Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gnustep-examples-1.4.0/gui/ToolbarExample/Controller.h Examining data/gnustep-examples-1.4.0/gui/ToolbarExample/DocumentOwner.h Examining data/gnustep-examples-1.4.0/gui/ToolbarExample/SecondWindowOwner.h Examining data/gnustep-examples-1.4.0/gui/ToolbarExample/ButtonWithValidation.h Examining data/gnustep-examples-1.4.0/gui/Classes/NSPanelTest/NSPanelTest.h Examining data/gnustep-examples-1.4.0/gui/Classes/NSProgressIndicator/Threads/SharedArea.h Examining data/gnustep-examples-1.4.0/gui/Classes/NSProgressIndicator/Threads/AuxiliaryThread.h Examining data/gnustep-examples-1.4.0/gui/Classes/NSProgressIndicator/Threads/MainThread.h Examining data/gnustep-examples-1.4.0/gui/Calculator/CalcFace.h Examining data/gnustep-examples-1.4.0/gui/Calculator/CalcBrain.h Examining data/gnustep-examples-1.4.0/gui/Calculator/CalcTypes.h Examining data/gnustep-examples-1.4.0/gui/HostAddress/AppController.h Examining data/gnustep-examples-1.4.0/gui/HostAddress/Resolver.h Examining data/gnustep-examples-1.4.0/gui/Old/GSImageTabViewItem.h Examining data/gnustep-examples-1.4.0/gui/Old/Edit/ScalingScrollView.h Examining data/gnustep-examples-1.4.0/gui/Old/Edit/Controller.h Examining data/gnustep-examples-1.4.0/gui/Old/Edit/Preferences.h Examining data/gnustep-examples-1.4.0/gui/Old/Edit/MultiplePageView.h Examining data/gnustep-examples-1.4.0/gui/Old/Edit/TextFinder.h Examining data/gnustep-examples-1.4.0/gui/Old/Edit/Document.h Examining data/gnustep-examples-1.4.0/gui/Old/TestView.h Examining data/gnustep-examples-1.4.0/gui/Old/ColorView.h Examining data/gnustep-examples-1.4.0/gui/MyTransparentGL/AppController.h Examining data/gnustep-examples-1.4.0/gui/TestDrawing/Controller.h Examining data/gnustep-examples-1.4.0/gui/Finger/Finger.h Examining data/gnustep-examples-1.4.0/gui/Finger/Controller.h Examining data/gnustep-examples-1.4.0/gui/Finger/TrivialTextView.h Examining data/gnustep-examples-1.4.0/gui/Finger/PreferencesController.h Examining data/gnustep-examples-1.4.0/gui/Finger/FingerIncludeAll.h Examining data/gnustep-examples-1.4.0/gui/Finger/FingerWindow.h Examining data/gnustep-examples-1.4.0/gui/MyGL/AppController.h Examining data/gnustep-examples-1.4.0/gui/GFractal/FractalWindow.h Examining data/gnustep-examples-1.4.0/gui/GFractal/FractalView.h Examining data/gnustep-examples-1.4.0/gui/GFractal/Controller.h Examining data/gnustep-examples-1.4.0/gui/ExampleTheme/Rhea/Rhea.h Examining data/gnustep-examples-1.4.0/gui/ExampleService/wgetopt.h Examining data/gnustep-examples-1.4.0/gui/CurrencyConverter/CurrencyConverter.h Examining data/gnustep-examples-1.4.0/gui/Ink/AppDelegate.h Examining data/gnustep-examples-1.4.0/gui/Ink/Document.h Examining data/gnustep-examples-1.4.0/gui/GSTest/testList.h Examining data/gnustep-examples-1.4.0/gui/GSTest/NSAnimation-test/AnimationView.h Examining data/gnustep-examples-1.4.0/gui/GSTest/GSTestProtocol.h Examining data/gnustep-examples-1.4.0/gui/GSTest/Controller.h Examining data/gnustep-examples-1.4.0/gui/GSTest/infoPanel.h Examining data/gnustep-examples-1.4.0/gui/GSTest/Composite-test/MyView.h Examining data/gnustep-examples-1.4.0/gui/GSTest/KeyboardInput-test/ConvertKeys.h FINAL RESULTS: data/gnustep-examples-1.4.0/gui/ExampleService/wgetopt.h:21:1: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt(int argc, char **argv, char *options) data/gnustep-examples-1.4.0/gui/Old/Edit/Controller.h:17:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). - (void)open:(id)sender; data/gnustep-examples-1.4.0/gui/Old/Edit/Document.h:97:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). + (void)open:(id)sender; data/gnustep-examples-1.4.0/gui/Calculator/CalcBrain.h:40:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. -(void) equal: (id)sender; data/gnustep-examples-1.4.0/gui/ExampleService/wgetopt.h:8:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(string); i++) data/gnustep-examples-1.4.0/gui/ExampleService/wgetopt.h:35:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(arg) == 2) data/gnustep-examples-1.4.0/gui/ExampleService/wgetopt.h:42:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (index < strlen(options)) ANALYSIS SUMMARY: Hits = 7 Lines analyzed = 1896 in approximately 0.15 seconds (12315 lines/second) Physical Source Lines of Code (SLOC) = 841 Hits@level = [0] 0 [1] 4 [2] 2 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 3 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 8.32342 [1+] 8.32342 [2+] 3.56718 [3+] 1.18906 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.