Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ayatana-indicator-sound-0.8.1/include/unity/gmenuharness/MatchResult.h
Examining data/ayatana-indicator-sound-0.8.1/include/unity/gmenuharness/MatchUtils.h
Examining data/ayatana-indicator-sound-0.8.1/include/unity/gmenuharness/MenuItemMatcher.h
Examining data/ayatana-indicator-sound-0.8.1/include/unity/gmenuharness/MenuMatcher.h
Examining data/ayatana-indicator-sound-0.8.1/src/bus-watch-namespace.c
Examining data/ayatana-indicator-sound-0.8.1/src/bus-watch-namespace.h
Examining data/ayatana-indicator-sound-0.8.1/src/gmenuharness/MatchResult.cpp
Examining data/ayatana-indicator-sound-0.8.1/src/gmenuharness/MatchUtils.cpp
Examining data/ayatana-indicator-sound-0.8.1/src/gmenuharness/MenuItemMatcher.cpp
Examining data/ayatana-indicator-sound-0.8.1/src/gmenuharness/MenuMatcher.cpp
Examining data/ayatana-indicator-sound-0.8.1/src/main.c
Examining data/ayatana-indicator-sound-0.8.1/src/voip-input-menu-item.h
Examining data/ayatana-indicator-sound-0.8.1/tests/accounts-service-mock.h
Examining data/ayatana-indicator-sound-0.8.1/tests/accounts-service-user.cc
Examining data/ayatana-indicator-sound-0.8.1/tests/dbus-types/dbus-action-result.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/dbus-types/dbus-action-result.h
Examining data/ayatana-indicator-sound-0.8.1/tests/dbus-types/dbus-types.h
Examining data/ayatana-indicator-sound-0.8.1/tests/dbus-types/pulseaudio-volume.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/dbus-types/pulseaudio-volume.h
Examining data/ayatana-indicator-sound-0.8.1/tests/greeter-list.cc
Examining data/ayatana-indicator-sound-0.8.1/tests/gtest-gvariant.h
Examining data/ayatana-indicator-sound-0.8.1/tests/indicator-fixture.h
Examining data/ayatana-indicator-sound-0.8.1/tests/indicator-test.cc
Examining data/ayatana-indicator-sound-0.8.1/tests/integration/indicator-sound-test-base.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/integration/indicator-sound-test-base.h
Examining data/ayatana-indicator-sound-0.8.1/tests/integration/main.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/integration/test-indicator.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/integration/utils/dbus-pulse-volume.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/integration/utils/dbus-pulse-volume.h
Examining data/ayatana-indicator-sound-0.8.1/tests/integration/utils/get-volume.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/integration/utils/set-volume.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/media-player-user.cc
Examining data/ayatana-indicator-sound-0.8.1/tests/name-watch-test.cc
Examining data/ayatana-indicator-sound-0.8.1/tests/notifications-mock.h
Examining data/ayatana-indicator-sound-0.8.1/tests/notifications-test.cc
Examining data/ayatana-indicator-sound-0.8.1/tests/pa-mock.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/accounts-mock/AccountsDefs.h
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/accounts-mock/AccountsMock.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/accounts-mock/AccountsMock.h
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/accounts-mock/AccountsServiceSoundMock.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/accounts-mock/AccountsServiceSoundMock.h
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/accounts-mock/main.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/DBusPropertiesNotifier.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/DBusPropertiesNotifier.h
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/media-player-mpris-mock/main.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/media-player-mpris-mock/MediaPlayerMprisDefs.h
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/media-player-mpris-mock/MediaPlayerMprisMock.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/media-player-mpris-mock/MediaPlayerMprisMock.h
Examining data/ayatana-indicator-sound-0.8.1/tests/service-mocks/media-player-mpris-mock/player-update.cpp
Examining data/ayatana-indicator-sound-0.8.1/tests/sound-menu.cc
Examining data/ayatana-indicator-sound-0.8.1/tests/volume-control-test.cc
FINAL RESULTS:
data/ayatana-indicator-sound-0.8.1/tests/accounts-service-user.cc:58:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ASSERT_NE(nullptr, system);
data/ayatana-indicator-sound-0.8.1/tests/accounts-service-user.cc:59:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
g_dbus_connection_set_exit_on_close(system, FALSE);
data/ayatana-indicator-sound-0.8.1/tests/accounts-service-user.cc:60:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
g_object_add_weak_pointer(G_OBJECT(system), (gpointer *)&system);
data/ayatana-indicator-sound-0.8.1/tests/accounts-service-user.cc:60:61: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
g_object_add_weak_pointer(G_OBJECT(system), (gpointer *)&system);
data/ayatana-indicator-sound-0.8.1/tests/accounts-service-user.cc:78:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
g_object_unref(system);
data/ayatana-indicator-sound-0.8.1/tests/accounts-service-user.cc:84:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
while ((session != NULL || system != NULL) && cleartry < 100) {
data/ayatana-indicator-sound-0.8.1/tests/accounts-service-user.cc:90:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ASSERT_EQ(nullptr, system);
data/ayatana-indicator-sound-0.8.1/tests/media-player-user.cc:65:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ASSERT_NE(nullptr, system);
data/ayatana-indicator-sound-0.8.1/tests/media-player-user.cc:66:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
g_dbus_connection_set_exit_on_close(system, FALSE);
data/ayatana-indicator-sound-0.8.1/tests/media-player-user.cc:67:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
g_object_add_weak_pointer(G_OBJECT(system), (gpointer *)&system);
data/ayatana-indicator-sound-0.8.1/tests/media-player-user.cc:67:61: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
g_object_add_weak_pointer(G_OBJECT(system), (gpointer *)&system);
data/ayatana-indicator-sound-0.8.1/tests/media-player-user.cc:86:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
proxy = g_dbus_proxy_new_sync(system,
data/ayatana-indicator-sound-0.8.1/tests/media-player-user.cc:104:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
g_object_unref(system);
data/ayatana-indicator-sound-0.8.1/tests/media-player-user.cc:111:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
while ((session != NULL || system != NULL) && cleartry < 100) {
data/ayatana-indicator-sound-0.8.1/tests/media-player-user.cc:117:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ASSERT_EQ(nullptr, system);
data/ayatana-indicator-sound-0.8.1/src/bus-watch-namespace.c:131:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_name = strlen (name);
data/ayatana-indicator-sound-0.8.1/src/bus-watch-namespace.c:132:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_namespace = strlen (name_space);
ANALYSIS SUMMARY:
Hits = 17
Lines analyzed = 10447 in approximately 0.28 seconds (37408 lines/second)
Physical Source Lines of Code (SLOC) = 7572
Hits@level = [0] 0 [1] 2 [2] 0 [3] 0 [4] 15 [5] 0
Hits@level+ = [0+] 17 [1+] 17 [2+] 15 [3+] 15 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 2.24511 [1+] 2.24511 [2+] 1.98098 [3+] 1.98098 [4+] 1.98098 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.