Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gl2ps-1.4.2+dfsg1/gl2psTest.c
Examining data/gl2ps-1.4.2+dfsg1/gl2psTestSimple.c
Examining data/gl2ps-1.4.2+dfsg1/gl2ps.h
Examining data/gl2ps-1.4.2+dfsg1/gl2ps.c
FINAL RESULTS:
data/gl2ps-1.4.2+dfsg1/gl2ps.c:274:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:424:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
ret = vsprintf(buf, fmt, args);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:426:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(bufptr, bufsize, fmt, args);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:437:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf(bufptr, bufsize, fmt, args);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:450:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ret = vfprintf(gl2ps->stream, fmt, args);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:930:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prim->data.text->str, str);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:932:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prim->data.text->fontname, fontname);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:955:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text->str, t->str);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:957:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text->fontname, t->fontname);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:3349:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(i <= 0) strcpy(name, gl2ps->filename);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5340:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lcap, "%s", "butt");
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5343:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lcap, "%s", "round");
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5346:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (lcap, "%s", "square");
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5351:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ljoin, "%s", "miter");
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5354:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ljoin, "%s", "round");
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5357:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ljoin, "%s", "bevel");
data/gl2ps-1.4.2+dfsg1/gl2ps.c:6129:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gl2ps->title, title);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:6138:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gl2ps->producer, producer);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:6147:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gl2ps->filename, filename);
data/gl2ps-1.4.2+dfsg1/gl2psTest.c:511:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file, filename);
data/gl2ps-1.4.2+dfsg1/gl2psTest.c:513:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file, extension);
data/gl2ps-1.4.2+dfsg1/gl2psTest.c:580:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ext, gl2psGetFileExtension(format));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:412:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/gl2ps-1.4.2+dfsg1/gl2ps.c:443:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gl2ps->compress->start + oldsize, bufptr, ret);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:461:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[10] = {'\x1f', '\x8b', /* magic numbers: 0x1f, 0x8b */
data/gl2ps-1.4.2+dfsg1/gl2ps.c:481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/gl2ps-1.4.2+dfsg1/gl2ps.c:575:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&list->array[(list->n - 1) * list->size], data, list->size);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:639:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &list->array[index * list->size], list->size);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:642:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gl2psEncodeBase64Block(unsigned char in[3], unsigned char out[4], int len)
data/gl2ps-1.4.2+dfsg1/gl2ps.c:642:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gl2psEncodeBase64Block(unsigned char in[3], unsigned char out[4], int len)
data/gl2ps-1.4.2+dfsg1/gl2ps.c:655:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *buffer, in[3], out[4];
data/gl2ps-1.4.2+dfsg1/gl2ps.c:660:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, list->array, n * sizeof(unsigned char));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:786:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image->pixels, im->pixels, size);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:915:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prim->verts[0].rgba, color, 4 * sizeof(float));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:1095:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prim->verts, p->verts, p->numverts * sizeof(GL2PSvertex));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:2249:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prim->verts, verts, numverts * sizeof(GL2PSvertex));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:2494:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(((char*)(node->image->pixels))[i + v]), &(current[2]), sizeoffloat);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:2496:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(((char*)(node->image->pixels))[i + v]), &(current[2]), vtot - i);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:3029:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[16];
data/gl2ps-1.4.2+dfsg1/gl2ps.c:3336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/gl2ps-1.4.2+dfsg1/gl2ps.c:3352:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "untitled");
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5082:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gl2psSVGGetColorString(GL2PSrgba rgba, char str[32])
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5090:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "#%2.2x%2.2x%2.2x", rc, gc, bc);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5096:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[32];
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[32];
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[32];
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lcap[7], ljoin[7];
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5468:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[32];
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5974:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer,
data/gl2ps-1.4.2+dfsg1/gl2ps.c:5974:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer,
data/gl2ps-1.4.2+dfsg1/gl2ps.c:6109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gl2ps->colormap, colormap, gl2ps->colorsize * sizeof(GL2PSrgba));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:6375:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prim->data.image->pixels, pixels, size * sizeof(GLfloat));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:6382:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prim->data.image->pixels, pixels, size * sizeof(GLfloat));
data/gl2ps-1.4.2+dfsg1/gl2ps.h:203:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer,
data/gl2ps-1.4.2+dfsg1/gl2ps.h:203:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GL2PSDLL_API GLint gl2psBeginPage(const char *title, const char *producer,
data/gl2ps-1.4.2+dfsg1/gl2psTest.c:507:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/gl2ps-1.4.2+dfsg1/gl2psTest.c:520:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "wb");
data/gl2ps-1.4.2+dfsg1/gl2psTest.c:548:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[32];
data/gl2ps-1.4.2+dfsg1/gl2psTest.c:604:51: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(format == GL2PS_PS || format == GL2PS_EPS) strcat(ext, ".gz");
data/gl2ps-1.4.2+dfsg1/gl2psTestSimple.c:171:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("out.eps", "wb");
data/gl2ps-1.4.2+dfsg1/gl2ps.c:929:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prim->data.text->str = (char*)gl2psMalloc((strlen(str)+1)*sizeof(char));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:931:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prim->data.text->fontname = (char*)gl2psMalloc((strlen(fontname)+1)*sizeof(char));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:954:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text->str = (char*)gl2psMalloc((strlen(t->str)+1)*sizeof(char));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:956:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text->fontname = (char*)gl2psMalloc((strlen(t->fontname)+1)*sizeof(char));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:3341:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(gl2ps->filename && strlen(gl2ps->filename) < 256){
data/gl2ps-1.4.2+dfsg1/gl2ps.c:3342:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = (int)strlen(gl2ps->filename) - 1; i >= 0; i--){
data/gl2ps-1.4.2+dfsg1/gl2ps.c:3344:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, gl2ps->filename, i);
data/gl2ps-1.4.2+dfsg1/gl2ps.c:4665:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? (int)strlen("/TrSh sh\n") + (int)log10((double)childobj)+1
data/gl2ps-1.4.2+dfsg1/gl2ps.c:4666:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: (int)strlen("/TrSh0 sh\n");
data/gl2ps-1.4.2+dfsg1/gl2ps.c:6128:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gl2ps->title = (char*)gl2psMalloc((strlen(title)+1)*sizeof(char));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:6137:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gl2ps->producer = (char*)gl2psMalloc((strlen(producer)+1)*sizeof(char));
data/gl2ps-1.4.2+dfsg1/gl2ps.c:6146:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gl2ps->filename = (char*)gl2psMalloc((strlen(filename)+1)*sizeof(char));
data/gl2ps-1.4.2+dfsg1/gl2psTest.c:256:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++)
data/gl2ps-1.4.2+dfsg1/gl2psTest.c:512:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(file, ".");
data/gl2ps-1.4.2+dfsg1/gl2psTest.c:605:34: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
else if(format == GL2PS_SVG) strcat(ext, "z");
data/gl2ps-1.4.2+dfsg1/gl2psTestSimple.c:154:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(help); i++)
ANALYSIS SUMMARY:
Hits = 76
Lines analyzed = 7718 in approximately 0.23 seconds (33325 lines/second)
Physical Source Lines of Code (SLOC) = 6269
Hits@level = [0] 120 [1] 16 [2] 38 [3] 0 [4] 22 [5] 0
Hits@level+ = [0+] 196 [1+] 76 [2+] 60 [3+] 22 [4+] 22 [5+] 0
Hits/KSLOC@level+ = [0+] 31.265 [1+] 12.1231 [2+] 9.5709 [3+] 3.50933 [4+] 3.50933 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.