Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kgpg-20.08.1/caff.h Examining data/kgpg-20.08.1/detailedconsole.cpp Examining data/kgpg-20.08.1/keytreeview.h Examining data/kgpg-20.08.1/kgpg.cpp Examining data/kgpg-20.08.1/kgpgchangekey.cpp Examining data/kgpg-20.08.1/detailedconsole.h Examining data/kgpg-20.08.1/kgpgtextinterface.h Examining data/kgpg-20.08.1/kgpgkeygenerate.h Examining data/kgpg-20.08.1/keytreeview.cpp Examining data/kgpg-20.08.1/keyexport.h Examining data/kgpg-20.08.1/kgpgoptions.cpp Examining data/kgpg-20.08.1/gpgproc.cpp Examining data/kgpg-20.08.1/klinebufferedprocess.cpp Examining data/kgpg-20.08.1/kgpginterface.cpp Examining data/kgpg-20.08.1/newkey.cpp Examining data/kgpg-20.08.1/keyinfodialog.cpp Examining data/kgpg-20.08.1/klinebufferedprocessprivate.cpp Examining data/kgpg-20.08.1/selectpublickeydialog.h Examining data/kgpg-20.08.1/klinebufferedprocessprivate.h Examining data/kgpg-20.08.1/groupedit.cpp Examining data/kgpg-20.08.1/gpgproc.h Examining data/kgpg-20.08.1/tests/kgpgdelkey.h Examining data/kgpg-20.08.1/tests/kgpgchangetrust.h Examining data/kgpg-20.08.1/tests/common.cpp Examining data/kgpg-20.08.1/tests/kgpgaddphoto.h Examining data/kgpg-20.08.1/tests/kgpginterface.cpp Examining data/kgpg-20.08.1/tests/kgpgverify.cpp Examining data/kgpg-20.08.1/tests/kgpgdecrypt.h Examining data/kgpg-20.08.1/tests/common.h Examining data/kgpg-20.08.1/tests/kgpgadduid.h Examining data/kgpg-20.08.1/tests/kgpgimport.h Examining data/kgpg-20.08.1/tests/kgpgchangetrust.cpp Examining data/kgpg-20.08.1/tests/kgpgimport.cpp Examining data/kgpg-20.08.1/tests/kgpgchangedisable.cpp Examining data/kgpg-20.08.1/tests/kgpginterface.h Examining data/kgpg-20.08.1/tests/kgpgchangedisable.h Examining data/kgpg-20.08.1/tests/kgpgadduid.cpp Examining data/kgpg-20.08.1/tests/kgpgexport.h Examining data/kgpg-20.08.1/tests/kgpgdelkey.cpp Examining data/kgpg-20.08.1/tests/kgpgdecrypt.cpp Examining data/kgpg-20.08.1/tests/kgpgencrypt.cpp Examining data/kgpg-20.08.1/tests/kgpgexport.cpp Examining data/kgpg-20.08.1/tests/kgpgencrypt.h Examining data/kgpg-20.08.1/tests/kgpgaddphoto.cpp Examining data/kgpg-20.08.1/tests/kgpgverify.h Examining data/kgpg-20.08.1/foldercompressjob.h Examining data/kgpg-20.08.1/kgpgfirstassistant.h Examining data/kgpg-20.08.1/keyservers.h Examining data/kgpg-20.08.1/caff.cpp Examining data/kgpg-20.08.1/selectsecretkey.h Examining data/kgpg-20.08.1/keysmanager.h Examining data/kgpg-20.08.1/groupedit.h Examining data/kgpg-20.08.1/kgpgrevokewidget.h Examining data/kgpg-20.08.1/sourceselect.h Examining data/kgpg-20.08.1/keyinfodialog.h Examining data/kgpg-20.08.1/selectsecretkey.cpp Examining data/kgpg-20.08.1/kgpg.h Examining data/kgpg-20.08.1/kgpgtextinterface.cpp Examining data/kgpg-20.08.1/kgpgfirstassistant.cpp Examining data/kgpg-20.08.1/main.cpp Examining data/kgpg-20.08.1/core/KGpgSignNode.cpp Examining data/kgpg-20.08.1/core/KGpgGroupMemberNode.h Examining data/kgpg-20.08.1/core/KGpgExpandableNode.cpp Examining data/kgpg-20.08.1/core/KGpgNode.h Examining data/kgpg-20.08.1/core/KGpgGroupMemberNode.cpp Examining data/kgpg-20.08.1/core/KGpgExpandableNode.h Examining data/kgpg-20.08.1/core/emailvalidator.cpp Examining data/kgpg-20.08.1/core/KGpgRootNode.h Examining data/kgpg-20.08.1/core/KGpgSignableNode.cpp Examining data/kgpg-20.08.1/core/KGpgSignableNode.h Examining data/kgpg-20.08.1/core/KGpgRootNode.cpp Examining data/kgpg-20.08.1/core/KGpgOrphanNode.cpp Examining data/kgpg-20.08.1/core/KGpgUatNode.cpp Examining data/kgpg-20.08.1/core/KGpgSubkeyNode.cpp Examining data/kgpg-20.08.1/core/images.cpp Examining data/kgpg-20.08.1/core/KGpgGroupNode.h Examining data/kgpg-20.08.1/core/kgpgkey.h Examining data/kgpg-20.08.1/core/kgpgkey.cpp