Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/metkit-1.6.0/src/tests/test_param_axis.cc Examining data/metkit-1.6.0/src/tests/test_multihandle.cc Examining data/metkit-1.6.0/src/tests/test_hypercube.cc Examining data/metkit-1.6.0/src/tests/test_time.cc Examining data/metkit-1.6.0/src/tests/test_steprange_axis.cc Examining data/metkit-1.6.0/src/tests/test_expand.cc Examining data/metkit-1.6.0/src/tests/test_typesfactory.cc Examining data/metkit-1.6.0/src/metkit/codes/BUFRDecoder.h Examining data/metkit-1.6.0/src/metkit/codes/BUFRDecoder.cc Examining data/metkit-1.6.0/src/metkit/codes/OdbSplitter.cc Examining data/metkit-1.6.0/src/metkit/codes/UserDataContent.h Examining data/metkit-1.6.0/src/metkit/codes/OdbDecoder.h Examining data/metkit-1.6.0/src/metkit/codes/CodesContent.cc Examining data/metkit-1.6.0/src/metkit/codes/CodesContent.h Examining data/metkit-1.6.0/src/metkit/codes/GRIBDecoder.cc Examining data/metkit-1.6.0/src/metkit/codes/CodesSplitter.cc Examining data/metkit-1.6.0/src/metkit/codes/CodesSplitter.h Examining data/metkit-1.6.0/src/metkit/codes/OdbDecoder.cc Examining data/metkit-1.6.0/src/metkit/codes/OdbContent.h Examining data/metkit-1.6.0/src/metkit/codes/MallocDataContent.h Examining data/metkit-1.6.0/src/metkit/codes/OdbContent.cc Examining data/metkit-1.6.0/src/metkit/codes/DataContent.cc Examining data/metkit-1.6.0/src/metkit/codes/MallocDataContent.cc Examining data/metkit-1.6.0/src/metkit/codes/GRIBDecoder.h Examining data/metkit-1.6.0/src/metkit/codes/LibEccodes.h Examining data/metkit-1.6.0/src/metkit/codes/OdbSplitter.h Examining data/metkit-1.6.0/src/metkit/codes/LibEccodes.cc Examining data/metkit-1.6.0/src/metkit/codes/UserDataContent.cc Examining data/metkit-1.6.0/src/metkit/codes/DataContent.h Examining data/metkit-1.6.0/src/metkit/config/LibMetkit.cc Examining data/metkit-1.6.0/src/metkit/config/LibMetkit.h Examining data/metkit-1.6.0/src/metkit/hypercube/HyperCubePayloaded.h Examining data/metkit-1.6.0/src/metkit/hypercube/HyperCube.h Examining data/metkit-1.6.0/src/metkit/hypercube/HyperCube.cc Examining data/metkit-1.6.0/src/metkit/pointdb/DataSource.cc Examining data/metkit-1.6.0/src/metkit/pointdb/bits.h Examining data/metkit-1.6.0/src/metkit/pointdb/FieldIndexer.cc Examining data/metkit-1.6.0/src/metkit/pointdb/FieldIndexer.h Examining data/metkit-1.6.0/src/metkit/pointdb/DataSource.h Examining data/metkit-1.6.0/src/metkit/pointdb/GribFieldInfo.h Examining data/metkit-1.6.0/src/metkit/pointdb/masks.h Examining data/metkit-1.6.0/src/metkit/pointdb/GribHandleDataSource.h Examining data/metkit-1.6.0/src/metkit/pointdb/PointIndex.cc Examining data/metkit-1.6.0/src/metkit/pointdb/GribHandleDataSource.cc Examining data/metkit-1.6.0/src/metkit/pointdb/GribFieldInfo.cc Examining data/metkit-1.6.0/src/metkit/pointdb/PointIndex.h Examining data/metkit-1.6.0/src/metkit/pointdb/GribDataSource.h Examining data/metkit-1.6.0/src/metkit/pointdb/GribDataSource.cc Examining data/metkit-1.6.0/src/metkit/mars/MarsParser.cc Examining data/metkit-1.6.0/src/metkit/mars/RequestEnvironment.cc Examining data/metkit-1.6.0/src/metkit/mars/MarsParsedRequest.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeAny.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeParam.h Examining data/metkit-1.6.0/src/metkit/mars/MarsRequestHandle.cc Examining data/metkit-1.6.0/src/metkit/mars/BaseProtocol.h Examining data/metkit-1.6.0/src/metkit/mars/ClientTask.h Examining data/metkit-1.6.0/src/metkit/mars/TypeExpver.h Examining data/metkit-1.6.0/src/metkit/mars/TypeRange.cc Examining data/metkit-1.6.0/src/metkit/mars/MarsLocation.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeAny.h Examining data/metkit-1.6.0/src/metkit/mars/ParamID.cc Examining data/metkit-1.6.0/src/metkit/mars/MarsHandle.