Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-aliases.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-aliases.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-apps.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-apps.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-assertions.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-assertions.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-buy-ready.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-buy-ready.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-change.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-change.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-changes.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-changes.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-connections.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-connections.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-find.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-find.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-icon.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-icon.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-interfaces-legacy.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-interfaces-legacy.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-interfaces.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-interfaces.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-sections.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-sections.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-snap-conf.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-snap-conf.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-snap.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-snap.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-snaps.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-snaps.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-system-info.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-system-info.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-users.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-get-users.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-json.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-json.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-aliases.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-aliases.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-assertions.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-assertions.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-buy.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-buy.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-change.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-change.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-create-user.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-create-user.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-create-users.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-create-users.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-interfaces.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-interfaces.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-login.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-login.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snap-stream.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snap-stream.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snap-try.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snap-try.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snap.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snap.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snapctl.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snapctl.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snaps.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snaps.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-put-snap-conf.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-put-snap-conf.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-request-async.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-request-async.h Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-request.c Examining data/snapd-glib-1.54/snapd-glib/requests/snapd-request.h Examining data/snapd-glib-1.54/snapd-glib/snapd-alias.c Examining data/snapd-glib-1.54/snapd-glib/snapd-alias.h Examining data/snapd-glib-1.54/snapd-glib/snapd-app.c Examining data/snapd-glib-1.54/snapd-glib/snapd-app.h Examining data/snapd-glib-1.54/snapd-glib/snapd-assertion.c Examining data/snapd-glib-1.54/snapd-glib/snapd-assertion.h Examining data/snapd-glib-1.54/snapd-glib/snapd-auth-data.c Examining data/snapd-glib-1.54/snapd-glib/snapd-auth-data.h Examining data/snapd-glib-1.54/snapd-glib/snapd-change.c Examining data/snapd-glib-1.54/snapd-glib/snapd-change.h Examining data/snapd-glib-1.54/snapd-glib/snapd-channel.c Examining data/snapd-glib-1.54/snapd-glib/snapd-channel.h Examining data/snapd-glib-1.54/snapd-glib/snapd-client-sync.c Examining data/snapd-glib-1.54/snapd-glib/snapd-client.c Examining data/snapd-glib-1.54/snapd-glib/snapd-client.h Examining data/snapd-glib-1.54/snapd-glib/snapd-connection.c Examining data/snapd-glib-1.54/snapd-glib/snapd-connection.h Examining data/snapd-glib-1.54/snapd-glib/snapd-error.c Examining data/snapd-glib-1.54/snapd-glib/snapd-error.h Examining data/snapd-glib-1.54/snapd-glib/snapd-glib.h Examining