] = {
data/gaviotatb-0.4/gtb-probe.c:383:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *Info_str[8] = {
data/gaviotatb-0.4/gtb-probe.c:459:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char aabase [MAX_AAINDEX];
data/gaviotatb-0.4/gtb-probe.c:1048:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ini_str[INISIZE];
data/gaviotatb-0.4/gtb-probe.c:1057:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localstr[256];
data/gaviotatb-0.4/gtb-probe.c:1116:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (localstr," Compression Scheme = %d\n", GTB_scheme);
data/gaviotatb-0.4/gtb-probe.c:1132:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (localstr," Compression Indexes (%d-pc) = PASSED\n",n);
data/gaviotatb-0.4/gtb-probe.c:1134:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (localstr," Compression Indexes (%d-pc) = **FAILED**\n",n);
data/gaviotatb-0.4/gtb-probe.c:1139:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (localstr," Compression Indexes (%d-pc) = PASSED\n",n);
data/gaviotatb-0.4/gtb-probe.c:1141:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (localstr," Compression Indexes (%d-pc) = **FAILED**\n",n);
data/gaviotatb-0.4/gtb-probe.c:1146:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (localstr," Compression Indexes (%d-pc) = PASSED\n",n);
data/gaviotatb-0.4/gtb-probe.c:1148:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (localstr," Compression Indexes (%d-pc) = **FAILED**\n",n);
data/gaviotatb-0.4/gtb-probe.c:1675:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gaviotatb-0.4/gtb-probe.c:1700:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (finp = fopen (filename, "rb"))) {
data/gaviotatb-0.4/gtb-probe.c:1859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/gaviotatb-0.4/gtb-probe.c:1923:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
finp = fopen (filename, "rb");
data/gaviotatb-0.4/gtb-probe.c:1953:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
finp = fopen (filename, "rb");
data/gaviotatb-0.4/gtb-probe.c:2031:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcstr[2*MAX_LISTSIZE];
data/gaviotatb-0.4/gtb-probe.c:2277:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char p[SLOTSIZE];
data/gaviotatb-0.4/gtb-probe.c:2915:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char p[SZ];
data/gaviotatb-0.4/tbprobe.c:59:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wp[17]; /* what white pieces are on those squares */
data/gaviotatb-0.4/tbprobe.c:60:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bp[17]; /* what black pieces are on those squares */
data/gaviotatb-0.4/gtb-probe.c:876:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psize = strlen(newpath) + 1;
data/gaviotatb-0.4/gtb-probe.c:904:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psize = strlen(newpath) + 1;
data/gaviotatb-0.4/gtb-probe.c:1049:59: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
static void sjoin(char *s, const char *tail, size_t max) {strncat(s, tail, max - strlen(s) - 1);}
data/gaviotatb-0.4/gtb-probe.c:1049:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static void sjoin(char *s, const char *tail, size_t max) {strncat(s, tail, max - strlen(s) - 1);}
data/gaviotatb-0.4/gtb-probe.c:1908:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pl = strlen(path);
data/gaviotatb-0.4/gtb-probe.c:1940:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pl = strlen(path);
ANALYSIS SUMMARY:
Hits = 70
Lines analyzed = 17466 in approximately 0.56 seconds (30940 lines/second)
Physical Source Lines of Code (SLOC) = 12304
Hits@level = [0] 156 [1] 6 [2] 53 [3] 2 [4] 9 [5] 0
Hits@level+ = [0+] 226 [1+] 70 [2+] 64 [3+] 11 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 18.368 [1+] 5.68921 [2+] 5.20156 [3+] 0.894018 [4+] 0.731469 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.