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeExpver.cc Examining data/metkit-1.6.0/src/metkit/mars/MarsParser.h Examining data/metkit-1.6.0/src/metkit/mars/MarsRequest.h Examining data/metkit-1.6.0/src/metkit/mars/TypeDate.h Examining data/metkit-1.6.0/src/metkit/mars/MarsExpandContext.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeEnum.h Examining data/metkit-1.6.0/src/metkit/mars/TypeTime.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeToByList.h Examining data/metkit-1.6.0/src/metkit/mars/MarsExpension.h Examining data/metkit-1.6.0/src/metkit/mars/TypeMixed.cc Examining data/metkit-1.6.0/src/metkit/mars/StepRange.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeFloat.h Examining data/metkit-1.6.0/src/metkit/mars/Parameter.h Examining data/metkit-1.6.0/src/metkit/mars/Parameter.cc Examining data/metkit-1.6.0/src/metkit/mars/MarsLanguage.h Examining data/metkit-1.6.0/src/metkit/mars/TypeFloat.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeParam.cc Examining data/metkit-1.6.0/src/metkit/mars/MarsLocation.h Examining data/metkit-1.6.0/src/metkit/mars/MarsParserContext.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeTime.h Examining data/metkit-1.6.0/src/metkit/mars/TypeRegex.cc Examining data/metkit-1.6.0/src/metkit/mars/TypesFactory.h Examining data/metkit-1.6.0/src/metkit/mars/ParamID.h Examining data/metkit-1.6.0/src/metkit/mars/MarsExpension.cc Examining data/metkit-1.6.0/src/metkit/mars/DHSProtocol.cc Examining data/metkit-1.6.0/src/metkit/mars/Param.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeInteger.cc Examining data/metkit-1.6.0/src/metkit/mars/Type.cc Examining data/metkit-1.6.0/src/metkit/mars/ClientTask.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeToByList.cc Examining data/metkit-1.6.0/src/metkit/mars/MarsLanguage.cc Examining data/metkit-1.6.0/src/metkit/mars/Type.h Examining data/metkit-1.6.0/src/metkit/mars/MarsParserContext.h Examining data/metkit-1.6.0/src/metkit/mars/TypeDate.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeRegex.h Examining data/metkit-1.6.0/src/metkit/mars/TypeInteger.h Examining data/metkit-1.6.0/src/metkit/mars/TypeEnum.cc Examining data/metkit-1.6.0/src/metkit/mars/TypeMixed.h Examining data/metkit-1.6.0/src/metkit/mars/TypeRange.h Examining data/metkit-1.6.0/src/metkit/mars/BaseProtocol.cc Examining data/metkit-1.6.0/src/metkit/mars/MarsParsedRequest.h Examining data/metkit-1.6.0/src/metkit/mars/DHSProtocol.h Examining data/metkit-1.6.0/src/metkit/mars/MarsRequest.cc Examining data/metkit-1.6.0/src/metkit/mars/MarsHandle.h Examining data/metkit-1.6.0/src/metkit/mars/MarsExpandContext.h Examining data/metkit-1.6.0/src/metkit/mars/MarsRequestHandle.h Examining data/metkit-1.6.0/src/metkit/mars/Param.h Examining data/metkit-1.6.0/src/metkit/mars/StepRange.h Examining data/metkit-1.6.0/src/metkit/mars/TypesFactory.cc Examining data/metkit-1.6.0/src/metkit/mars/RequestEnvironment.h Examining data/metkit-1.6.0/src/metkit/mars/StepRangeNormalise.h Examining data/metkit-1.6.0/src/metkit/odb/OdbToRequest.h Examining data/metkit-1.6.0/src/metkit/odb/OdbToRequest.cc Examining data/metkit-1.6.0/src/metkit/odb/IdMapper.cc Examining data/metkit-1.6.0/src/metkit/odb/IdMapper.h Examining data/metkit-1.6.0/src/metkit/fields/FieldIndexList.cc Examining data/metkit-1.6.0/src/metkit/fields/FieldIndex.h Examining data/metkit-1.6.0/src/metkit/fields/SimpleFieldIndex.cc Examining data/metkit-1.6.0/src/metkit/fields/FieldIndex.cc Examining data/metkit-1.6.0/src/metkit/fields/FieldIndexList.h Examining data/metkit-1.6.0/src/metkit/fields/SimpleFieldIndex.h Examining data/metkit-1.6.0/src/metkit/grib/GribHandle.h Examining data/metkit-1.6.0/src/metkit/grib/GribIterator.cc Examining data/metkit-1.6.0/src/metkit/grib/GribIterator.h Examining data/metkit-1.6.0/src/metkit/grib/GribAccessor.cc Examining data/metkit-1.6.0/src/metkit/grib/GribHandle.cc Examining data/metkit-1.6.0/src/metkit/grib/GribAccessor.h Examining data/metkit-1.6.0/src/metkit/tool/MetkitTool.cc Examining data/metkit-1.6.0/src/metkit/tool/MetkitTool.h