Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/chibi-scheme-0.9.1/bignum.c
Examining data/chibi-scheme-0.9.1/gc.c
Examining data/chibi-scheme-0.9.1/gc_heap.c
Examining data/chibi-scheme-0.9.1/include/chibi/bignum.h
Examining data/chibi-scheme-0.9.1/include/chibi/eval.h
Examining data/chibi-scheme-0.9.1/include/chibi/features.h
Examining data/chibi-scheme-0.9.1/include/chibi/sexp-huff.h
Examining data/chibi-scheme-0.9.1/include/chibi/sexp-hufftabdefs.h
Examining data/chibi-scheme-0.9.1/include/chibi/sexp-unhuff.h
Examining data/chibi-scheme-0.9.1/include/chibi/sexp-hufftabs.c
Examining data/chibi-scheme-0.9.1/include/chibi/sexp-hufftabs.h
Examining data/chibi-scheme-0.9.1/include/chibi/gc_heap.h
Examining data/chibi-scheme-0.9.1/include/chibi/sexp.h
Examining data/chibi-scheme-0.9.1/lib/chibi/accept.c
Examining data/chibi-scheme-0.9.1/lib/chibi/crypto/sha2.c
Examining data/chibi-scheme-0.9.1/lib/chibi/disasm.c
Examining data/chibi-scheme-0.9.1/lib/chibi/filesystem_win32_shim.c
Examining data/chibi-scheme-0.9.1/lib/chibi/heap-stats.c
Examining data/chibi-scheme-0.9.1/lib/chibi/io/port.c
Examining data/chibi-scheme-0.9.1/lib/chibi/json.c
Examining data/chibi-scheme-0.9.1/lib/chibi/optimize/profile.c
Examining data/chibi-scheme-0.9.1/lib/chibi/optimize/rest.c
Examining data/chibi-scheme-0.9.1/lib/chibi/signal.c
Examining data/chibi-scheme-0.9.1/lib/chibi/weak.c
Examining data/chibi-scheme-0.9.1/lib/chibi/ast.c
Examining data/chibi-scheme-0.9.1/lib/scheme/time.c
Examining data/chibi-scheme-0.9.1/lib/srfi/144/lgamma_r.c
Examining data/chibi-scheme-0.9.1/lib/srfi/151/bit.c
Examining data/chibi-scheme-0.9.1/lib/srfi/18/threads.c
Examining data/chibi-scheme-0.9.1/lib/srfi/27/rand.c
Examining data/chibi-scheme-0.9.1/lib/srfi/39/param.c
Examining data/chibi-scheme-0.9.1/lib/srfi/69/hash.c
Examining data/chibi-scheme-0.9.1/lib/srfi/95/qsort.c
Examining data/chibi-scheme-0.9.1/lib/srfi/98/env.c
Examining data/chibi-scheme-0.9.1/main.c
Examining data/chibi-scheme-0.9.1/opcodes.c
Examining data/chibi-scheme-0.9.1/opt/fcall.c
Examining data/chibi-scheme-0.9.1/opt/opcode_names.h
Examining data/chibi-scheme-0.9.1/opt/plan9-opcodes.c
Examining data/chibi-scheme-0.9.1/plan9.c
Examining data/chibi-scheme-0.9.1/simplify.c
Examining data/chibi-scheme-0.9.1/tests/foreign/apply-loop.c
Examining data/chibi-scheme-0.9.1/tests/foreign/typeid.c
Examining data/chibi-scheme-0.9.1/tests/snow/repo3/pythagoras/hyp.c
Examining data/chibi-scheme-0.9.1/eval.c
Examining data/chibi-scheme-0.9.1/sexp.c
Examining data/chibi-scheme-0.9.1/vm.c
FINAL RESULTS:
data/chibi-scheme-0.9.1/lib/chibi/filesystem_win32_shim.c:53:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(query, path, MAX_PATH);
data/chibi-scheme-0.9.1/lib/chibi/filesystem_win32_shim.c:54:5: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(query, "\\*", MAX_PATH);
data/chibi-scheme-0.9.1/gc.c:30:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define sexp_debug_printf(fmt, ...) fprintf(stderr, SEXP_BANNER(fmt),__VA_ARGS__)
data/chibi-scheme-0.9.1/gc.c:70:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("alloc: mean: %0.3lfμs var: %0.3lfμs (%ld times)"), mean, var, sexp_context_alloc_count(ctx));
data/chibi-scheme-0.9.1/gc.c:140:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("%p zero-size object: %p (type tag: %d)"), ctx, x, sexp_pointer_tag(x));
data/chibi-scheme-0.9.1/gc.c:163:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("bad heap position: %p free: %p-%p : %p-%p"),
