Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gjs-1.66.1/gi/arg-cache.cpp
Examining data/gjs-1.66.1/gi/arg-cache.h
Examining data/gjs-1.66.1/gi/arg-inl.h
Examining data/gjs-1.66.1/gi/arg.cpp
Examining data/gjs-1.66.1/gi/arg.h
Examining data/gjs-1.66.1/gi/boxed.cpp
Examining data/gjs-1.66.1/gi/boxed.h
Examining data/gjs-1.66.1/gi/closure.cpp
Examining data/gjs-1.66.1/gi/closure.h
Examining data/gjs-1.66.1/gi/enumeration.cpp
Examining data/gjs-1.66.1/gi/enumeration.h
Examining data/gjs-1.66.1/gi/foreign.cpp
Examining data/gjs-1.66.1/gi/foreign.h
Examining data/gjs-1.66.1/gi/function.cpp
Examining data/gjs-1.66.1/gi/function.h
Examining data/gjs-1.66.1/gi/fundamental.cpp
Examining data/gjs-1.66.1/gi/fundamental.h
Examining data/gjs-1.66.1/gi/gerror.cpp
Examining data/gjs-1.66.1/gi/gerror.h
Examining data/gjs-1.66.1/gi/gjs_gi_trace.h
Examining data/gjs-1.66.1/gi/gobject.cpp
Examining data/gjs-1.66.1/gi/gobject.h
Examining data/gjs-1.66.1/gi/gtype.cpp
Examining data/gjs-1.66.1/gi/gtype.h
Examining data/gjs-1.66.1/gi/interface.cpp
Examining data/gjs-1.66.1/gi/interface.h
Examining data/gjs-1.66.1/gi/ns.cpp
Examining data/gjs-1.66.1/gi/ns.h
Examining data/gjs-1.66.1/gi/object.cpp
Examining data/gjs-1.66.1/gi/object.h
Examining data/gjs-1.66.1/gi/param.cpp
Examining data/gjs-1.66.1/gi/param.h
Examining data/gjs-1.66.1/gi/private.cpp
Examining data/gjs-1.66.1/gi/private.h
Examining data/gjs-1.66.1/gi/repo.cpp
Examining data/gjs-1.66.1/gi/repo.h
Examining data/gjs-1.66.1/gi/toggle.cpp
Examining data/gjs-1.66.1/gi/toggle.h
Examining data/gjs-1.66.1/gi/union.cpp
Examining data/gjs-1.66.1/gi/union.h
Examining data/gjs-1.66.1/gi/utils-inl.h
Examining data/gjs-1.66.1/gi/value.cpp
Examining data/gjs-1.66.1/gi/value.h
Examining data/gjs-1.66.1/gi/wrapperutils.cpp
Examining data/gjs-1.66.1/gi/wrapperutils.h
Examining data/gjs-1.66.1/gjs/atoms.cpp
Examining data/gjs-1.66.1/gjs/atoms.h
Examining data/gjs-1.66.1/gjs/byteArray.cpp
Examining data/gjs-1.66.1/gjs/byteArray.h
Examining data/gjs-1.66.1/gjs/console.cpp
Examining data/gjs-1.66.1/gjs/context-private.h
Examining data/gjs-1.66.1/gjs/context.cpp
Examining data/gjs-1.66.1/gjs/context.h
Examining data/gjs-1.66.1/gjs/coverage.cpp
Examining data/gjs-1.66.1/gjs/coverage.h
Examining data/gjs-1.66.1/gjs/debugger.cpp
Examining data/gjs-1.66.1/gjs/deprecation.cpp
Examining data/gjs-1.66.1/gjs/deprecation.h
Examining data/gjs-1.66.1/gjs/engine.cpp
Examining data/gjs-1.66.1/gjs/engine.h
Examining data/gjs-1.66.1/gjs/error-types.cpp
Examining data/gjs-1.66.1/gjs/error-types.h
Examining data/gjs-1.66.1/gjs/gjs.h
Examining data/gjs-1.66.1/gjs/global.cpp
Examining data/gjs-1.66.1/gjs/global.h
Examining data/gjs-1.66.1/gjs/importer.cpp
Examining data/gjs-1.66.1/gjs/importer.h
Examining data/gjs-1.66.1/gjs/jsapi-class.h
Examining data/gjs-1.66.1/gjs/jsapi-dynamic-class.cpp
Examining data/gjs-1.66.1/gjs/jsapi-util-args.h
Examining data/gjs-1.66.1/gjs/jsapi-util-error.cpp
Examining data/gjs-1.66.1/gjs/jsapi-util-root.h
Examining data/gjs-1.66.1/gjs/jsapi-util-string.cpp
Examining data/gjs-1.66.1/gjs/jsapi-util.cpp
Examining data/gjs-1.66.1/gjs/jsapi-util.h
Examining data/gjs-1.66.1/gjs/macros.h
Examining data/gjs-1.66.1/gjs/mem-private.h
Examining data/gjs-1.66.1/gjs/mem.cpp
Examining data/gjs-1.66.1/gjs/mem.h
Examining data/gjs-1.66.1/gjs/module.cpp
Examining data/gjs-1.66.1/gjs/module.h
Examining data/gjs-1.66.1/gjs/native.cpp
Examining data/gjs-1.66.1/gjs/native.h
Examining data/gjs-1.66.1/gjs/profiler-private.h
Examining data/gjs-1.66.1/gjs/profiler.cpp
Examining data/gjs-1.66.1/gjs/profiler.h
Examining data/gjs-1.66.1/gjs/stack.cpp
Examining data/gjs-1.66.1/installed-tests/minijasmine.cpp
Examining data/gjs-1.66.1/libgjs-private/gjs-gdbus-wrapper.c
Examining data/gjs-1.66.1/libgjs-private/gjs-gdbus-wrapper.h
Examining data/gjs-1.66.1/libgjs-private/gjs-util.c
Examining data/gjs-1.66.1/libgjs-private/gjs-util.h
Examining data/gjs-1.66.1/modules/cairo-context.cpp
Examining data/gjs-1.66.1/modules/cairo-gradient.cpp
Examining data/gjs-1.66.1/modules/cairo-image-surface.cpp
Examining data/gjs-1.66.1/modules/cairo-linear-gradient.cpp
