Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gobby-0.6.0~20170204~e5c2d1/code/application.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/application.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/application-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/application-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/auth-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/auth-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/autosave-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/autosave-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/browser-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/browser-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/browser-context-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/browser-context-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/edit-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/edit-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-export-html.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-export-html.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-new.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-new.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-file.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-file.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-location.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-location.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-multiple.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open-multiple.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-open.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-save-all.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-save-all.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-save.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/file-tasks/task-save.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/folder-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/folder-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/help-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/subscription-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/subscription-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/synchronization-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/synchronization-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/user-join-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/user-join-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/view-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/view-commands.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/commands/help-commands.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/applicationactions.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/applicationactions.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/browser.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/browser.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/certificatemanager.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/certificatemanager.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/chatsessionview.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/chatsessionview.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/chattablabel.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/chattablabel.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/closableframe.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/closableframe.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/connectionmanager.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/connectionmanager.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/credentialsgenerator.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/credentialsgenerator.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/documentinfostorage.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/documentinfostorage.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/filechooser.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/filechooser.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/folder.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/foldermanager.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/foldermanager.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/gobject/gobby-undo-manager.c Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/gobject/gobby-undo-manager.h Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/huebutton.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/huebutton.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/knownhoststorage.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/knownhoststorage.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/nodewatch.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/nodewatch.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/noteplugin.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/preferences.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/selfhoster.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/selfhoster.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/server.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/server.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/sessionuserview.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/sessionuserview.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/sessionview.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/sessionview.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/statusbar.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/statusbar.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/tablabel.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/tablabel.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textsessionuserview.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textsessionuserview.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textsessionview.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/texttablabel.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/texttablabel.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textundogrouping.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textundogrouping.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/titlebar.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/titlebar.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/toolbar.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/toolbar.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/userjoin.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/userjoin.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/userlist.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/userlist.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/windowactions.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/windowactions.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/folder.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/menumanager.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/menumanager.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/noteplugin.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/preferences.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/core/textsessionview.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/connection-dialog.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/connection-dialog.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/connection-info-dialog.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/connection-info-dialog.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/document-location-dialog.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/document-location-dialog.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/entry-dialog.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/entry-dialog.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/find-dialog.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/find-dialog.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/goto-dialog.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/goto-dialog.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/initial-dialog.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/initial-dialog.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/open-location-dialog.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/open-location-dialog.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/password-dialog.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/password-dialog.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/preferences-dialog.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/dialogs/preferences-dialog.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/main.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-delete.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-delete.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-export-html.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-new.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-new.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open-multiple.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open-multiple.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-save.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-save.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-subscribe-path.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-subscribe-path.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operations.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operations.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-export-html.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/resources/ui/menu.ui.h Examining data/gobby-0.6.0~20170204~e5c2d1/code/resources/ui/toolbar.ui.h Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/asyncoperation.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/asyncoperation.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/closebutton.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/closebutton.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/config.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/config.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/defaultaccumulator.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/file.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/file.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/historyentry.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/historyentry.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/i18n.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/i18n.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/serialize.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/serialize.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/uri.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/util/uri.hpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/window.cpp Examining data/gobby-0.6.0~20170204~e5c2d1/code/window.hpp FINAL RESULTS: data/gobby-0.6.0~20170204~e5c2d1/code/core/selfhoster.cpp:280:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_server.open(m_preferences.user.port, &keepalive, data/gobby-0.6.0~20170204~e5c2d1/code/core/server.cpp:44:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void Gobby::Server::open(unsigned int port, data/gobby-0.6.0~20170204~e5c2d1/code/core/server.hpp:35:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(unsigned int port, data/gobby-0.6.0~20170204~e5c2d1/code/core/windowactions.cpp:22:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(map.add_action("open")), data/gobby-0.6.0~20170204~e5c2d1/code/core/windowactions.hpp:33:40: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). const Glib::RefPtr<Gio::SimpleAction> open; data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-export-html.cpp:238:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[n]; data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open.cpp:207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outbuffer[CONVERT_BUFFER_SIZE]; data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-open.hpp:86:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SIZE]; data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-save.cpp:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newlinebuf[2] = { '\r', '\n' }; data/gobby-0.6.0~20170204~e5c2d1/code/operations/operation-save.hpp:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_buffer[BUFFER_SIZE]; data/gobby-0.6.0~20170204~e5c2d1/code/util/historyentry.cpp:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_buffer[BUFFER_SIZE]; data/gobby-0.6.0~20170204~e5c2d1/code/util/serialize.hpp:171:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char data_type[N]; data/gobby-0.6.0~20170204~e5c2d1/code/commands/auth-commands.cpp:231:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). password_len = strlen(password); data/gobby-0.6.0~20170204~e5c2d1/code/commands/view-commands.cpp:58:36: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. g_assert(action->get_state_type().equal( data/gobby-0.6.0~20170204~e5c2d1/code/core/preferences.hpp:493:27: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return current_variant.equal(default_variant); ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 27755 in approximately 0.62 seconds (45124 lines/second) Physical Source Lines of Code (SLOC) = 19779 Hits@level = [0] 0 [1] 3 [2] 12 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 15 [1+] 15 [2+] 12 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.75838 [1+] 0.75838 [2+] 0.606704 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.