data/chibi-scheme-0.9.1/gc.c:169:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("bad heap position: %p heap: %p-%p"), x, h, end);
data/chibi-scheme-0.9.1/gc.c:179:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("invalid heap alignment: %p"), x);
data/chibi-scheme-0.9.1/gc.c:185:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("invalid object outside heap: %p"), x);
data/chibi-scheme-0.9.1/gc.c:193:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("%p mark: bad object at %p: tag: %d"),
data/chibi-scheme-0.9.1/gc.c:208:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("%p mark: bad magic at %p: %x"),
data/chibi-scheme-0.9.1/gc.c:319:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER(" : %s"), debug_text[i]);
data/chibi-scheme-0.9.1/gc.c:348:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("MISS: %p [%d]: %s"), p,
data/chibi-scheme-0.9.1/gc.c:492:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("%p sweep: invalid object at %p"), ctx, p);
data/chibi-scheme-0.9.1/gc.c:494:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("%p sweep: bad size at %p < %p + %lu"),
data/chibi-scheme-0.9.1/gc.c:497:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("%p sweep: bad size at %p + %lu > %p"),
data/chibi-scheme-0.9.1/gc.c:604:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("heap: %p-%p data: %p-%p"),
data/chibi-scheme-0.9.1/gc.c:606:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("first: %p end: %p"),
data/chibi-scheme-0.9.1/gc.c:608:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("free1: %p-%p free2: %p-%p"),
data/chibi-scheme-0.9.1/include/chibi/features.h:907:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf(buf, len, fmt, val) sprintf(buf, fmt, val)
data/chibi-scheme-0.9.1/include/chibi/features.h:907:38: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define snprintf(buf, len, fmt, val) sprintf(buf, fmt, val)
data/chibi-scheme-0.9.1/lib/chibi/disasm.c:31:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, 32, SEXP_PRId, n);
data/chibi-scheme-0.9.1/lib/chibi/heap-stats.c:23:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, SEXP_BANNER("%p zero-size object: %p"), ctx, x);
data/chibi-scheme-0.9.1/main.c:35:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out, "usage: chibi-scheme [<options> ...] [<file> <args> ...]\n"
data/chibi-scheme-0.9.1/sexp.c:2344:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(numbuf, NUMBUF_LEN, "%" SEXP_PRIdFIXNUM, (sexp_sint_t)sexp_unbox_fixnum(obj));
data/chibi-scheme-0.9.1/eval.c:499:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
no_sys_path = getenv(SEXP_NO_SYSTEM_PATH_VAR);
data/chibi-scheme-0.9.1/eval.c:502:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
user_path = getenv(SEXP_MODULE_PATH_VAR);
data/chibi-scheme-0.9.1/gc.c:101:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
max_alloc = getenv("CHIBI_MAX_ALLOC");
data/chibi-scheme-0.9.1/lib/srfi/27/rand.c:52:33: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define sexp_seed_random(n, rs) srand(n)
data/chibi-scheme-0.9.1/lib/srfi/98/env.c:18:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cstr = getenv(sexp_string_data(str));
data/chibi-scheme-0.9.1/plan9.c:12:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(sexp_unbox_fixnum(seed));
data/chibi-scheme-0.9.1/plan9.c:88:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
value = getenv(sexp_string_data(name));
data/chibi-scheme-0.9.1/plan9.c:94:3: [3] (buffer) getwd:
This does not protect against buffer overflows by itself, so use with
caution (CWE-120, CWE-20). Use getcwd instead.
