Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gnustep-dl2-0.12.0/EOAccess/EOSQLExpressionPriv.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOModel.h Examining data/gnustep-dl2-0.12.0/EOAccess/EODatabase.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOAdaptor.h Examining data/gnustep-dl2-0.12.0/EOAccess/EODatabaseOperationPriv.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOAdaptorContext.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOEntityPriv.h Examining data/gnustep-dl2-0.12.0/EOAccess/EODefines.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOSQLExpression.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOUtilities.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOGenericRecord.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOExpressionArray.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOSchemaSynchronization.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOAccessFault.h Examining data/gnustep-dl2-0.12.0/EOAccess/EODatabaseContext.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOAccessFaultPriv.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOAdaptorPriv.h Examining data/gnustep-dl2-0.12.0/EOAccess/EODeprecated.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOAttributePriv.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOJoin.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOEntity.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOStoredProcedure.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOSQLQualifier.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOAttribute.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOAccess.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOAdaptorChannel.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOPropertyListEncoding.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOModelGroup.h Examining data/gnustep-dl2-0.12.0/EOAccess/EODatabaseOperation.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOPrivate.h Examining data/gnustep-dl2-0.12.0/EOAccess/EOSchemaGeneration.h Examining data/gnustep-dl2-0.12.0/EOAccess/EODatabaseContextPriv.h Examining data/gnustep-dl2-0.12.0/EOAccess/EODatabaseChannel.h Examining data/gnustep-dl2-0.12.0/EOAccess/EODatabaseChannelPriv.h Examining data/gnustep-dl2-0.12.0/EOAccess/EORelationship.h Examining data/gnustep-dl2-0.12.0/EOAccess/EODatabaseDataSource.h Examining data/gnustep-dl2-0.12.0/EOModeler/EOModelerApp.h Examining data/gnustep-dl2-0.12.0/EOModeler/EODefines.h Examining data/gnustep-dl2-0.12.0/EOModeler/EOModelerDocument.h Examining data/gnustep-dl2-0.12.0/EOModeler/EOModelerEditor.h Examining data/gnustep-dl2-0.12.0/EOModeler/EOMInspector.h Examining data/gnustep-dl2-0.12.0/EOModeler/EOModelExtensions.h Examining data/gnustep-dl2-0.12.0/EOModeler/EOMInspectorController.h Examining data/gnustep-dl2-0.12.0/DBModeler/NSView+Additions.h Examining data/gnustep-dl2-0.12.0/DBModeler/ModelerEntityEditor.h Examining data/gnustep-dl2-0.12.0/DBModeler/Inspectors/AdvancedEntityInspector.h Examining data/gnustep-dl2-0.12.0/DBModeler/Inspectors/RelationshipInspector.h Examining data/gnustep-dl2-0.12.0/DBModeler/Inspectors/AttributeInspector.h Examining data/gnustep-dl2-0.12.0/DBModeler/Modeler.h Examining data/gnustep-dl2-0.12.0/DBModeler/DiagramView.h Examining data/gnustep-dl2-0.12.0/DBModeler/ModelerTableEmbedibleEditor.h Examining data/gnustep-dl2-0.12.0/DBModeler/KVDataSource.h Examining data/gnustep-dl2-0.12.0/DBModeler/SQLGenerator.h Examining data/gnustep-dl2-0.12.0/DBModeler/AdaptorsPanel.h Examining data/gnustep-dl2-0.12.0/DBModeler/DefaultColumnProvider.h Examining data/gnustep-dl2-0.12.0/DBModeler/ConsistencyResults.h Examining data/gnustep-dl2-0.12.0/DBModeler/EOAdditions.h Examining data/gnustep-dl2-0.12.0/DBModeler/ConsistencyChecker.h Examining data/gnustep-dl2-0.12.0/DBModeler/Preferences.h Examining data/gnustep-dl2-0.12.0/DBModeler/EntityView.h Examining data/gnustep-dl2-0.12.0/DBModeler/MainModelEditor.h Examining data/gnustep-dl2-0.12.0/DBModeler/AttributeCell.h Examining data/gnustep-dl2-0.12.0/DBModeler/DiagramEditor.h Examining data/gnustep-dl2-0.12.0/DBModeler/ModelerAttributeEditor.h Examining data/gnustep-dl2-0.12.0/EOControl/EOEventCenter.h Examining data/gnustep-dl2-0.12.0/EOControl/EOKeyGlobalID.h Examining data/gnustep-dl2-0.12.0/EOControl/EOEvent.h Examining data/gnustep-dl2-0.12.0/EOControl/EODefines.h Examining data/gnustep-dl2-0.12.0/EOControl/EOControl.h Examining data/gnustep-dl2-0.12.0/EOControl/EOGenericRecord.h Examining data/gnustep-dl2-0.12.0/EOControl/EOObserver.h Examining data/gnustep-dl2-0.12.0/EOControl/EOFetchSpecification.h Examining data/gnustep-dl2-0.12.0/EOControl/EOClassDescription.h Examining data/gnustep-dl2-0.12.0/EOControl/EODeprecated.h Examining data/gnustep-dl2-0.12.0/EOControl/EONull.h Examining data/gnustep-dl2-0.12.0/EOControl/EODataSource.h Examining data/gnustep-dl2-0.12.0/EOControl/EOMultiReaderLock.h Examining data/gnustep-dl2-0.12.0/EOControl/EOArrayDataSource.h Examining data/gnustep-dl2-0.12.0/EOControl/EOAggregateEvent.h Examining data/gnustep-dl2-0.12.0/EOControl/EOFault.h Examining