Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/e-book-backend-ews-factory.c
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/e-book-backend-ews.c
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/e-book-backend-ews.h
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/ews-oab-decoder.c
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/ews-oab-decoder.h
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/ews-oab-decompress.c
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/ews-oab-decompress.h
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/ews-oab-props.h
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/gal-lzx-decompress-test.c
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzx.h
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzxd.c
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/oab-decompress.c
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/readbits.h
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/readhuff.h
Examining data/evolution-ews-3.38.1/src/EWS/addressbook/oab-decode-test.c
Examining data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews-factory.c
Examining data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews-utils.c
Examining data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews-utils.h
Examining data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews.c
Examining data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews.h
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-enums.h
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-folder.c
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-folder.h
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-message-info.c
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-message-info.h
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-private.h
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-provider.c
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-search.c
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-search.h
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-store-summary.c
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-store-summary.h
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-store.c
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-store.h
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-summary.c
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-summary.h
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-transport.c
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-transport.h
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-utils.c
Examining data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-utils.h
Examining data/evolution-ews-3.38.1/src/EWS/common/camel-ews-settings.c
Examining data/evolution-ews-3.38.1/src/EWS/common/camel-ews-settings.h
Examining data/evolution-ews-3.38.1/src/EWS/common/camel-sasl-xoauth2-office365.c
Examining data/evolution-ews-3.38.1/src/EWS/common/camel-sasl-xoauth2-office365.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-calendar-utils.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-calendar-utils.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-camel-common.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-camel-common.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection-utils.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection-utils.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-debug.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-debug.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-enums.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-folder.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-folder.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-item-change.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-item-change.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-item.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-item.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-message.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-message.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-notification.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-notification.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-oof-settings.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-oof-settings.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-query-to-restriction.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-ews-query-to-restriction.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-oauth2-service-office365.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-oauth2-service-office365.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-soap-message.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-soap-message.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-soap-response.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-soap-response.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-soup-auth-negotiate.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-soup-auth-negotiate.h
Examining data/evolution-ews-3.38.1/src/EWS/common/e-source-ews-folder.c
Examining data/evolution-ews-3.38.1/src/EWS/common/e-source-ews-folder.h
Examining data/evolution-ews-3.38.1/src/EWS/common/ews-errors.c
Examining data/evolution-ews-3.38.1/src/EWS/common/ews-errors.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-book-config-ews.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-book-config-ews.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-cal-config-ews.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-cal-config-ews.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-config-lookup.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-config-lookup.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-config-ui-extension.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-config-ui-extension.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-config-utils.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-config-utils.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-edit-folder-permissions.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-edit-folder-permissions.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-ooo-notificator.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-ooo-notificator.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-photo-source.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-photo-source.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-search-user.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-search-user.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-subscribe-foreign-folder.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-subscribe-foreign-folder.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-autodiscover.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-autodiscover.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-backend.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-backend.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-delegates-page.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-delegates-page.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-folder-sizes-page.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-folder-sizes-page.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-gal.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-gal.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-notebook.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-notebook.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-oal-combo-box.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-oal-combo-box.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-offline-options.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-offline-options.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-ooo-page.c