getwd(buf, 512);
data/chibi-scheme-0.9.1/eval.c:306:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sexp_bytecode_data(tmp),
data/chibi-scheme-0.9.1/eval.c:329:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sexp_bytecode_data(tmp),
data/chibi-scheme-0.9.1/eval.c:1245:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(sexp_string_data(path), "r");
data/chibi-scheme-0.9.1/eval.c:1261:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(sexp_string_data(path), "w");
data/chibi-scheme-0.9.1/eval.c:1933:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ch[6];
data/chibi-scheme-0.9.1/eval.c:1960:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, sexp_string_data(str), i);
data/chibi-scheme-0.9.1/eval.c:1961:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q+i+new_len, p+old_len, len-i-new_len+1);
data/chibi-scheme-0.9.1/eval.c:2074:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(res->value), core, sizeof(core[0]));
data/chibi-scheme-0.9.1/eval.c:2080:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(res->value), op, sizeof(op[0]));
data/chibi-scheme-0.9.1/eval.c:2253:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/chibi-scheme-0.9.1/eval.c:2270:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, dir, dirlen);
data/chibi-scheme-0.9.1/eval.c:2272:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path+len-filelen-1, file, filelen);
data/chibi-scheme-0.9.1/eval.c:2426:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char init_file[128];
data/chibi-scheme-0.9.1/gc.c:102:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_allocated_bytes = max_alloc ? atoi(max_alloc) : 8192000; /* 8MB */
data/chibi-scheme-0.9.1/gc_heap.c:10:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gc_heap_err_str[ERR_STR_SIZE];
data/chibi-scheme-0.9.1/gc_heap.c:116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->p, s, size);
data/chibi-scheme-0.9.1/gc_heap.c:374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[8];
data/chibi-scheme-0.9.1/gc_heap.c:386:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "wb");
data/chibi-scheme-0.9.1/gc_heap.c:610:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[512];
data/chibi-scheme-0.9.1/gc_heap.c:619:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/chibi-scheme-0.9.1/gc_heap.c:630:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "rb");
data/chibi-scheme-0.9.1/gc_heap.c:674:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
state.types[i] = (sexp)((unsigned char *)ctx_types[i] + state.offset);
data/chibi-scheme-0.9.1/include/chibi/features.h:953:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char sexp_abi_identifier_t[8];
data/chibi-scheme-0.9.1/include/chibi/sexp-hufftabdefs.h:2:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char _huff_tab1[8], _huff_tab2[8], _huff_tab3[2], _huff_tab4[2],
data/chibi-scheme-0.9.1/include/chibi/sexp.h:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flonum_bits[sizeof(double)]; /* for eqv? comparison on flonums */
data/chibi-scheme-0.9.1/lib/chibi/accept.c:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/chibi-scheme-0.9.1/lib/chibi/crypto/sha2.c:144:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sha->hash256, h224, sizeof(h224));
data/chibi-scheme-0.9.1/lib/chibi/crypto/sha2.c:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sha->hash256, h256, sizeof(h256));
data/chibi-scheme-0.9.1/lib/chibi/crypto/sha2.c:181:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sha->buffer + buf_offset, src + src_offset, len - src_offset);
data/chibi-scheme-0.9.1/lib/chibi/disasm.c:24:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/chibi-scheme-0.9.1/lib/chibi/disasm.c:30:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/chibi-scheme-0.9.1/lib/chibi/filesystem_win32_shim.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[MAX_PATH];
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:77:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, sexp_string_data(sexp_cookie_buffer(vec)), sexp_unbox_fixnum(res));
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sexp_string_data(sexp_cookie_buffer(vec)), buffer, size);
data/chibi-scheme-0.9.1/lib/chibi/json.c:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initbuf[INIT_STRING_BUFFER_SIZE];
data/chibi-scheme-0.9.1/lib/chibi/json.c:113:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, buf, i);
data/chibi-scheme-0.9.1/lib/chibi/json.c:332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cout[FLONUM_SIGNIFICANT_DIGITS + FLONUM_EXP_MAX_DIGITS + 5];
data/chibi-scheme-0.9.1/lib/chibi/json.c:340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cout[32]; /* oversized to avoid snprintf warnings */
data/chibi-scheme-0.9.1/lib/chibi/optimize/rest.c:18:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(res->value), op, sizeof(op[0]));
data/chibi-scheme-0.9.1/lib/srfi/151/bit.c:349:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char log_table_256[256] =
data/chibi-scheme-0.9.1/lib/srfi/18/threads.c:390:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sexp_pollfds_fds(pollfds), pfd, i*2*sizeof(struct pollfd));
data/chibi-scheme-0.9.1/lib/srfi/95/qsort.c:231:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vec + lo, scratch + lo, (hi-lo+1) * sizeof(sexp));
data/chibi-scheme-0.9.1/lib/srfi/95/qsort.c:294:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vec + lo, scratch + lo, (hi-lo+1) * sizeof(sexp));
