Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnustep-examples-1.4.0/gui/ToolbarExample/Controller.h
Examining data/gnustep-examples-1.4.0/gui/ToolbarExample/DocumentOwner.h
Examining data/gnustep-examples-1.4.0/gui/ToolbarExample/SecondWindowOwner.h
Examining data/gnustep-examples-1.4.0/gui/ToolbarExample/ButtonWithValidation.h
Examining data/gnustep-examples-1.4.0/gui/Classes/NSPanelTest/NSPanelTest.h
Examining data/gnustep-examples-1.4.0/gui/Classes/NSProgressIndicator/Threads/SharedArea.h
Examining data/gnustep-examples-1.4.0/gui/Classes/NSProgressIndicator/Threads/AuxiliaryThread.h
Examining data/gnustep-examples-1.4.0/gui/Classes/NSProgressIndicator/Threads/MainThread.h
Examining data/gnustep-examples-1.4.0/gui/Calculator/CalcFace.h
Examining data/gnustep-examples-1.4.0/gui/Calculator/CalcBrain.h
Examining data/gnustep-examples-1.4.0/gui/Calculator/CalcTypes.h
Examining data/gnustep-examples-1.4.0/gui/HostAddress/AppController.h
Examining data/gnustep-examples-1.4.0/gui/HostAddress/Resolver.h
Examining data/gnustep-examples-1.4.0/gui/Old/GSImageTabViewItem.h
Examining data/gnustep-examples-1.4.0/gui/Old/Edit/ScalingScrollView.h
Examining data/gnustep-examples-1.4.0/gui/Old/Edit/Controller.h
Examining data/gnustep-examples-1.4.0/gui/Old/Edit/Preferences.h
Examining data/gnustep-examples-1.4.0/gui/Old/Edit/MultiplePageView.h
Examining data/gnustep-examples-1.4.0/gui/Old/Edit/TextFinder.h
Examining data/gnustep-examples-1.4.0/gui/Old/Edit/Document.h
Examining data/gnustep-examples-1.4.0/gui/Old/TestView.h
Examining data/gnustep-examples-1.4.0/gui/Old/ColorView.h
Examining data/gnustep-examples-1.4.0/gui/MyTransparentGL/AppController.h
Examining data/gnustep-examples-1.4.0/gui/TestDrawing/Controller.h
Examining data/gnustep-examples-1.4.0/gui/Finger/Finger.h
Examining data/gnustep-examples-1.4.0/gui/Finger/Controller.h
Examining data/gnustep-examples-1.4.0/gui/Finger/TrivialTextView.h
Examining data/gnustep-examples-1.4.0/gui/Finger/PreferencesController.h
Examining data/gnustep-examples-1.4.0/gui/Finger/FingerIncludeAll.h
Examining data/gnustep-examples-1.4.0/gui/Finger/FingerWindow.h
Examining data/gnustep-examples-1.4.0/gui/MyGL/AppController.h
Examining data/gnustep-examples-1.4.0/gui/GFractal/FractalWindow.h
Examining data/gnustep-examples-1.4.0/gui/GFractal/FractalView.h
Examining data/gnustep-examples-1.4.0/gui/GFractal/Controller.h
Examining data/gnustep-examples-1.4.0/gui/ExampleTheme/Rhea/Rhea.h
Examining data/gnustep-examples-1.4.0/gui/ExampleService/wgetopt.h
Examining data/gnustep-examples-1.4.0/gui/CurrencyConverter/CurrencyConverter.h
Examining data/gnustep-examples-1.4.0/gui/Ink/AppDelegate.h
Examining data/gnustep-examples-1.4.0/gui/Ink/Document.h
Examining data/gnustep-examples-1.4.0/gui/GSTest/testList.h
Examining data/gnustep-examples-1.4.0/gui/GSTest/NSAnimation-test/AnimationView.h
Examining data/gnustep-examples-1.4.0/gui/GSTest/GSTestProtocol.h
Examining data/gnustep-examples-1.4.0/gui/GSTest/Controller.h
Examining data/gnustep-examples-1.4.0/gui/GSTest/infoPanel.h
Examining data/gnustep-examples-1.4.0/gui/GSTest/Composite-test/MyView.h
Examining data/gnustep-examples-1.4.0/gui/GSTest/KeyboardInput-test/ConvertKeys.h
FINAL RESULTS:
data/gnustep-examples-1.4.0/gui/ExampleService/wgetopt.h:21:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt(int argc, char **argv, char *options)
data/gnustep-examples-1.4.0/gui/Old/Edit/Controller.h:17:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
- (void)open:(id)sender;
data/gnustep-examples-1.4.0/gui/Old/Edit/Document.h:97:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
+ (void)open:(id)sender;
data/gnustep-examples-1.4.0/gui/Calculator/CalcBrain.h:40:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
-(void) equal: (id)sender;
data/gnustep-examples-1.4.0/gui/ExampleService/wgetopt.h:8:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++)
data/gnustep-examples-1.4.0/gui/ExampleService/wgetopt.h:35:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) == 2)
data/gnustep-examples-1.4.0/gui/ExampleService/wgetopt.h:42:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (index < strlen(options))
ANALYSIS SUMMARY:
Hits = 7
Lines analyzed = 1896 in approximately 0.15 seconds (12315 lines/second)
Physical Source Lines of Code (SLOC) = 841
Hits@level = [0] 0 [1] 4 [2] 2 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 7 [1+] 7 [2+] 3 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.32342 [1+] 8.32342 [2+] 3.56718 [3+] 1.18906 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.