Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/jss-4.8.0/org/mozilla/jss/CryptoManager.c
Examining data/jss-4.8.0/org/mozilla/jss/PK11Finder.c
Examining data/jss-4.8.0/org/mozilla/jss/SecretDecoderRing/KeyManager.c
Examining data/jss-4.8.0/org/mozilla/jss/asn1/ASN1Util.c
Examining data/jss-4.8.0/org/mozilla/jss/crypto/Algorithm.c
Examining data/jss-4.8.0/org/mozilla/jss/crypto/Algorithm.h
Examining data/jss-4.8.0/org/mozilla/jss/crypto/KBKDF.c
Examining data/jss-4.8.0/org/mozilla/jss/crypto/PQGParams.c
Examining data/jss-4.8.0/org/mozilla/jss/crypto/Policy.c
Examining data/jss-4.8.0/org/mozilla/jss/crypto/SecretDecoderRing.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/Buffer.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/BufferProxy.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/BufferProxy.h
Examining data/jss-4.8.0/org/mozilla/jss/nss/PR.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/PRErrors.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/PRFDProxy.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/PRFDProxy.h
Examining data/jss-4.8.0/org/mozilla/jss/nss/SECErrors.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/SSL.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/SSLErrors.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/SSLFDProxy.c
Examining data/jss-4.8.0/org/mozilla/jss/nss/SSLFDProxy.h
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Cert.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Cipher.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyGenerator.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyPairGenerator.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyWrapper.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11MessageDigest.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Module.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11PrivKey.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11PubKey.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11SecureRandom.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Signature.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Store.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11SymKey.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11SymmetricKeyDeriver.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11Token.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/attrs/CKAttribute.c
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/attrs/CKAttribute.h
Examining data/jss-4.8.0/org/mozilla/jss/pkcs11/pk11util.h
Examining data/jss-4.8.0/org/mozilla/jss/provider/java/security/JSSKeyStoreSpi.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/SSLCipher.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/SSLServerSocket.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/SSLVersionRange.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/SSLVersionRange.h
Examining data/jss-4.8.0/org/mozilla/jss/ssl/callbacks.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/common.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/javasock.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/javax/BufferPRFD.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/javax/BufferPRFD.h
Examining data/jss-4.8.0/org/mozilla/jss/ssl/javax/j_buffer.c
Examining data/jss-4.8.0/org/mozilla/jss/ssl/javax/j_buffer.h
Examining data/jss-4.8.0/org/mozilla/jss/ssl/jssl.h
Examining data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFD.c
Examining data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c
Examining data/jss-4.8.0/org/mozilla/jss/tests/buffer_size_1.c
Examining data/jss-4.8.0/org/mozilla/jss/tests/buffer_size_4.c
Examining data/jss-4.8.0/org/mozilla/jss/util/GlobalRefProxy.c
Examining data/jss-4.8.0/org/mozilla/jss/util/GlobalRefProxy.h
Examining data/jss-4.8.0/org/mozilla/jss/util/NSPRerrs.h
Examining data/jss-4.8.0/org/mozilla/jss/util/NativeEnclosure.c
Examining data/jss-4.8.0/org/mozilla/jss/util/NativeEnclosure.h
Examining data/jss-4.8.0/org/mozilla/jss/util/NativeErrcodes.c
Examining data/jss-4.8.0/org/mozilla/jss/util/SECerrs.h
Examining data/jss-4.8.0/org/mozilla/jss/util/SSLerrs.h
Examining data/jss-4.8.0/org/mozilla/jss/util/StaticVoidPointer.c
Examining data/jss-4.8.0/org/mozilla/jss/util/StaticVoidPointer.h
Examining data/jss-4.8.0/org/mozilla/jss/util/errstrings.c
Examining data/jss-4.8.0/org/mozilla/jss/util/java_ids.h
Examining data/jss-4.8.0/org/mozilla/jss/util/jss_bigint.h
Examining data/jss-4.8.0/org/mozilla/jss/util/jss_exceptions.h
Examining data/jss-4.8.0/org/mozilla/jss/util/jssutil.c
Examining data/jss-4.8.0/org/mozilla/jss/util/jssutil.h
Examining data/jss-4.8.0/org/mozilla/jss/util/jssver.c
Examining data/jss-4.8.0/tools/tests/cmac.c