Examining data/gjs-1.66.1/modules/cairo-module.h
Examining data/gjs-1.66.1/modules/cairo-path.cpp
Examining data/gjs-1.66.1/modules/cairo-pattern.cpp
Examining data/gjs-1.66.1/modules/cairo-pdf-surface.cpp
Examining data/gjs-1.66.1/modules/cairo-private.h
Examining data/gjs-1.66.1/modules/cairo-ps-surface.cpp
Examining data/gjs-1.66.1/modules/cairo-radial-gradient.cpp
Examining data/gjs-1.66.1/modules/cairo-region.cpp
Examining data/gjs-1.66.1/modules/cairo-solid-pattern.cpp
Examining data/gjs-1.66.1/modules/cairo-surface-pattern.cpp
Examining data/gjs-1.66.1/modules/cairo-surface.cpp
Examining data/gjs-1.66.1/modules/cairo-svg-surface.cpp
Examining data/gjs-1.66.1/modules/cairo.cpp
Examining data/gjs-1.66.1/modules/console.cpp
Examining data/gjs-1.66.1/modules/console.h
Examining data/gjs-1.66.1/modules/modules.cpp
Examining data/gjs-1.66.1/modules/modules.h
Examining data/gjs-1.66.1/modules/print.cpp
Examining data/gjs-1.66.1/modules/print.h
Examining data/gjs-1.66.1/modules/system.cpp
Examining data/gjs-1.66.1/modules/system.h
Examining data/gjs-1.66.1/test/gjs-test-call-args.cpp
Examining data/gjs-1.66.1/test/gjs-test-common.cpp
Examining data/gjs-1.66.1/test/gjs-test-common.h
Examining data/gjs-1.66.1/test/gjs-test-coverage.cpp
Examining data/gjs-1.66.1/test/gjs-test-no-introspection-object.cpp
Examining data/gjs-1.66.1/test/gjs-test-no-introspection-object.h
Examining data/gjs-1.66.1/test/gjs-test-rooting.cpp
Examining data/gjs-1.66.1/test/gjs-test-utils.cpp
Examining data/gjs-1.66.1/test/gjs-test-utils.h
Examining data/gjs-1.66.1/test/gjs-tests.cpp
Examining data/gjs-1.66.1/util/log.cpp
Examining data/gjs-1.66.1/util/log.h
Examining data/gjs-1.66.1/util/misc.cpp
Examining data/gjs-1.66.1/util/misc.h
FINAL RESULTS:
data/gjs-1.66.1/test/gjs-test-coverage.cpp:810:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
nmatches = sscanf(line, format_string, &hit_count, detected_function);
data/gjs-1.66.1/gi/arg.cpp:1142:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&flat_array[struct_size * i], gjs_arg_get<void*>(&arg),
data/gjs-1.66.1/gi/arg.cpp:2173:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(array->pdata, data, sizeof(void*) * length);
data/gjs-1.66.1/gi/arg.cpp:2927:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[7];
data/gjs-1.66.1/gi/boxed.cpp:312:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_ptr, boxed_ptr, g_struct_info_get_size(info()));
data/gjs-1.66.1/gi/boxed.cpp:629:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(raw_ptr() + offset, source_priv->to_instance()->ptr(),
data/gjs-1.66.1/gjs/context.cpp:169:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "w");
data/gjs-1.66.1/gjs/debugger.cpp:93:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/gjs-1.66.1/gjs/jsapi-util.cpp:665:19: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int bufsize = MultiByteToWideChar(CP_UTF8, 0, str, len, nullptr, 0);
data/gjs-1.66.1/gjs/jsapi-util.cpp:670:18: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int result = MultiByteToWideChar(CP_UTF8, 0, str, len, &wstr[0], bufsize);
data/gjs-1.66.1/gjs/profiler.cpp:160:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/gjs-1.66.1/gjs/profiler.cpp:334:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final_string[512];
data/gjs-1.66.1/gjs/profiler.cpp:342:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(position, label, label_length);
data/gjs-1.66.1/gjs/profiler.cpp:364:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(position, dynamic_string, remaining_length);
data/gjs-1.66.1/installed-tests/minijasmine.cpp:69:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *coverage_prefixes[2] = { coverage_prefix, NULL };
data/gjs-1.66.1/modules/console.cpp:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/gjs-1.66.1/modules/system.cpp:142:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "a");
data/gjs-1.66.1/test/gjs-test-coverage.cpp:458:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hit_count[20]; /* can hold maxint64 (19 digits) + nul terminator */
data/gjs-1.66.1/test/gjs-test-coverage.cpp:475:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hit_count_num = atoi(hit_count);
