Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ldraw-parts-2002+ds/include/dir.h
Examining data/ldraw-parts-2002+ds/include/conio.h
Examining data/ldraw-parts-2002+ds/include/alloc.h
Examining data/ldraw-parts-2002+ds/mklist.c

FINAL RESULTS:

data/ldraw-parts-2002+ds/include/dir.h:33:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(filename, directory);
data/ldraw-parts-2002+ds/include/dir.h:34:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(filename, SEPSTR);
data/ldraw-parts-2002+ds/include/dir.h:35:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(filename, dir->d_name);
data/ldraw-parts-2002+ds/include/dir.h:59:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(directory,path);
data/ldraw-parts-2002+ds/mklist.c:284:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		 strcpy(Dirname, *++argv);
data/ldraw-parts-2002+ds/mklist.c:294:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		 strcpy(OutFilename, *++argv);
data/ldraw-parts-2002+ds/mklist.c:385:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
   strcpy(Filename, Dirname);
data/ldraw-parts-2002+ds/mklist.c:395:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(Filename + pathlen, ffb.ff_name);
data/ldraw-parts-2002+ds/mklist.c:458:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(shortfilename, ffb.ff_name);
data/ldraw-parts-2002+ds/mklist.c:463:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy(shortfilename, s);    
data/ldraw-parts-2002+ds/mklist.c:485:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
         sprintf(FormattedLine, "%-12s  %-64.64s", shortfilename, Description);
data/ldraw-parts-2002+ds/mklist.c:489:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(FormattedLine, "%s %-64.64s", shortfilename, Description);
data/ldraw-parts-2002+ds/mklist.c:491:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(FormattedLine, "%-14s  %-64.64s", shortfilename, Description);
data/ldraw-parts-2002+ds/mklist.c:496:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(FormattedLine, "%s %s", shortfilename, Description);
data/ldraw-parts-2002+ds/mklist.c:498:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(FormattedLine, "%-12s  %s", shortfilename, Description);
data/ldraw-parts-2002+ds/mklist.c:503:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(FormattedLine, "%s %-64.64s", shortfilename, Description);
data/ldraw-parts-2002+ds/mklist.c:505:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(FormattedLine, "%-12s  %-64.64s", shortfilename, Description);
data/ldraw-parts-2002+ds/mklist.c:508:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
         sprintf(FormattedLine, "%-25s  %s", shortfilename, Description);
data/ldraw-parts-2002+ds/mklist.c:510:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
         sprintf(FormattedLine, "%-25s  %s", shortfilename, Description);
data/ldraw-parts-2002+ds/include/dir.h:23:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char directory[300];
data/ldraw-parts-2002+ds/include/dir.h:28:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	filename[300];
data/ldraw-parts-2002+ds/mklist.c:60:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char    shortfilepath[MAX_PATH];
data/ldraw-parts-2002+ds/mklist.c:61:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char    shortfilename[MAX_PATH];
data/ldraw-parts-2002+ds/mklist.c:126:12:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      l1 = atol(s1);
data/ldraw-parts-2002+ds/mklist.c:127:12:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      l2 = atol(s2);
data/ldraw-parts-2002+ds/mklist.c:222:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char                 Line[200];
data/ldraw-parts-2002+ds/mklist.c:223:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char                 Dirname[MAX_PATH];
data/ldraw-parts-2002+ds/mklist.c:224:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char                 Filename[MAX_PATH];
data/ldraw-parts-2002+ds/mklist.c:225:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char                 OutFilename[MAX_PATH];
data/ldraw-parts-2002+ds/mklist.c:242:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy(Dirname, "PARTS"); /* Default input directory path */
data/ldraw-parts-2002+ds/mklist.c:243:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy(OutFilename, "parts.lst"); /* Default output filename */
data/ldraw-parts-2002+ds/mklist.c:388:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
   strcat(Filename, "*.*");
data/ldraw-parts-2002+ds/mklist.c:396:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fp = fopen(Filename, "rt");
data/ldraw-parts-2002+ds/mklist.c:571:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fp = fopen(OutFilename, "wt");
data/ldraw-parts-2002+ds/include/conio.h:4:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define getch() getc(stdin)
data/ldraw-parts-2002+ds/include/dir.h:49:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for(i=0; i<strlen(path); i++) 
data/ldraw-parts-2002+ds/mklist.c:87:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(shortpath, longpath, psize);
data/ldraw-parts-2002+ds/mklist.c:88:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return(strlen(shortpath));
data/ldraw-parts-2002+ds/mklist.c:386:4:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
   strcat(Filename, "\\");
data/ldraw-parts-2002+ds/mklist.c:387:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   pathlen = strlen(Filename);
data/ldraw-parts-2002+ds/mklist.c:406:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      s = Line + strlen(Line) - 1;
data/ldraw-parts-2002+ds/mklist.c:426:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      Len = strlen(Description);
data/ldraw-parts-2002+ds/mklist.c:475:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      Len = strlen(shortfilename); 

ANALYSIS SUMMARY:

Hits = 43
Lines analyzed = 701 in approximately 19.68 seconds (36 lines/second)
Physical Source Lines of Code (SLOC) = 581
Hits@level = [0]  57 [1]   9 [2]  15 [3]   0 [4]  19 [5]   0
Hits@level+ = [0+] 100 [1+]  43 [2+]  34 [3+]  19 [4+]  19 [5+]   0
Hits/KSLOC@level+ = [0+] 172.117 [1+] 74.0103 [2+] 58.5198 [3+] 32.7022 [4+] 32.7022 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.