data/chibi-scheme-0.9.1/plan9.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/chibi-scheme-0.9.1/plan9.c:138:51: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sexp context, auth, attach, walk, walk1, clone, open, create, remove,
data/chibi-scheme-0.9.1/plan9.c:205:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sexp_def_9p_handler(sexp_9p_open, open)
data/chibi-scheme-0.9.1/sexp.c:380:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sexp_vector_data(sexp_type_cpl(type)),
data/chibi-scheme-0.9.1/sexp.c:590:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(type->value), &(_sexp_type_specs[i]), sizeof(_sexp_type_specs[0]));
data/chibi-scheme-0.9.1/sexp.c:742:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s=sexp_string_data(str), pre, plen);
data/chibi-scheme-0.9.1/sexp.c:743:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s+plen, mid, mlen);
data/chibi-scheme-0.9.1/sexp.c:744:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s+plen+mlen, suf, slen);
data/chibi-scheme-0.9.1/sexp.c:1357:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sexp_string_data(s), str, len);
data/chibi-scheme-0.9.1/sexp.c:1377:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sexp_string_data(res),
data/chibi-scheme-0.9.1/sexp.c:1440:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, sexp_string_data(sexp_car(ls)), len);
data/chibi-scheme-0.9.1/sexp.c:1443:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, csep, sep_len);
data/chibi-scheme-0.9.1/sexp.c:1607:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sexp_port_buf(p), sexp_string_data(sexp_port_buffer(p)), sexp_port_size(p));
data/chibi-scheme-0.9.1/sexp.c:1636:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sexp_port_buf(p)+sexp_port_offset(p), str, diff);
data/chibi-scheme-0.9.1/sexp.c:1644:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sexp_port_buf(p)+sexp_port_offset(p), str, len);
data/chibi-scheme-0.9.1/sexp.c:2095:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/chibi-scheme-0.9.1/sexp.c:2443:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/chibi-scheme-0.9.1/sexp.c:2476:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initbuf[INIT_STRING_BUFFER_SIZE];
data/chibi-scheme-0.9.1/sexp.c:2537:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, buf, i);
data/chibi-scheme-0.9.1/sexp.c:2554:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initbuf[INIT_STRING_BUFFER_SIZE];
data/chibi-scheme-0.9.1/sexp.c:2578:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, buf, i);
data/chibi-scheme-0.9.1/sexp.c:3397:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sexp_vector_data(tmp2), sexp_vector_data(*shares), (sexp_vector_length(*shares)-1)*sizeof(sexp));
data/chibi-scheme-0.9.1/eval.c:465:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
colon = str + strlen(str);
data/chibi-scheme-0.9.1/eval.c:1334:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base_len = strlen(file) - strlen(sexp_so_extension);
data/chibi-scheme-0.9.1/eval.c:1334:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base_len = strlen(file) - strlen(sexp_so_extension);
data/chibi-scheme-0.9.1/eval.c:1430:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ sexp_string_size(source) - strlen(sexp_so_extension) : "...";
data/chibi-scheme-0.9.1/eval.c:2260:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filelen = strlen(file);
data/chibi-scheme-0.9.1/eval.c:2443:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(sexp_init_file);
data/chibi-scheme-0.9.1/eval.c:2444:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(init_file, sexp_init_file, len+1);
data/chibi-scheme-0.9.1/eval.c:2446:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(init_file + len + 1, sexp_init_file_suffix, strlen(sexp_init_file_suffix)+1);
data/chibi-scheme-0.9.1/eval.c:2446:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(init_file + len + 1, sexp_init_file_suffix, strlen(sexp_init_file_suffix)+1);
data/chibi-scheme-0.9.1/eval.c:2447:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
init_file[len + 1 + strlen(sexp_init_file_suffix)] = 0;
data/chibi-scheme-0.9.1/gc_heap.c:166:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(gc_heap_err_str);
data/chibi-scheme-0.9.1/gc_heap.c:200:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(gc_heap_err_str);
data/chibi-scheme-0.9.1/gc_heap.c:222:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(gc_heap_err_str);
data/chibi-scheme-0.9.1/gc_heap.c:338:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(gc_heap_err_str);
data/chibi-scheme-0.9.1/gc_heap.c:351:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(gc_heap_err_str);
data/chibi-scheme-0.9.1/gc_heap.c:625:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = colon ? colon : mod_path + strlen(mod_path);
data/chibi-scheme-0.9.1/include/chibi/sexp.h:30:36: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define sexp_poll_input(ctx, port) usleep(SEXP_POLL_SLEEP_TIME)
data/chibi-scheme-0.9.1/include/chibi/sexp.h:31:37: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define sexp_poll_output(ctx, port) usleep(SEXP_POLL_SLEEP_TIME)
data/chibi-scheme-0.9.1/include/chibi/sexp.h:1608:188: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define sexp_read_char(x, p) (sexp_port_buf(p) ? ((sexp_port_offset(p) < sexp_port_size(p)) ? ((unsigned char*)sexp_port_buf(p))[sexp_port_offset(p)++] : sexp_buffered_read_char(x, p)) : getc(sexp_port_stream(p)))
