Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/safecopy-1.7/src/voidlist.c
Examining data/safecopy-1.7/src/arglist.c
Examining data/safecopy-1.7/src/textlist.h
Examining data/safecopy-1.7/src/voidlist.h
Examining data/safecopy-1.7/src/lowlevel.h
Examining data/safecopy-1.7/src/lowlevel.c
Examining data/safecopy-1.7/src/textlist.c
Examining data/safecopy-1.7/src/safecopy.c
Examining data/safecopy-1.7/src/arglist.h
Examining data/safecopy-1.7/simulator/src/simulatorlb.c
FINAL RESULTS:
data/safecopy-1.7/simulator/src/simulatorlb.c:260:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(number,"%s",filename);
data/safecopy-1.7/src/safecopy.c:162:9: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ret = vfprintf(stderr, format, ap);
data/safecopy-1.7/src/safecopy.c:466:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(script, script, firstarg, secondarg, thirdarg, NULL);
data/safecopy-1.7/simulator/src/simulatorlb.c:37:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(const char*,int,...);
data/safecopy-1.7/simulator/src/simulatorlb.c:79:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[256]="/dev/urandom";
data/safecopy-1.7/simulator/src/simulatorlb.c:215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/safecopy-1.7/simulator/src/simulatorlb.c:224:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=fopen(CONFIGFILE,"r");
data/safecopy-1.7/simulator/src/simulatorlb.c:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[17];
data/safecopy-1.7/simulator/src/simulatorlb.c:328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[33];
data/safecopy-1.7/simulator/src/simulatorlb.c:355:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(const char *pathname, int flags, ...) {
data/safecopy-1.7/src/lowlevel.c:177:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char blockbuffer[CD_FRAMESIZE_RAWER];
data/safecopy-1.7/src/lowlevel.c:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,(blockbuffer+extra+cdromsectoroffset),xlength);
data/safecopy-1.7/src/lowlevel.c:228:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fd=open(filename,O_RDONLY | O_NONBLOCK | syncmode );
data/safecopy-1.7/src/lowlevel.c:244:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fd=open(filename,O_RDONLY | O_NONBLOCK | syncmode );
data/safecopy-1.7/src/lowlevel.c:256:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fd=open(filename,O_RDONLY | O_NONBLOCK | syncmode );
data/safecopy-1.7/src/lowlevel.c:266:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fd=open(filename,O_RDONLY | O_NONBLOCK | syncmode );
data/safecopy-1.7/src/lowlevel.c:282:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int inf=open(filename, O_RDONLY);
data/safecopy-1.7/src/lowlevel.c:295:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int inf=open(filename, O_RDONLY);
data/safecopy-1.7/src/safecopy.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textbuffer[256];
data/safecopy-1.7/src/safecopy.c:381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char percentage[16]="100%";
data/safecopy-1.7/src/safecopy.c:385:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(percentage, " %i%%", percent );
data/safecopy-1.7/src/safecopy.c:441:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firstarg[128];
data/safecopy-1.7/src/safecopy.c:442:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secondarg[128];
data/safecopy-1.7/src/safecopy.c:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thirdarg[128];
data/safecopy-1.7/src/safecopy.c:461:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(firstarg, "%llu", (long long)(delta/ blocksize ));
data/safecopy-1.7/src/safecopy.c:462:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(secondarg, "%llu", (long long)blocksize );
data/safecopy-1.7/src/safecopy.c:463:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(thirdarg, "%llu", (long long)old);
data/safecopy-1.7/src/safecopy.c:481:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullmarker[8]={0};
data/safecopy-1.7/src/safecopy.c:495:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( databuffer +writeoffset, marker, writeremain );
data/safecopy-1.7/src/safecopy.c:497:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( databuffer +writeoffset, nullmarker, writeremain );
data/safecopy-1.7/src/safecopy.c:501:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( databuffer + writeoffset, marker, blocksize -writeoffset);
data/safecopy-1.7/src/safecopy.c:545:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( textbuffer , "%llu\n", (long long)* lastbadblock );
data/safecopy-1.7/src/safecopy.c:579:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->xblocksin = fopen(configvars->xblocksinfile, "r");
data/safecopy-1.7/src/safecopy.c:903:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->source = open(configvars->sourcefile, O_RDONLY | O_RSYNC);
data/safecopy-1.7/src/safecopy.c:1066:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->source = open(configvars->sourcefile, O_RDONLY | O_NONBLOCK | statusvars->syncmode );
data/safecopy-1.7/src/safecopy.c:1075:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->xblocksin = fopen(configvars->xblocksinfile, "r");
data/safecopy-1.7/src/safecopy.c:1085:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->bblocksin = fopen(configvars->bblocksinfile, "r");
data/safecopy-1.7/src/safecopy.c:1094:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->destination = open(configvars->destfile, O_WRONLY, 0666 );
data/safecopy-1.7/src/safecopy.c:1122:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->destination = open(configvars->destfile, O_WRONLY | O_TRUNC | O_CREAT, 0666 );
data/safecopy-1.7/src/safecopy.c:1136:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->bblocksout = open(configvars->bblocksoutfile, O_WRONLY | O_APPEND | O_CREAT, 0666);