Examining data/evolution-ews-3.38.1/src/EWS/evolution/e-mail-config-ews-ooo-page.h
Examining data/evolution-ews-3.38.1/src/EWS/evolution/module-ews-configuration.c
Examining data/evolution-ews-3.38.1/src/EWS/registry/e-ews-backend-factory.c
Examining data/evolution-ews-3.38.1/src/EWS/registry/e-ews-backend-factory.h
Examining data/evolution-ews-3.38.1/src/EWS/registry/e-ews-backend.c
Examining data/evolution-ews-3.38.1/src/EWS/registry/e-ews-backend.h
Examining data/evolution-ews-3.38.1/src/EWS/registry/module-ews-backend.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/addressbook/e-book-backend-m365-factory.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/addressbook/e-book-backend-m365.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/addressbook/e-book-backend-m365.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/calendar/e-cal-backend-m365-factory.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/calendar/e-cal-backend-m365.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/calendar/e-cal-backend-m365.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-folder-summary.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-folder-summary.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-folder.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-folder.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-message-info.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-message-info.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-provider.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store-summary.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store-summary.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-transport.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-transport.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-utils.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-utils.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/camel-m365-settings.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/camel-m365-settings.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/camel-sasl-xoauth2-microsoft365.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/camel-sasl-xoauth2-microsoft365.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/e-m365-connection.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/e-m365-connection.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/e-m365-enums.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/e-m365-json-utils.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/e-m365-json-utils.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/e-m365-tz-utils.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/e-m365-tz-utils.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/e-oauth2-service-microsoft365.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/e-oauth2-service-microsoft365.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/e-source-m365-folder.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/common/e-source-m365-folder.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/evolution/e-book-config-m365.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/evolution/e-book-config-m365.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/evolution/e-cal-config-m365.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/evolution/e-cal-config-m365.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/evolution/e-mail-config-m365-backend.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/evolution/e-mail-config-m365-backend.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/evolution/module-m365-configuration.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/registry/e-m365-backend-factory.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/registry/e-m365-backend-factory.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/registry/e-m365-backend.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/registry/e-m365-backend.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/registry/e-source-m365-deltas.c
Examining data/evolution-ews-3.38.1/src/Microsoft365/registry/e-source-m365-deltas.h
Examining data/evolution-ews-3.38.1/src/Microsoft365/registry/module-m365-backend.c
Examining data/evolution-ews-3.38.1/tests/ews-test-camel.c
Examining data/evolution-ews-3.38.1/tests/ews-test-common.c
Examining data/evolution-ews-3.38.1/tests/ews-test-common.h
Examining data/evolution-ews-3.38.1/tests/ews-test-timezones.c
FINAL RESULTS:
data/evolution-ews-3.38.1/src/EWS/addressbook/ews-oab-decoder.c:605:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (tmp, "%"G_GUINT32_FORMAT, &ret);
data/evolution-ews-3.38.1/src/EWS/addressbook/ews-oab-decoder.c:1117:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (vals[i],"%"G_GUINT32_FORMAT,&prop_id);
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzx.h:22:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf x ; fputc('\n', stdout); fflush(stdout);} while (0);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.c:3982:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf (s,"%"G_GUINT32_FORMAT, &val);
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzx.h:115:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char PRETREE_len [LZX_PRETREE_MAXSYMBOLS + LZX_LENTABLE_SAFETY];
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzx.h:116:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MAINTREE_len [LZX_MAINTREE_MAXSYMBOLS + LZX_LENTABLE_SAFETY];
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzx.h:117:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char LENGTH_len [LZX_LENGTH_MAXSYMBOLS + LZX_LENTABLE_SAFETY];
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzx.h:118:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ALIGNED_len [LZX_ALIGNED_MAXSYMBOLS + LZX_LENTABLE_SAFETY];
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzx.h:132:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e8_buf[LZX_FRAME_SIZE];
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzxd.c:217:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char extra_bits[36] = {
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzxd.c:391:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *window, *runsrc, *rundest, buf[12];
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzxd.c:772:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rundest, i_ptr, (size_t) i);