Examining data/kgpg-20.08.1/core/KGpgSubkeyNode.h Examining data/kgpg-20.08.1/core/KGpgRefNode.cpp Examining data/kgpg-20.08.1/core/KGpgKeyNode.cpp Examining data/kgpg-20.08.1/core/convert.cpp Examining data/kgpg-20.08.1/core/KGpgUidNode.cpp Examining data/kgpg-20.08.1/core/KGpgSignNode.h Examining data/kgpg-20.08.1/core/KGpgUatNode.h Examining data/kgpg-20.08.1/core/KGpgGroupNode.cpp Examining data/kgpg-20.08.1/core/convert.h Examining data/kgpg-20.08.1/core/KGpgOrphanNode.h Examining data/kgpg-20.08.1/core/KGpgKeyNode.h Examining data/kgpg-20.08.1/core/KGpgUidNode.h Examining data/kgpg-20.08.1/core/emailvalidator.h Examining data/kgpg-20.08.1/core/KGpgNode.cpp Examining data/kgpg-20.08.1/core/images.h Examining data/kgpg-20.08.1/core/KGpgRefNode.h Examining data/kgpg-20.08.1/model/kgpgitemmodel.h Examining data/kgpg-20.08.1/model/keylistproxymodel.h Examining data/kgpg-20.08.1/model/kgpgitemmodel.cpp Examining data/kgpg-20.08.1/model/selectkeyproxymodel.h Examining data/kgpg-20.08.1/model/keylistproxymodel.cpp Examining data/kgpg-20.08.1/model/kgpgsearchresultmodel.cpp Examining data/kgpg-20.08.1/model/groupeditproxymodel.h Examining data/kgpg-20.08.1/model/gpgservermodel.cpp Examining data/kgpg-20.08.1/model/selectkeyproxymodel.cpp Examining data/kgpg-20.08.1/model/groupeditproxymodel.cpp Examining data/kgpg-20.08.1/model/kgpgitemnode.h Examining data/kgpg-20.08.1/model/kgpgsearchresultmodel.h Examining data/kgpg-20.08.1/model/gpgservermodel.h Examining data/kgpg-20.08.1/kgpginterface.h Examining data/kgpg-20.08.1/kgpgsettings_addons.h Examining data/kgpg-20.08.1/transactions/kgpgdelkey.h Examining data/kgpg-20.08.1/transactions/kgpgkeyservergettransaction.cpp Examining data/kgpg-20.08.1/transactions/kgpgchangetrust.h Examining data/kgpg-20.08.1/transactions/kgpgeditkeytransaction.h Examining data/kgpg-20.08.1/transactions/kgpgdeluid.cpp Examining data/kgpg-20.08.1/transactions/kgpgtransaction.h Examining data/kgpg-20.08.1/transactions/kgpgkeyserversearchtransaction.h Examining data/kgpg-20.08.1/transactions/kgpgeditkeytransaction.cpp Examining data/kgpg-20.08.1/transactions/kgpgtransaction.cpp Examining data/kgpg-20.08.1/transactions/kgpgkeyservertransaction.h Examining data/kgpg-20.08.1/transactions/kgpgdeluid.h Examining data/kgpg-20.08.1/transactions/kgpgsignuid.h Examining data/kgpg-20.08.1/transactions/kgpggeneratekey.cpp Examining data/kgpg-20.08.1/transactions/kgpgaddphoto.h Examining data/kgpg-20.08.1/transactions/kgpgverify.cpp Examining data/kgpg-20.08.1/transactions/kgpgdecrypt.h Examining data/kgpg-20.08.1/transactions/kgpgsignkey.h Examining data/kgpg-20.08.1/transactions/kgpgtransactionprivate.h Examining data/kgpg-20.08.1/transactions/kgpgsignuid.cpp Examining data/kgpg-20.08.1/transactions/kgpgchangepass.h Examining data/kgpg-20.08.1/transactions/kgpgadduid.h Examining data/kgpg-20.08.1/transactions/kgpgtextorfiletransaction.h Examining data/kgpg-20.08.1/transactions/kgpgsigntext.h Examining data/kgpg-20.08.1/transactions/kgpgimport.h Examining data/kgpg-20.08.1/transactions/kgpgchangepass.cpp Examining data/kgpg-20.08.1/transactions/kgpgsignkey.cpp Examining data/kgpg-20.08.1/transactions/kgpgsigntransactionhelper.cpp Examining data/kgpg-20.08.1/transactions/kgpggeneraterevoke.cpp Examining data/kgpg-20.08.1/transactions/kgpgchangetrust.cpp Examining data/kgpg-20.08.1/transactions/kgpgtransactionjob.h Examining data/kgpg-20.08.1/transactions/kgpgtextorfiletransaction.cpp Examining data/kgpg-20.08.1/transactions/kgpgimport.cpp Examining data/kgpg-20.08.1/transactions/kgpgchangedisable.cpp Examining data/kgpg-20.08.1/transactions/kgpgdelsign.h Examining data/kgpg-20.08.1/transactions/kgpgtransactionjob.cpp Examining data/kgpg-20.08.1/transactions/kgpgkeyservertransaction.cpp