data/snapd-glib-1.54/snapd-glib/snapd-icon.c Examining data/snapd-glib-1.54/snapd-glib/snapd-icon.h Examining data/snapd-glib-1.54/snapd-glib/snapd-interface.c Examining data/snapd-glib-1.54/snapd-glib/snapd-interface.h Examining data/snapd-glib-1.54/snapd-glib/snapd-login.c Examining data/snapd-glib-1.54/snapd-glib/snapd-login.h Examining data/snapd-glib-1.54/snapd-glib/snapd-maintenance.c Examining data/snapd-glib-1.54/snapd-glib/snapd-maintenance.h Examining data/snapd-glib-1.54/snapd-glib/snapd-markdown-node.c Examining data/snapd-glib-1.54/snapd-glib/snapd-markdown-node.h Examining data/snapd-glib-1.54/snapd-glib/snapd-markdown-parser.c Examining data/snapd-glib-1.54/snapd-glib/snapd-markdown-parser.h Examining data/snapd-glib-1.54/snapd-glib/snapd-media.c Examining data/snapd-glib-1.54/snapd-glib/snapd-media.h Examining data/snapd-glib-1.54/snapd-glib/snapd-plug-ref.c Examining data/snapd-glib-1.54/snapd-glib/snapd-plug-ref.h Examining data/snapd-glib-1.54/snapd-glib/snapd-plug.c Examining data/snapd-glib-1.54/snapd-glib/snapd-plug.h Examining data/snapd-glib-1.54/snapd-glib/snapd-price.c Examining data/snapd-glib-1.54/snapd-glib/snapd-price.h Examining data/snapd-glib-1.54/snapd-glib/snapd-screenshot.c Examining data/snapd-glib-1.54/snapd-glib/snapd-screenshot.h Examining data/snapd-glib-1.54/snapd-glib/snapd-slot-ref.c Examining data/snapd-glib-1.54/snapd-glib/snapd-slot-ref.h Examining data/snapd-glib-1.54/snapd-glib/snapd-slot.c Examining data/snapd-glib-1.54/snapd-glib/snapd-slot.h Examining data/snapd-glib-1.54/snapd-glib/snapd-snap.c Examining data/snapd-glib-1.54/snapd-glib/snapd-snap.h Examining data/snapd-glib-1.54/snapd-glib/snapd-system-information.c Examining data/snapd-glib-1.54/snapd-glib/snapd-system-information.h Examining data/snapd-glib-1.54/snapd-glib/snapd-task.c Examining data/snapd-glib-1.54/snapd-glib/snapd-task.h Examining data/snapd-glib-1.54/snapd-glib/snapd-user-information.c Examining data/snapd-glib-1.54/snapd-glib/snapd-user-information.h Examining data/snapd-glib-1.54/snapd-glib/snapd-version.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/alias.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/app.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/assertion.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/auth-data.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/change.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/channel.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/client.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/connection.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/enums.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/icon.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/interface.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/maintenance.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/markdown-node.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/markdown-parser.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/media.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/plug-ref.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/plug.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/price.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/request.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/screenshot.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/slot-ref.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/slot.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/snap.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/system-information.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/task.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/user-information.h Examining data/snapd-glib-1.54/snapd-qt/Snapd/wrapped-object.h Examining data/snapd-glib-1.54/snapd-qt/alias.cpp Examining data/snapd-glib-1.54/snapd-qt/app.cpp Examining data/snapd-glib-1.54/snapd-qt/assertion.cpp Examining data/snapd-glib-1.54/snapd-qt/auth-data.cpp Examining data/snapd-glib-1.54/snapd-qt/change.cpp Examining data/snapd-glib-1.54/snapd-qt/channel.cpp Examining data/snapd-glib-1.54/snapd-qt/client-private.h Examining data/snapd-glib-1.54/snapd-qt/client.cpp Examining data/snapd-glib-1.54/snapd-qt/connection.cpp Examining data/snapd-glib-1.54/snapd-qt/icon.cpp Examining data/snapd-glib-1.54/snapd-qt/interface.cpp Examining data/snapd-glib-1.54/snapd-qt/maintenance.cpp Examining data/snapd-glib-1.54/snapd-qt/markdown-node.cpp Examining data/snapd-glib-1.54/snapd-qt/markdown-parser.cpp Examining data/snapd-glib-1.54/snapd-qt/media.cpp Examining data/snapd-glib-1.54/snapd-qt/plug-ref.cpp Examining data/snapd-glib-1.54/snapd-qt/plug.cpp Examining data/snapd-glib-1.54/snapd-qt/price.cpp Examining data/snapd-glib-1.54/snapd-qt/qml-plugin.cpp Examining data/snapd-glib-1.54/snapd-qt/qml-plugin.h Examining data/snapd-glib-1.54/snapd-qt/request.cpp Examining data/snapd-glib-1.54/snapd-qt/screenshot.cpp Examining data/snapd-glib-1.54/snapd-qt/slot-ref.cpp Examining data/snapd-glib-1.54/snapd-qt/slot.cpp Examining data/snapd-glib-1.54/snapd-qt/snap.cpp Examining data/snapd-glib-1.54/snapd-qt/stream-wrapper.cpp Examining data/snapd-glib-1.54/snapd-qt/stream-wrapper.h Examining data/snapd-glib-1.54/snapd-qt/system-information.cpp Examining data/snapd-glib-1.54/snapd-qt/task.cpp Examining data/snapd-glib-1.54/snapd-qt/user-information.cpp Examining data/snapd-glib-1.54/snapd-qt/variant.h Examining data/snapd-glib-1.54/tests/mock-snapd.c Examining