FINAL RESULTS:

data/jss-4.8.0/org/mozilla/jss/PK11Finder.c:1138:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( node->data, buf, len );
data/jss-4.8.0/org/mozilla/jss/PK11Finder.c:1317:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pkcs7Bytes+processed, node->data, node->len);
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:327:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:386:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[200];
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:412:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[200];
data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyGenerator.c:153:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(item->data, bytes, item->len);
data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyGenerator.c:205:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ivData[8];
data/jss-4.8.0/org/mozilla/jss/pkcs11/PK11KeyWrapper.c:452:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char err[256] = {0};
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:48:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:61:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:93:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:106:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:115:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:125:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:149:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:641:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&addr.inet.ip, addrBAelems, 4);
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:653:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&addr.ipv6.ip,addrBAelems, 16);
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:811:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:838:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:859:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/SSLSocket.c:880:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/jss-4.8.0/org/mozilla/jss/ssl/common.c:504:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&addr.inet.ip, addrBAelems, 4);
data/jss-4.8.0/org/mozilla/jss/ssl/common.c:516:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&addr.ipv6.ip,addrBAelems, 16);
data/jss-4.8.0/org/mozilla/jss/ssl/javasock.c:221:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(bytes+outbufLen,iov[iovi].iov_base, iov[iovi].iov_len);
data/jss-4.8.0/org/mozilla/jss/ssl/javasock.c:366:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( (void*) &addr->inet.ip, addrBytes, 4);
data/jss-4.8.0/org/mozilla/jss/ssl/javasock.c:370:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( (void*) &addr->ipv6.ip,addrBytes, 16);
data/jss-4.8.0/org/mozilla/jss/ssl/javasock.c:553:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf, bytes, retval);
data/jss-4.8.0/org/mozilla/jss/ssl/javax/BufferPRFD.c:147:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&addr->ipv6.ip, internal->peer_addr, 16);
data/jss-4.8.0/org/mozilla/jss/ssl/javax/BufferPRFD.c:348:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(fd->secret->peer_addr, peer_info, len);
data/jss-4.8.0/org/mozilla/jss/ssl/javax/j_buffer.c:163:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(write_ptr, input, write_size);
data/jss-4.8.0/org/mozilla/jss/ssl/javax/j_buffer.c:260:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output, read_ptr, read_size);
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:361:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, client_message, strlen(client_message));
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:383:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, server_message, strlen(server_message));
data/jss-4.8.0/org/mozilla/jss/util/jssutil.c:378:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(bytes+1, item->data, size-1);
data/jss-4.8.0/org/mozilla/jss/util/jssutil.c:432:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(item->data, bytes, size);
data/jss-4.8.0/org/mozilla/jss/util/jssutil.c:709:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*data, array_data, array_length);
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:379:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    PR_ASSERT( strlen(manuChars) == 33 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:380:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    PR_ASSERT( strlen(libraryChars) == 33 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:381:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    PR_ASSERT( strlen(tokChars) == 33 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:382:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    PR_ASSERT( strlen(keyTokChars) == 33 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:383:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    PR_ASSERT( strlen(slotChars) == 65 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:384:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    PR_ASSERT( strlen(keySlotChars) == 65 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:385:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    PR_ASSERT( strlen(fipsChars) == 65 );
data/jss-4.8.0/org/mozilla/jss/CryptoManager.c:386:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    PR_ASSERT( strlen(fipsKeyChars) == 65 );
data/jss-4.8.0/org/mozilla/jss/nss/PR.c:365:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    error_size = strlen(error_name);
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:48:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cipher_java = JSS_ToByteArray(env, cipher, strlen(cipher));
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:52:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        issuer_java = JSS_ToByteArray(env, issuer, strlen(issuer));
data/jss-4.8.0/org/mozilla/jss/nss/SSL.c:56:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        subject_java = JSS_ToByteArray(env, subject, strlen(subject));
data/jss-4.8.0/org/mozilla/jss/ssl/common.c:52:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    msgLen = strlen(message) + strlen(errStr) + 40;
data/jss-4.8.0/org/mozilla/jss/ssl/common.c:52:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    msgLen = strlen(message) + strlen(errStr) + 40;
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:361:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(buf, client_message, strlen(client_message));
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:362:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    PRInt32 ret = PR_Write(c_nspr, buf, strlen(buf));
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:383:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(buf, server_message, strlen(server_message));
data/jss-4.8.0/org/mozilla/jss/tests/TestBufferPRFDSSL.c:384:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ret = PR_Write(s_nspr, buf, strlen(buf));
data/jss-4.8.0/org/mozilla/jss/util/jssutil.c:53:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    msgLen = strlen(message) + strlen(errStr) + 40;
data/jss-4.8.0/org/mozilla/jss/util/jssutil.c:53:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    msgLen = strlen(message) + strlen(errStr) + 40;

ANALYSIS SUMMARY:

Hits = 56
Lines analyzed = 34764 in approximately 0.93 seconds (37259 lines/second)
Physical Source Lines of Code (SLOC) = 24062
Hits@level = [0]  67 [1]  20 [2]  36 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+] 123 [1+]  56 [2+]  36 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 5.11179 [1+] 2.32732 [2+] 1.49613 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 4 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.