Examining data/kgpg-20.08.1/transactions/kgpggeneratekey.h Examining data/kgpg-20.08.1/transactions/kgpgchangedisable.h Examining data/kgpg-20.08.1/transactions/kgpgdelsign.cpp Examining data/kgpg-20.08.1/transactions/kgpgadduid.cpp Examining data/kgpg-20.08.1/transactions/kgpgprimaryuid.h Examining data/kgpg-20.08.1/transactions/kgpgexport.h Examining data/kgpg-20.08.1/transactions/kgpgdelkey.cpp Examining data/kgpg-20.08.1/transactions/kgpgkeyserversearchtransaction.cpp Examining data/kgpg-20.08.1/transactions/kgpgdecrypt.cpp Examining data/kgpg-20.08.1/transactions/kgpgsigntransactionhelper.h Examining data/kgpg-20.08.1/transactions/kgpgencrypt.cpp Examining data/kgpg-20.08.1/transactions/kgpgsigntext.cpp Examining data/kgpg-20.08.1/transactions/kgpgexport.cpp Examining data/kgpg-20.08.1/transactions/kgpgtransactionprivate.cpp Examining data/kgpg-20.08.1/transactions/kgpgsendkeys.h Examining data/kgpg-20.08.1/transactions/kgpgchangeexpire.cpp Examining data/kgpg-20.08.1/transactions/kgpgencrypt.h Examining data/kgpg-20.08.1/transactions/kgpguidtransaction.h Examining data/kgpg-20.08.1/transactions/kgpgaddphoto.cpp Examining data/kgpg-20.08.1/transactions/kgpgchangeexpire.h Examining data/kgpg-20.08.1/transactions/kgpguidtransaction.cpp Examining data/kgpg-20.08.1/transactions/kgpggeneraterevoke.h Examining data/kgpg-20.08.1/transactions/kgpgverify.h Examining data/kgpg-20.08.1/transactions/kgpgprimaryuid.cpp Examining data/kgpg-20.08.1/transactions/kgpgsendkeys.cpp Examining data/kgpg-20.08.1/transactions/kgpgkeyservergettransaction.h Examining data/kgpg-20.08.1/sourceselect.cpp Examining data/kgpg-20.08.1/kgpgchangekey.h Examining data/kgpg-20.08.1/conf_encryption.cpp Examining data/kgpg-20.08.1/kgpgkeygenerate.cpp Examining data/kgpg-20.08.1/selectpublickeydialog.cpp Examining data/kgpg-20.08.1/keyexport.cpp Examining data/kgpg-20.08.1/kgpgexternalactions.h Examining data/kgpg-20.08.1/klinebufferedprocess.h Examining data/kgpg-20.08.1/foldercompressjob.cpp Examining data/kgpg-20.08.1/keyservers.cpp Examining data/kgpg-20.08.1/kgpgexternalactions.cpp Examining data/kgpg-20.08.1/conf_encryption.h Examining data/kgpg-20.08.1/caff_p.h Examining data/kgpg-20.08.1/editor/kgpgtextedit.cpp Examining data/kgpg-20.08.1/editor/kgpgeditor.cpp Examining data/kgpg-20.08.1/editor/kgpgeditor.h Examining data/kgpg-20.08.1/editor/kgpgmd5widget.h Examining data/kgpg-20.08.1/editor/kgpgtextedit.h Examining data/kgpg-20.08.1/editor/kgpgmd5widget.cpp Examining data/kgpg-20.08.1/selectexpirydate.h Examining data/kgpg-20.08.1/newkey.h Examining data/kgpg-20.08.1/selectexpirydate.cpp Examining data/kgpg-20.08.1/kgpgrevokewidget.cpp Examining data/kgpg-20.08.1/keysmanager.cpp Examining data/kgpg-20.08.1/kgpgoptions.h FINAL RESULTS: data/kgpg-20.08.1/core/KGpgGroupNode.cpp:71:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!conffile.open(QIODevice::ReadWrite)) data/kgpg-20.08.1/core/KGpgUatNode.cpp:78:10: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QString tmpfile; data/kgpg-20.08.1/core/KGpgUatNode.cpp:79:25: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (workProcess.readln(tmpfile) < 0) data/kgpg-20.08.1/core/KGpgUatNode.cpp:82:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QFile