data/chibi-scheme-0.9.1/lib/chibi/filesystem_win32_shim.c:75:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dp->result.d_name, ffd.cFileName, MAX_PATH);
data/chibi-scheme-0.9.1/lib/chibi/filesystem_win32_shim.c:89:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dp->result.d_name, ffd.cFileName, MAX_PATH);
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:156:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sexp read, sexp write,
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:161:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sexp_truep(read) && ! sexp_procedurep(read))
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:161:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sexp_truep(read) && ! sexp_procedurep(read))
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:162:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return sexp_type_exception(ctx, self, SEXP_PROCEDURE, read);
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:173:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sexp_cookie_read_set(vec, read);
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:179:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(sexp_procedurep(read) ? sexp_cookie_reader : NULL),
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:187:71: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = sexp_user_exception(ctx, self, "couldn't make custom port", read);
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:201:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const char *mode, sexp read, sexp write,
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:221:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sexp_vector_set(vec, SEXP_TWO, read);
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:233:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sexp read, sexp seek, sexp close) {
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:234:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return sexp_make_custom_port(ctx, self, "r", read, SEXP_FALSE, seek, close);
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:248:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sexp read, sexp seek, sexp close) {
data/chibi-scheme-0.9.1/lib/chibi/io/port.c:249:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sexp res = sexp_make_custom_input_port(ctx, self, read, seek, close);
data/chibi-scheme-0.9.1/lib/srfi/18/threads.c:629:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(usecs);
data/chibi-scheme-0.9.1/main.c:185:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int preflen = strlen(prefix), modlen = strlen(mod);
data/chibi-scheme-0.9.1/main.c:185:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int preflen = strlen(prefix), modlen = strlen(mod);
data/chibi-scheme-0.9.1/main.c:186:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = preflen + modlen + strlen(suffix);
data/chibi-scheme-0.9.1/main.c:187:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int suflen = strlen(suffix) + (mod[0] == '(' ? 1 : 0);
data/chibi-scheme-0.9.1/main.c:315:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp((arg == NULL ? argv[0] : arg + 1), "scheme-r7rs", strlen("scheme-r7rs")) == 0) {
data/chibi-scheme-0.9.1/plan9.c:139:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, write, stat, wstat, flush, destroyfid, destroyreq, end;
data/chibi-scheme-0.9.1/plan9.c:208:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sexp_def_9p_handler(sexp_9p_read, read)
data/chibi-scheme-0.9.1/sexp.c:738:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen=strlen(pre), mlen=strlen(mid), slen=strlen(suf);
data/chibi-scheme-0.9.1/sexp.c:738:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen=strlen(pre), mlen=strlen(mid), slen=strlen(suf);
data/chibi-scheme-0.9.1/sexp.c:738:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int plen=strlen(pre), mlen=strlen(mid), slen=strlen(suf);
data/chibi-scheme-0.9.1/sexp.c:1354:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = ((slen >= 0) ? slen : strlen(str));
data/chibi-scheme-0.9.1/sexp.c:1479:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < 0) len = strlen(str);
data/chibi-scheme-0.9.1/sexp.c:1588:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(sexp_port_fileno(p), sexp_port_buf(p) + BUF_START, SEXP_PORT_BUFFER_SIZE - BUF_START);
data/chibi-scheme-0.9.1/sexp.c:1650:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sexp_buffered_write_string_n(ctx, str, strlen(str), p);
data/chibi-scheme-0.9.1/sexp.c:2038:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = getc(in);
data/chibi-scheme-0.9.1/sexp.c:2148:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(numbuf+1, isinf(f) ? "inf.0" : "nan.0", NUMBUF_LEN-1);
data/chibi-scheme-0.9.1/sexp.c:2352:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(numbuf+1, isinf(f) ? "inf.0" : "nan.0", NUMBUF_LEN-1);
data/chibi-scheme-0.9.1/sexp.c:2974:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = s[0], len = strlen((const char*)s);
data/chibi-scheme-0.9.1/vm.c:993:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(SEXP_POLL_SLEEP_TIME);
ANALYSIS SUMMARY:
Hits = 152
Lines analyzed = 23458 in approximately 0.71 seconds (33038 lines/second)
Physical Source Lines of Code (SLOC) = 20735
Hits@level = [0] 90 [1] 54 [2] 65 [3] 8 [4] 23 [5] 2
Hits@level+ = [0+] 242 [1+] 152 [2+] 98 [3+] 33 [4+] 25 [5+] 2
Hits/KSLOC@level+ = [0+] 11.6711 [1+] 7.3306 [2+] 4.72631 [3+] 1.59151 [4+] 1.20569 [5+] 0.0964553
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.