Examining data/metkit-1.6.0/src/experimental/netcdf4-example.cc Examining data/metkit-1.6.0/src/tools/ncmerge.cc Examining data/metkit-1.6.0/src/tools/odb-to-request.cc Examining data/metkit-1.6.0/src/tools/message-to-mars.cc Examining data/metkit-1.6.0/src/tools/grib-blob.cc Examining data/metkit-1.6.0/src/tools/parse-mars-request.cc FINAL RESULTS: data/metkit-1.6.0/src/metkit/codes/LibEccodes.h:23:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. class LibEccodes : public eckit::system::Library { data/metkit-1.6.0/src/metkit/config/LibMetkit.h:25:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. class LibMetkit : public eckit::system::Library { data/metkit-1.6.0/src/metkit/mars/MarsHandle.cc:225:27: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE *p = popen("mail mab mar","w"); data/metkit-1.6.0/src/metkit/tool/MetkitTool.cc:52:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. using eckit::system::Library; data/metkit-1.6.0/src/metkit/codes/CodesContent.cc:80:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char values[10240]; data/metkit-1.6.0/src/metkit/codes/GRIBDecoder.cc:78:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[1024]; data/metkit-1.6.0/src/metkit/codes/GRIBDecoder.cc:103:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[1024]; data/metkit-1.6.0/src/metkit/codes/GRIBDecoder.cc:116:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[size]; data/metkit-1.6.0/src/metkit/grib/GribAccessor.cc:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/metkit-1.6.0/src/metkit/mars/Param.cc:33:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value_ = atol(result[0].c_str()); data/metkit-1.6.0/src/metkit/mars/Param.cc:38:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value_ = atol(result[0].c_str()); data/metkit-1.6.0/src/metkit/mars/Param.cc:39:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). table_ = atol(result[1].c_str()); data/metkit-1.6.0/src/metkit/mars/ParamID.cc:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/metkit-1.6.0/src/metkit/pointdb/GribFieldInfo.cc:112:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/metkit-1.6.0/src/metkit/pointdb/GribHandleDataSource.cc:63:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void GribHandleDataSource::open() const { data/metkit-1.6.0/src/metkit/pointdb/GribHandleDataSource.cc:71:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/metkit-1.6.0/src/metkit/pointdb/GribHandleDataSource.cc:77:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/metkit-1.6.0/src/metkit/pointdb/GribHandleDataSource.cc:95:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/metkit-1.6.0/src/metkit/pointdb/GribHandleDataSource.h:52:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open() const; data/metkit-1.6.0/src/experimental/netcdf4-example.cc:83:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((retval = nc_put_att_text(ncid, lat_varid, "standard_name", strlen(LAT_NAME), LAT_NAME))) data/metkit-1.6.0/src/experimental/netcdf4-example.cc:85:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((retval = nc_put_att_text(ncid, lat_varid, UNITS, strlen(DEGREES_NORTH), DEGREES_NORTH))) data/metkit-1.6.0/src/experimental/netcdf4-example.cc:91:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((retval = nc_put_att_text(ncid, lon_varid, "standard_name", strlen(LON_NAME), LON_NAME))) data/metkit-1.6.0/src/experimental/netcdf4-example.cc:93:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((retval = nc_put_att_text(ncid, lon_varid, UNITS, strlen(DEGREES_EAST), DEGREES_EAST))) data/metkit-1.6.0/src/experimental/netcdf4-example.cc:108:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((retval = nc_put_att_text(ncid, pres_varid, "standard_name", strlen(PRES_NAME), PRES_NAME))) data/metkit-1.6.0/src/experimental/netcdf4-example.cc:110:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((retval = nc_put_att_text(ncid, pres_varid, UNITS, strlen(pres_units), pres_units))) data/metkit-1.6.0/src/experimental/netcdf4-example.cc:116:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((retval = nc_put_att_text(ncid, temp_varid, "standard_name", strlen(TEMP_NAME), TEMP_NAME))) data/metkit-1.6.0/src/experimental/netcdf4-example.cc:118:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((retval = nc_put_att_text(ncid, temp_varid, UNITS, strlen(temp_units), temp_units))) data/metkit-1.6.0/src/metkit/codes/OdbContent.cc:26:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ASSERT(handle.read(frame_, frame_.size()) == frame_.size()); data/metkit-1.6.0/src/metkit/mars/BaseProtocol.h:40:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual long read(void* buffer, long len) = 0; data/metkit-1.6.0/src/metkit/mars/DHSProtocol.cc:182:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long DHSProtocol::read(void* buffer, long len) data/metkit-1.6.0/src/metkit/mars/DHSProtocol.cc:184:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return socket_.read(buffer, len); data/metkit-1.6.0/src/metkit/mars/DHSProtocol.h:71:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual long read(void* buffer, long len); data/metkit-1.6.0/src/metkit/mars/MarsHandle.cc:141:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long MarsHandle::read(void *buffer,long length) data/metkit-1.6.0/src/metkit/mars/MarsHandle.cc:143:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(streamMode_) return TCPHandle::read(buffer,length); data/metkit-1.6.0/src/metkit/mars/MarsHandle.cc:152:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long len = TCPHandle::read(buffer,length); data/metkit-1.6.0/src/metkit/mars/MarsHandle.h:42:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual long read(void*,long); data/metkit-1.6.0/src/metkit/mars/MarsRequestHandle.cc:40:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return std::equal(prefix.begin(), prefix.end(), s.begin()); data/metkit-1.6.0/src/metkit/mars/MarsRequestHandle.cc:104:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long MarsRequestHandle::read(void* buffer, long len) { data/metkit-1.6.0/src/metkit/mars/MarsRequestHandle.cc:107:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return protocol_->read(buffer, len); data/metkit-1.6.0/src/metkit/mars/MarsRequestHandle.h:71:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long read(void*, long ); data/metkit-1.6.0/src/metkit/pointdb/GribDataSource.h:38:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual long read(void*, long) const = 0; data/metkit-1.6.0/src/metkit/pointdb/GribFieldInfo.cc:138:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ASSERT(f.read(&n, sizeof(n)) == sizeof(n)); data/metkit-1.6.0/src/metkit/pointdb/GribFieldInfo.cc:146:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ASSERT(f.read(&n, sizeof(n)) == sizeof(n)); data/metkit-1.6.0/src/metkit/pointdb/GribFieldInfo.cc:182:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ASSERT(f.read(buf, len) == len); data/metkit-1.6.0/src/metkit/pointdb/GribHandleDataSource.cc:76:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long GribHandleDataSource::read(void* buffer, long len) const { data/metkit-1.6.0/src/metkit/pointdb/GribHandleDataSource.cc:78:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return handle_->read(buffer, len); data/metkit-1.6.0/src/metkit/pointdb/GribHandleDataSource.h:45:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual long read(void*, long) const; ANALYSIS SUMMARY: Hits = 47 Lines analyzed = 16208 in approximately 0.77 seconds (21032 lines/second) Physical Source Lines of Code (SLOC) = 10310 Hits@level = [0] 3 [1] 28 [2] 15 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 50 [1+] 47 [2+] 19 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 4.84966 [1+] 4.55868 [2+] 1.84287 [3+] 0.387973 [4+] 0.387973 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.