data/snapd-glib-1.54/tests/mock-snapd.h Examining data/snapd-glib-1.54/tests/test-glib.c Examining data/snapd-glib-1.54/tests/test-markdown-glib.c Examining data/snapd-glib-1.54/tests/test-markdown-qt.cpp Examining data/snapd-glib-1.54/tests/test-qt.cpp Examining data/snapd-glib-1.54/tests/test-qt.h FINAL RESULTS: data/snapd-glib-1.54/snapd-glib/requests/snapd-json.c:95:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *year = atoi (tokens[0]); data/snapd-glib-1.54/snapd-glib/requests/snapd-json.c:96:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *month = atoi (tokens[1]); data/snapd-glib-1.54/snapd-glib/requests/snapd-json.c:97:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *day = atoi (tokens[2]); data/snapd-glib-1.54/snapd-glib/requests/snapd-json.c:116:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *hour = atoi (tokens[0]); data/snapd-glib-1.54/snapd-glib/requests/snapd-json.c:119:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *minute = atoi (tokens[1]); data/snapd-glib-1.54/snapd-qt/auth-data.cpp:20:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *strv[discharges.size () + 1]; data/snapd-glib-1.54/tests/test-qt.cpp:4799:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open (QBuffer::ReadWrite); data/snapd-glib-1.54/tests/test-qt.cpp:4843:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open (QBuffer::ReadWrite); data/snapd-glib-1.54/tests/test-qt.cpp:4864:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open (QBuffer::ReadWrite); data/snapd-glib-1.54/tests/test-qt.cpp:4890:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open (QBuffer::ReadWrite); data/snapd-glib-1.54/tests/test-qt.cpp:4917:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open (QBuffer::ReadWrite); data/snapd-glib-1.54/tests/test-qt.cpp:4944:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open (QBuffer::ReadWrite); data/snapd-glib-1.54/tests/test-qt.cpp:4971:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open (QBuffer::ReadWrite); data/snapd-glib-1.54/snapd-glib/requests/snapd-json.c:102:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen (date_string) == 8) { data/snapd-glib-1.54/snapd-glib/requests/snapd-post-assertions.c:49:102: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). soup_message_body_append (message->request_body, SOUP_MEMORY_TEMPORARY, self->assertions[i], strlen (self->assertions[i])); data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snap-stream.c:80:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_autoptr(SoupBuffer) buffer = soup_buffer_new_take ((guchar *) g_strdup (value), strlen (value)); data/snapd-glib-1.54/snapd-glib/requests/snapd-post-snap-try.c:48:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_autoptr(SoupBuffer) buffer = soup_buffer_new_take ((guchar *) g_strdup (value), strlen (value)); data/snapd-glib-1.54/snapd-glib/snapd-client.c:275:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_byte_array_append (array, (const guint8 *) value, strlen (value)); data/snapd-glib-1.54/snapd-qt/stream-wrapper.cpp:25:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nRead = wrapper->ioDevice->read ((char *) buffer, count); data/snapd-glib-1.54/tests/mock-snapd.c:3024:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_autofree gchar *name = g_strndup (path, strlen (path) - strlen ("/icon")); data/snapd-glib-1.54/tests/mock-snapd.c:3024:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_autofree gchar *name = g_strndup (path, strlen (path) - strlen ("/icon")); data/snapd-glib-1.54/tests/mock-snapd.c:4476:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_autofree gchar *name = g_strndup (path + strlen ("/v2/snaps/"), strlen (path) - strlen ("/v2/snaps/") - strlen ("/conf")); data/snapd-glib-1.54/tests/mock-snapd.c:4476:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_autofree gchar *name = g_strndup (path + strlen ("/v2/snaps/"), strlen (path) - strlen ("/v2/snaps/") - strlen ("/conf")); data/snapd-glib-1.54/tests/mock-snapd.c:4476:95: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_autofree gchar *name = g_strndup (path + strlen ("/v2/snaps/"), strlen (path) - strlen ("/v2/snaps/") - strlen ("/conf")); data/snapd-glib-1.54/tests/mock-snapd.c:4476:119: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_autofree gchar *name = g_strndup (path + strlen ("/v2/snaps/"), strlen (path) - strlen ("/v2/snaps/") - strlen ("/conf")); data/snapd-glib-1.54/tests/mock-snapd.c:4480:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). handle_snap (self, message, path + strlen ("/v2/snaps/")); data/snapd-glib-1.54/tests/mock-snapd.c:4485:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). handle_icon (self, message, path + strlen ("/v2/icons/")); data/snapd-glib-1.54/tests/mock-snapd.c:4489:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). handle_assertions (self, message, path + strlen ("/v2/assertions/")); data/snapd-glib-1.54/tests/mock-snapd.c:4497:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). handle_change (self, message, path + strlen ("/v2/changes/")); ANALYSIS SUMMARY: Hits = 29 Lines analyzed = 54509 in approximately 1.25 seconds (43481 lines/second) Physical Source Lines of Code (SLOC) = 39335 Hits@level = [0] 0 [1] 16 [2] 13 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 29 [1+] 29 [2+] 13 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.737257 [1+] 0.737257 [2+] 0.330494 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.