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/lzxd.c:824:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &lzx->window[lzx->frame_posn], frame_size);
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/oab-decompress.c:20:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define __egi32(a,n) ( ((((unsigned char *) a)[n+3]) << 24) | \
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/oab-decompress.c:143:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen (filename, "rb");
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/oab-decompress.c:150:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen (output_filename, "wb");
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/oab-decompress.c:359:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen (filename, "rb");
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/oab-decompress.c:366:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
orig_input = fopen (orig_filename, "rb");
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/oab-decompress.c:373:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen (output_filename, "wb");
data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews.c:534:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
prop = i_cal_property_new_percentcomplete (atoi (percent_complete ? percent_complete : "0"));
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-folder.c:353:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_old = open (mime_fname, O_RDONLY);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.c:1406:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
total_items = atoi (total);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.c:2398:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (info->data.inlined.data, data, len);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.c:10162:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
total_items = atoi (total);
data/evolution-ews-3.38.1/src/EWS/common/e-soap-response.c:326:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi ((gchar *) s);
data/evolution-ews-3.38.1/src/EWS/addressbook/e-book-backend-ews.c:2210:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oab_url [strlen (oab_url) - 7] = '\0';
data/evolution-ews-3.38.1/src/EWS/addressbook/e-book-backend-ews.c:2834:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e_sexp_input_text (sexp, query, strlen (query));
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/readbits.h:180:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < 0) return p->error = LZX_ERR_READ;
data/evolution-ews-3.38.1/src/EWS/addressbook/mspack/readbits.h:198:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p->i_end = &p->inbuf[read];
data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews.c:1128:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base64 = g_base64_encode ((const guchar *) comp_str, strlen (comp_str) + 1);
data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews.c:2231:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
prop1 && equal;
data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews.c:2272:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews.c:2414:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uid && g_str_has_prefix (basename, uid) && basename[strlen (uid)] == '-') {
data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews.c:2415:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e_ews_attachment_info_set_prefer_filename (info, basename + strlen (uid) + 1);
data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews.c:3375:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
camel_mime_part_set_content (text_part, body, strlen (body), "text/plain");
data/evolution-ews-3.38.1/src/EWS/calendar/e-cal-backend-ews.c:3382:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
camel_mime_part_set_content (vcal_part, ical_str, strlen (ical_str), "text/calendar; method=CANCEL");
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-folder.c:167:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (sha, (guchar *) uid, strlen (uid));
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-folder.c:185:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (sha, (guchar *) key, strlen (key));
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-folder.c:207:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (sha, (guchar *) key, strlen (key));
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-folder.c:225:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (sha, (guchar *) key, strlen (key));
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-folder.c:246:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (sha, (guchar *) key, strlen (key));
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-folder.c:442:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (calstring_new),
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-folder.c:600:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
camel_mime_part_set_content (part, body, strlen (body), "text/plain");
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-folder.c:656:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
camel_mime_part_set_content (CAMEL_MIME_PART (msg), body, strlen (body), "text/plain");
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-store-summary.c:238:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file, contents, strlen (contents),
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-store-summary.c:348:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sm.matchlen = strlen (sm.match);
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-store-summary.c:866:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixlen = strlen (prefix);
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-store-summary.c:907:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixlen = strlen (prefix);
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-store.c:2449:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen (path);
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-utils.c:473:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = g_string_sized_new (strlen (name) + 16);
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-utils.c:495:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GString *str = g_string_sized_new (strlen (flag));
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-utils.c:1074:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stream = camel_stream_mem_new_with_buffer (msg_headers, strlen (msg_headers));
data/evolution-ews-3.38.1/src/EWS/camel/camel-ews-utils.c:1522:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return pos > evo_label_def && pos[-1] == '|' && !pos[strlen (tag)];
data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.c:2915:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (cnc->priv->password, 0, strlen (cnc->priv->password));
