stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hdate-applet-0.15.11/src/callbacks.c
Examining data/hdate-applet-0.15.11/src/interface.h
Examining data/hdate-applet-0.15.11/src/hdate_applet.h
Examining data/hdate-applet-0.15.11/src/ghcal-callbacks.h
Examining data/hdate-applet-0.15.11/src/ghcal-interface.h
Examining data/hdate-applet-0.15.11/src/ghcal-main.c
Examining data/hdate-applet-0.15.11/src/ecal-client.c
Examining data/hdate-applet-0.15.11/src/ghcal-interface.c
Examining data/hdate-applet-0.15.11/src/ecal-client.h
Examining data/hdate-applet-0.15.11/src/hdate_applet.c
Examining data/hdate-applet-0.15.11/src/callbacks.h
Examining data/hdate-applet-0.15.11/src/interface.c
Examining data/hdate-applet-0.15.11/src/ghcal-callbacks.c

FINAL RESULTS:

data/hdate-applet-0.15.11/src/ecal-client.c:128:27:  [3] (buffer) g_get_home_dir:
  This function is synonymous with 'getenv("HOME")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
  uri = g_build_filename (g_get_home_dir (), ".evolution",
data/hdate-applet-0.15.11/src/ghcal-callbacks.c:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char text_buffer[MAX_STRING_SIZE];
data/hdate-applet-0.15.11/src/ghcal-callbacks.c:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tooltip_buffer[MAX_STRING_SIZE];
data/hdate-applet-0.15.11/src/ghcal-callbacks.c:181:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ecal_events[MAX_STRING_SIZE];
data/hdate-applet-0.15.11/src/ghcal-interface.c:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char text_buffer[50];
data/hdate-applet-0.15.11/src/hdate_applet.h:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char theme[20];
data/hdate-applet-0.15.11/src/hdate_applet.h:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char user_locale[20];
data/hdate-applet-0.15.11/src/hdate_applet.h:75:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char he_locale[20];

ANALYSIS SUMMARY:

Hits = 8
Lines analyzed = 2626 in approximately 0.09 seconds (29551 lines/second)
Physical Source Lines of Code (SLOC) = 1876
Hits@level = [0]   0 [1]   0 [2]   7 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]   8 [1+]   8 [2+]   8 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 4.26439 [1+] 4.26439 [2+] 4.26439 [3+] 0.533049 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.