data/gnustep-dl2-0.12.0/EOControl/EOMutableKnownKeyDictionary.h Examining data/gnustep-dl2-0.12.0/EOControl/EODetailDataSource.h Examining data/gnustep-dl2-0.12.0/EOControl/EOPrivate.h Examining data/gnustep-dl2-0.12.0/EOControl/EOObjectStore.h Examining data/gnustep-dl2-0.12.0/EOControl/EOSortOrdering.h Examining data/gnustep-dl2-0.12.0/EOControl/EOEditingContext.h Examining data/gnustep-dl2-0.12.0/EOControl/EOCheapArray.h Examining data/gnustep-dl2-0.12.0/EOControl/EOGlobalID.h Examining data/gnustep-dl2-0.12.0/EOControl/EOObjectStoreCoordinator.h Examining data/gnustep-dl2-0.12.0/EOControl/EOUndoManager.h Examining data/gnustep-dl2-0.12.0/EOControl/EOKeyValueCoding.h Examining data/gnustep-dl2-0.12.0/EOControl/EOKeyValueCodingBase.h Examining data/gnustep-dl2-0.12.0/EOControl/EOSharedEditingContext.h Examining data/gnustep-dl2-0.12.0/EOControl/EOKeyValueArchiver.h Examining data/gnustep-dl2-0.12.0/EOControl/EOQualifier.h Examining data/gnustep-dl2-0.12.0/EOControl/EONSAddOns.h Examining data/gnustep-dl2-0.12.0/EOControl/EODebug.h Examining data/gnustep-dl2-0.12.0/Examples/Trading/Trading.h Examining data/gnustep-dl2-0.12.0/Examples/Trading/TradingData.h Examining data/gnustep-dl2-0.12.0/GDL2Palette/Palette.h Examining data/gnustep-dl2-0.12.0/GDL2Palette/Foundation+Categories.h Examining data/gnustep-dl2-0.12.0/GDL2Palette/ConnectionInspector.h Examining data/gnustep-dl2-0.12.0/GDL2Palette/KeyWrapper.h Examining data/gnustep-dl2-0.12.0/GDL2Palette/ResourceManager.h Examining data/gnustep-dl2-0.12.0/GDL2Palette/DisplayGroupInspector.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/SQLiteAdaptor/SQLite3Context.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/SQLiteAdaptor/LoginPanel/SQLite3LoginPanel.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/SQLiteAdaptor/SQLite3Adaptor.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/SQLiteAdaptor/SQLite3Channel.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/SQLiteAdaptor/SQLite3Expression.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/PostgreSQLAdaptor/PostgreSQLCompatibility.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/PostgreSQLAdaptor/PostgreSQLChannel.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/PostgreSQLAdaptor/PostgreSQLExpression.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/PostgreSQLAdaptor/LoginPanel/PostgreSQLLoginPanel.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/PostgreSQLAdaptor/PostgreSQLAdaptor.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/PostgreSQLAdaptor/PostgreSQLContext.h Examining data/gnustep-dl2-0.12.0/EOAdaptors/PostgreSQLAdaptor/PostgreSQLPrivate.h Examining data/gnustep-dl2-0.12.0/Tools/EOAttribute+GSDoc.h Examining data/gnustep-dl2-0.12.0/Tools/NSDictionary+GSDoc.h Examining data/gnustep-dl2-0.12.0/Tools/EORelationship+GSDoc.h Examining data/gnustep-dl2-0.12.0/Tools/EOModel+GSDoc.h Examining data/gnustep-dl2-0.12.0/Tools/EOJoin+GSDoc.h Examining data/gnustep-dl2-0.12.0/Tools/NSArray+GSDoc.h Examining data/gnustep-dl2-0.12.0/Tools/EOEntity+GSDoc.h Examining data/gnustep-dl2-0.12.0/EOInterface/EORadioMatrixAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOPickTextAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EODetailSelectionAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EODisplayGroup.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOComboBoxAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOAspectConnector.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOMasterDetailAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EORecursiveBrowserAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EODeprecated.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOMatrixAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOActionAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOMasterCopyAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOActionInsertionAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOInterface.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOColumnAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOControlAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOPopUpAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/EOTextAssociation.h Examining data/gnustep-dl2-0.12.0/EOInterface/SubclassFlags.h FINAL RESULTS: data/gnustep-dl2-0.12.0/EOControl/EOGlobalID.h:67:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char _bytes[EOUniqueBinaryKeyLength]; data/gnustep-dl2-0.12.0/Examples/Trading/Trading.h:21:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). - (void) open; data/gnustep-dl2-0.12.0/EOAdaptors/PostgreSQLAdaptor/PostgreSQLCompatibility.h:78:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(strtext); /* will shrink, also we discover if ANALYSIS SUMMARY: Hits = 3 Lines analyzed = 13881 in approximately 0.42 seconds (32986 lines/second) Physical Source Lines of Code (SLOC) = 6904 Hits@level = [0] 1 [1] 1 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 3 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.579374 [1+] 0.434531 [2+] 0.289687 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.