Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kspaceduel-20.04.3/ai.cpp Examining data/kspaceduel-20.04.3/defines.h Examining data/kspaceduel-20.04.3/spritebase.h Examining data/kspaceduel-20.04.3/sprites.cpp Examining data/kspaceduel-20.04.3/mathroutines.h Examining data/kspaceduel-20.04.3/mathroutines.cpp Examining data/kspaceduel-20.04.3/topwidget.cpp Examining data/kspaceduel-20.04.3/mainview.cpp Examining data/kspaceduel-20.04.3/structs.h Examining data/kspaceduel-20.04.3/main.cpp Examining data/kspaceduel-20.04.3/version.h Examining data/kspaceduel-20.04.3/mainview.h Examining data/kspaceduel-20.04.3/playerinfo.h Examining data/kspaceduel-20.04.3/topwidget.h Examining data/kspaceduel-20.04.3/dialogs.cpp Examining data/kspaceduel-20.04.3/spritebase.cpp Examining data/kspaceduel-20.04.3/sprites.h Examining data/kspaceduel-20.04.3/dialogs.h Examining data/kspaceduel-20.04.3/playerinfo.cpp Examining data/kspaceduel-20.04.3/ai.h FINAL RESULTS: data/kspaceduel-20.04.3/ai.cpp:92:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. waitShot=(int) rint( random.getDouble() * data/kspaceduel-20.04.3/ai.cpp:727:34: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. waitShot=(int) rint( random.getDouble() * data/kspaceduel-20.04.3/ai.h:79:20: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. KRandomSequence random; data/kspaceduel-20.04.3/mainview.cpp:66:4: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random.setSeed(0); data/kspaceduel-20.04.3/mainview.cpp:467:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. timeToNextPowerup=random.getDouble() * config.powerupRefreshTime; data/kspaceduel-20.04.3/mainview.cpp:844:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. timeToNextPowerup= random.getDouble() * config.powerupRefreshTime; data/kspaceduel-20.04.3/mainview.cpp:845:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. type= random.getLong(PowerupSprite::PowerupNum); data/kspaceduel-20.04.3/mainview.cpp:851:14: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. x = random.getLong(width()-40)+20; data/kspaceduel-20.04.3/mainview.cpp:852:14: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. y = random.getLong(height()-40)+20; data/kspaceduel-20.04.3/mainview.h:115:20: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. KRandomSequence random; data/kspaceduel-20.04.3/dialogs.h:74:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char LabelName[EditNum][25]; data/kspaceduel-20.04.3/dialogs.h:77:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *TabName[TabNum]; data/kspaceduel-20.04.3/structs.h:62:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char predefinedConfigName[predefinedConfigNum][15]= ANALYSIS SUMMARY: Hits = 13 Lines analyzed = 4058 in approximately 0.92 seconds (4399 lines/second) Physical Source Lines of Code (SLOC) = 3157 Hits@level = [0] 0 [1] 0 [2] 3 [3] 10 [4] 0 [5] 0 Hits@level+ = [0+] 13 [1+] 13 [2+] 13 [3+] 10 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 4.11783 [1+] 4.11783 [2+] 4.11783 [3+] 3.16756 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.