Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/liblightify-0~git20160911/src/context.c
Examining data/liblightify-0~git20160911/src/context.h
Examining data/liblightify-0~git20160911/src/groups.c
Examining data/liblightify-0~git20160911/src/groups.h
Examining data/liblightify-0~git20160911/src/liblightify.c
Examining data/liblightify-0~git20160911/src/liblightify/liblightify.h
Examining data/liblightify-0~git20160911/src/liblightify++/liblightify++.hpp
Examining data/liblightify-0~git20160911/src/liblightify-private.h
Examining data/liblightify-0~git20160911/src/log.c
Examining data/liblightify-0~git20160911/src/log.h
Examining data/liblightify-0~git20160911/src/node.c
Examining data/liblightify-0~git20160911/src/node.h
Examining data/liblightify-0~git20160911/src/socket.c
Examining data/liblightify-0~git20160911/src/socket.h
Examining data/liblightify-0~git20160911/src/tests/test-lightify.c
Examining data/liblightify-0~git20160911/src/tools/lightify-example.cpp
Examining data/liblightify-0~git20160911/src/tools/lightify-util.c

FINAL RESULTS:

data/liblightify-0~git20160911/src/liblightify-private.h:41:57:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static inline void __attribute__((always_inline, format(printf, 2, 3)))
data/liblightify-0~git20160911/src/log.c:59:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(stderr, format, args);
data/liblightify-0~git20160911/src/tools/lightify-util.c:407:7:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
		c = getopt_long(argc, argv, "dc:r:l:n:h:p:01t:w:g:u", long_options,
data/liblightify-0~git20160911/src/context.c:697:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char msg[32];
data/liblightify-0~git20160911/src/context.c:760:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char msg[32];
data/liblightify-0~git20160911/src/context.c:815:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char msg[32];
data/liblightify-0~git20160911/src/context.c:868:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char msg[32];
data/liblightify-0~git20160911/src/context.c:990:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char msg[ANSWER_0x68_SIZE+2];
data/liblightify-0~git20160911/src/liblightify++/liblightify++.hpp:369:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) &serv_addr.sin_addr.s_addr, (char *) server->h_addr,
data/liblightify-0~git20160911/src/socket.c:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[80];
data/liblightify-0~git20160911/src/socket.c:113:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(buf + strlen(buf), " 0x%02x,", msg_[k]);
data/liblightify-0~git20160911/src/socket.c:186:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[80];
data/liblightify-0~git20160911/src/socket.c:195:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(buf + strlen(buf), " 0x%02x,", msg_[k]);
data/liblightify-0~git20160911/src/tests/test-lightify.c:53:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512] ="\nWROTE:\n\n";
data/liblightify-0~git20160911/src/tests/test-lightify.c:61:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf + strlen(buf), " %02x%c=%02x", one,
data/liblightify-0~git20160911/src/tests/test-lightify.c:69:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512] ="\nREAD\n\n";
data/liblightify-0~git20160911/src/tests/test-lightify.c:77:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf + strlen(buf), " %02x%c=%02x", one,
data/liblightify-0~git20160911/src/tests/test-lightify.c:248:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(mfs->buf_read, our_answer, answer_len);
data/liblightify-0~git20160911/src/tests/test-lightify.c:381:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(fs->buf_write + fs->size_write, msg, size);
data/liblightify-0~git20160911/src/tests/test-lightify.c:402:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(msg, fs->buf_read, read_size);
data/liblightify-0~git20160911/src/tests/test-lightify.c:567:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char buf[512];
data/liblightify-0~git20160911/src/tests/test-lightify.c:576:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
					sprintf(buf + strlen(buf), " %02x%c=%02x", one,
data/liblightify-0~git20160911/src/tools/lightify-util.c:267:2:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	bcopy((char *) server->h_addr, (char *)&serv_addr.sin_addr.s_addr, server->h_length);
data/liblightify-0~git20160911/src/socket.c:113:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(buf + strlen(buf), " 0x%02x,", msg_[k]);
data/liblightify-0~git20160911/src/socket.c:135:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		n = read(fd, msg, m);
data/liblightify-0~git20160911/src/socket.c:195:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sprintf(buf + strlen(buf), " 0x%02x,", msg_[k]);
data/liblightify-0~git20160911/src/tests/test-lightify.c:61:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sprintf(buf + strlen(buf), " %02x%c=%02x", one,
data/liblightify-0~git20160911/src/tests/test-lightify.c:77:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sprintf(buf + strlen(buf), " %02x%c=%02x", one,
data/liblightify-0~git20160911/src/tests/test-lightify.c:576:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					sprintf(buf + strlen(buf), " %02x%c=%02x", one,

ANALYSIS SUMMARY:

Hits = 29
Lines analyzed = 5507 in approximately 0.18 seconds (30725 lines/second)
Physical Source Lines of Code (SLOC) = 3096
Hits@level = [0]  68 [1]   6 [2]  20 [3]   1 [4]   2 [5]   0
Hits@level+ = [0+]  97 [1+]  29 [2+]  23 [3+]   3 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 31.3307 [1+] 9.36693 [2+] 7.42894 [3+] 0.968992 [4+] 0.645995 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.