data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.c:3681:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen (domain);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.c:3682:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint onmslen = strlen (ON_MICROSOFT_COM_TEXT);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.c:3843:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen (text);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.c:3844:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (suffix);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-connection.c:6396:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (usename);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-item.c:366:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dtstring);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-item.c:1290:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gssize haystack_len = strlen (html_text);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-item.c:1891:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gboolean *read)
data/evolution-ews-3.38.1/src/EWS/common/e-ews-message.c:211:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e_soap_message_write_base64 (msg, value, strlen (value));
data/evolution-ews-3.38.1/src/EWS/common/e-ews-notification.c:743:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = end + strlen ("</Envelope>") - chunk_str;
data/evolution-ews-3.38.1/src/EWS/common/e-ews-oof-settings.c:96:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
haystack_len = strlen (html_text);
data/evolution-ews-3.38.1/src/EWS/common/e-ews-query-to-restriction.c:1260:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e_sexp_input_text (sexp, query, strlen (query));
data/evolution-ews-3.38.1/src/EWS/common/e-soap-message.c:221:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *enc = g_base64_encode ((guchar *) fname, strlen (fname));
data/evolution-ews-3.38.1/src/EWS/common/e-soap-message.c:222:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlSAX2Characters (ctxt, (xmlChar *) enc, strlen (enc));
data/evolution-ews-3.38.1/src/EWS/common/e-soap-message.c:225:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlSAX2Characters (ctxt, (xmlChar *) fname, strlen (fname));
data/evolution-ews-3.38.1/src/EWS/common/e-soap-response.c:191:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmldoc = xmlParseMemory (xmlstr, xmlstr_length == -1 ? strlen (xmlstr) : xmlstr_length);
data/evolution-ews-3.38.1/src/EWS/common/e-soup-auth-negotiate.c:66:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (what));
data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-subscribe-foreign-folder.c:373:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fid.is_distinguished_id = cffd->use_foldername != NULL || (cffd->orig_foldername && strlen (cffd->orig_foldername) < 40);
data/evolution-ews-3.38.1/src/EWS/evolution/e-ews-subscribe-foreign-folder.c:572:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen (orig_foldername) > 13) {
data/evolution-ews-3.38.1/src/Microsoft365/addressbook/e-book-backend-m365.c:299:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for (link = old_values; link && equal; link = g_slist_next (link)) {
data/evolution-ews-3.38.1/src/Microsoft365/addressbook/e-book-backend-m365.c:306:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
equal = equal && !g_hash_table_size (values);
data/evolution-ews-3.38.1/src/Microsoft365/addressbook/e-book-backend-m365.c:310:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/evolution-ews-3.38.1/src/Microsoft365/addressbook/e-book-backend-m365.c:333:34: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for (link = old_values; link && equal; link = g_list_next (link)) {
data/evolution-ews-3.38.1/src/Microsoft365/addressbook/e-book-backend-m365.c:340:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
equal = equal && !g_hash_table_size (values);
data/evolution-ews-3.38.1/src/Microsoft365/addressbook/e-book-backend-m365.c:344:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/evolution-ews-3.38.1/src/Microsoft365/calendar/e-cal-backend-m365.c:2135:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = camel_stream_write (filter_stream, base64_data, strlen (base64_data), cancellable, error) != -1;
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-folder.c:76:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_checksum_update (checksum, (const guchar *) id, strlen (id));
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store-summary.c:45:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encoded = g_string_sized_new (strlen (display_name) + 4);
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store-summary.c:782:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_name = g_string_sized_new ((last_slash ? (last_slash - old_full_name) : 0) + strlen (encoded) + 2);
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store-summary.c:830:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rpd.prefix_len = strlen (old_full_name);
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store-summary.c:836:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diff = strlen (new_full_name) - rpd.prefix_len;
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store-summary.c:844:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old_full_name_len = strlen (ifnd->full_name);
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store-summary.c:1221:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gid.prefix_len = strlen (top);
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store.c:267:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return pos > evo_label_def && pos[-1] == '|' && !pos[strlen (tag)];
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-store.c:903:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen (trash_full_name);
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-utils.c:91:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = g_string_sized_new (strlen (name) + 16);
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-utils.c:113:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GString *str = g_string_sized_new (strlen (flag));
data/evolution-ews-3.38.1/src/Microsoft365/camel/camel-m365-utils.c:458:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define wstr(str) camel_stream_write (filter_stream, str, strlen (str), cancellable, NULL)
data/evolution-ews-3.38.1/src/Microsoft365/common/e-m365-json-utils.c:717:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen (value);
data/evolution-ews-3.38.1/src/Microsoft365/common/e-m365-json-utils.c:723:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tmp, value, 27);
data/evolution-ews-3.38.1/tests/ews-test-common.c:373:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uhm_server_received_message_chunk (server, message, strlen (message), NULL);
ANALYSIS SUMMARY:
Hits = 95
Lines analyzed = 106518 in approximately 2.00 seconds (53331 lines/second)
Physical Source Lines of Code (SLOC) = 81049
Hits@level = [0] 54 [1] 70 [2] 21 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 149 [1+] 95 [2+] 25 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 1.83839 [1+] 1.17213 [2+] 0.308455 [3+] 0.0493529 [4+] 0.0493529 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.