data/safecopy-1.7/src/safecopy.c:1138:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->bblocksout = open(configvars->bblocksoutfile, O_WRONLY | O_TRUNC | O_CREAT, 0666);
data/safecopy-1.7/src/safecopy.c:1154:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->timingfile = fopen(configvars->timingfilestring, "a");
data/safecopy-1.7/src/safecopy.c:1218:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->source = open(configvars->sourcefile, O_RDONLY | O_NONBLOCK | statusvars->syncmode );
data/safecopy-1.7/src/safecopy.c:1306:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->xblocksin = fopen(configvars->xblocksinfile, "r");
data/safecopy-1.7/src/safecopy.c:1422:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->source = open(configvars->sourcefile, O_RDONLY | O_NONBLOCK | statusvars->syncmode );
data/safecopy-1.7/src/safecopy.c:1511:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( statusvars->textbuffer , " [%lli] \n", (long long)tmp_pos);
data/safecopy-1.7/src/safecopy.c:1549:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( statusvars->textbuffer , "}[%llu](+%llu)", (long long)tmp_pos, (long long)tmp_bytes);
data/safecopy-1.7/src/safecopy.c:1651:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( statusvars->textbuffer , "[%llu](+%llu){", (long long)tmp_pos, (long long)tmp_bytes);
data/safecopy-1.7/src/safecopy.c:1694:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->source = open(configvars->sourcefile, O_RDONLY | O_NONBLOCK | O_RSYNC );
data/safecopy-1.7/src/safecopy.c:1702:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->source = open(configvars->sourcefile, O_RDONLY | O_NONBLOCK | O_RSYNC );
data/safecopy-1.7/src/safecopy.c:1712:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->source = open(configvars->sourcefile, O_RDONLY | O_NONBLOCK | statusvars->syncmode );
data/safecopy-1.7/src/safecopy.c:1715:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statusvars->source = open(configvars->sourcefile, O_RDONLY | O_NONBLOCK | statusvars->syncmode );
data/safecopy-1.7/src/safecopy.c:1740:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( statusvars->textbuffer , "}[%llu](+%llu)", (long long)tmp_pos, (long long)tmp_bytes);
data/safecopy-1.7/simulator/src/simulatorlb.c:41:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(int,void*,size_t);
data/safecopy-1.7/simulator/src/simulatorlb.c:443:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(int fd,void *buf,size_t count) {
data/safecopy-1.7/src/arglist.c:200:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(temp);
data/safecopy-1.7/src/arglist.c:210:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(temp);
data/safecopy-1.7/src/arglist.c:408:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(text);
data/safecopy-1.7/src/arglist.c:444:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=strlen(text);
data/safecopy-1.7/src/lowlevel.c:16:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval=read(*fd,buffer,length);
data/safecopy-1.7/src/lowlevel.c:186:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return(read(fd,buffer,length));
data/safecopy-1.7/src/lowlevel.c:232:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval=read(*fd,buffer,length);
data/safecopy-1.7/src/lowlevel.c:260:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval=read(*fd,buffer,length);
data/safecopy-1.7/src/lowlevel.c:271:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval=read(*fd,buffer,length);
data/safecopy-1.7/src/lowlevel.c:276:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
retval=read(*fd,buffer,length);
data/safecopy-1.7/src/safecopy.c:346:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(option);
data/safecopy-1.7/src/safecopy.c:386:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(2, percentage, strlen(percentage));
data/safecopy-1.7/src/safecopy.c:427:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(2, icon, strlen(icon));
data/safecopy-1.7/src/safecopy.c:491:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writeremain = strlen(marker);
data/safecopy-1.7/src/safecopy.c:547:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(bblocksout, textbuffer , strlen( textbuffer ));
data/safecopy-1.7/src/safecopy.c:1465:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
statusvars->block = read(statusvars->source, statusvars->databuffer , statusvars->maxremain );
data/safecopy-1.7/src/safecopy.c:1512:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(2, statusvars->textbuffer , strlen( statusvars->textbuffer ));
data/safecopy-1.7/src/safecopy.c:1550:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, statusvars->textbuffer , strlen( statusvars->textbuffer ));
data/safecopy-1.7/src/safecopy.c:1652:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, statusvars->textbuffer , strlen( statusvars->textbuffer ));
data/safecopy-1.7/src/safecopy.c:1654:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statusvars->linewidth += strlen( statusvars->textbuffer );
data/safecopy-1.7/src/safecopy.c:1699:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(statusvars->source, statusvars->databuffer , statusvars->blocksize );
data/safecopy-1.7/src/safecopy.c:1707:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(statusvars->source, statusvars->databuffer , statusvars->blocksize );
data/safecopy-1.7/src/safecopy.c:1741:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, statusvars->textbuffer , strlen( statusvars->textbuffer ));
ANALYSIS SUMMARY:
Hits = 78
Lines analyzed = 3734 in approximately 0.16 seconds (23020 lines/second)
Physical Source Lines of Code (SLOC) = 2751
Hits@level = [0] 256 [1] 25 [2] 50 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 334 [1+] 78 [2+] 53 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 121.41 [1+] 28.3533 [2+] 19.2657 [3+] 1.09051 [4+] 1.09051 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.