fname(tmpfile); data/kgpg-20.08.1/editor/kgpgeditor.cpp:160:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). KStandardAction::open(this, &KgpgEditor::slotFileOpen, actionCollection()); data/kgpg-20.08.1/editor/kgpgeditor.cpp:304:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QIODevice::WriteOnly)) data/kgpg-20.08.1/editor/kgpgmd5widget.cpp:46:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) { data/kgpg-20.08.1/editor/kgpgtextedit.cpp:101:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpFile.open(); data/kgpg-20.08.1/editor/kgpgtextedit.cpp:117:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (qfile.open(QIODevice::ReadOnly)) { data/kgpg-20.08.1/foldercompressjob.cpp:103:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!arch->open(QIODevice::WriteOnly)) { data/kgpg-20.08.1/gpgproc.cpp:257:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[2]; data/kgpg-20.08.1/keysmanager.cpp:1326:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). keyRevokeDialog->open(); data/kgpg-20.08.1/kgpg.cpp:173:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (qfile.open(QIODevice::ReadOnly)) { data/kgpg-20.08.1/kgpgexternalactions.cpp:132:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tmpfolder->open()) { data/kgpg-20.08.1/kgpgfirstassistant.cpp:251:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly)) { data/kgpg-20.08.1/kgpginterface.cpp:41:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (qfile.exists() && qfile.open(QIODevice::ReadOnly)) { data/kgpg-20.08.1/kgpginterface.cpp:60:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (qfile.exists() && qfile.open(QIODevice::ReadOnly)) { data/kgpg-20.08.1/kgpginterface.cpp:83:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (qfile.open(QIODevice::WriteOnly)) { data/kgpg-20.08.1/kgpginterface.cpp:94:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (qfile.exists() && qfile.open(QIODevice::ReadOnly)) { data/kgpg-20.08.1/kgpginterface.cpp:109:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (qfile.exists() && qfile.open(QIODevice::ReadOnly)) { data/kgpg-20.08.1/kgpginterface.cpp:133:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (qfile.open(QIODevice::WriteOnly)) { data/kgpg-20.08.1/kgpgoptions.cpp:183:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!confFile.open(QIODevice::WriteOnly)) { data/kgpg-20.08.1/model/kgpgsearchresultmodel.cpp:194:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[2]; data/kgpg-20.08.1/tests/common.cpp:24:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!kgpgconf.open(QIODevice::WriteOnly | QIODevice::Truncate | QIODevice::Text)) data/kgpg-20.08.1/tests/common.cpp:46:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!conf.open(QIODevice::WriteOnly)) data/kgpg-20.08.1/tests/common.cpp:57:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) data/kgpg-20.08.1/tests/kgpgexport.cpp:19:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open()); data/kgpg-20.08.1/tests/kgpgexport.cpp:41:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open()); data/kgpg-20.08.1/transactions/kgpggeneraterevoke.cpp:98:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (of.open(QIODevice::ReadOnly)) { data/kgpg-20.08.1/transactions/kgpgtextorfiletransaction.cpp:97:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpFile.open(); data/kgpg-20.08.1/gpgproc.cpp:404:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). uint mask = umask(077); data/kgpg-20.08.1/gpgproc.cpp:406:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(mask); data/kgpg-20.08.1/kgpg.cpp:176:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QString probetext(t.read(probelen)); data/kgpg-20.08.1/model/selectkeyproxymodel.h:32:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Q_PROPERTY(bool showUntrusted read showUntrusted write setShowUntrusted) ANALYSIS SUMMARY: Hits = 34 Lines analyzed = 28513 in approximately 0.72 seconds (39797 lines/second) Physical Source Lines of Code (SLOC) = 18882 Hits@level = [0] 0 [1] 4 [2] 30 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 34 [1+] 34 [2+] 30 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.80066 [1+] 1.80066 [2+] 1.58881 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.