data/gjs-1.66.1/test/gjs-tests.cpp:351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strv0[2] = {(char*)"foo", NULL};
data/gjs-1.66.1/test/gjs-tests.cpp:352:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strv1[1] = {NULL};
data/gjs-1.66.1/test/gjs-tests.cpp:354:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strv3[2] = {(char*)"bar", NULL};
data/gjs-1.66.1/test/gjs-tests.cpp:355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **stuff[4];
data/gjs-1.66.1/util/log.cpp:155:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfp = fopen(log_file, "a");
data/gjs-1.66.1/gi/arg.cpp:838:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = strlen(result.get());
data/gjs-1.66.1/gi/arg.cpp:2676:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(static_cast<char*>(c_array));
data/gjs-1.66.1/gi/repo.cpp:728:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = g_string_sized_new(strlen(camel_name) + 4 + 1);
data/gjs-1.66.1/gjs/byteArray.cpp:267:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(utf8.get());
data/gjs-1.66.1/gjs/console.cpp:287:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(script);
data/gjs-1.66.1/gjs/console.cpp:292:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(script);
data/gjs-1.66.1/gjs/coverage.cpp:119:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize offset = strlen(uri_header);
data/gjs-1.66.1/gjs/importer.cpp:719:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strndup(filename, strlen(filename) - 3);
data/gjs-1.66.1/gjs/jsapi-dynamic-class.cpp:124:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return name + strlen("_private_");
data/gjs-1.66.1/gjs/jsapi-util-string.cpp:102:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
JS::ConstUTF8CharsZ chars(utf8_string, strlen(utf8_string));
data/gjs-1.66.1/gjs/jsapi-util.cpp:306:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining_bytes = strlen (name);
data/gjs-1.66.1/gjs/jsapi-util.cpp:674:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wstr.resize(len < 0 ? strlen(str) : len);
data/gjs-1.66.1/gjs/profiler.cpp:168:17: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int r = sscanf(lines[ix], "%lx-%lx %*15s %lx %*x:%*x %lu %255s",
data/gjs-1.66.1/gjs/profiler.cpp:328:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t label_length = strlen(label);
data/gjs-1.66.1/gjs/profiler.cpp:360:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dynamic_string_length = strlen(dynamic_string);
data/gjs-1.66.1/test/gjs-test-call-args.cpp:299:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool ok = source.init(fx->cx, script, strlen(script),
data/gjs-1.66.1/test/gjs-test-call-args.cpp:320:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool ok = source.init(fx->cx, script, strlen(script),
data/gjs-1.66.1/test/gjs-test-coverage.cpp:75:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_file_replace_contents(file, contents, strlen(contents), NULL /* etag */,
data/gjs-1.66.1/test/gjs-test-coverage.cpp:163:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const gsize needle_length = strlen(needle);
data/gjs-1.66.1/test/gjs-test-coverage.cpp:232:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GjsAutoChar actual = g_strndup(&sf_line[strlen(key)], strlen(value));
data/gjs-1.66.1/test/gjs-test-coverage.cpp:232:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GjsAutoChar actual = g_strndup(&sf_line[strlen(key)], strlen(value));
data/gjs-1.66.1/test/gjs-test-coverage.cpp:463:16: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
nmatches = sscanf(line, "%i,%i,%i,%19s", &line_no, &block_no, &branch_id, hit_count);
data/gjs-1.66.1/test/gjs-test-coverage.cpp:472:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hit_count) == 1 && *hit_count == '-')
data/gjs-1.66.1/test/gjs-test-coverage.cpp:697:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GjsAutoChar actual = g_strndup(line, strlen(expected_function_name));
data/gjs-1.66.1/test/gjs-test-coverage.cpp:745:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GjsAutoChar actual = g_strndup(line, strlen(expected_function_line));
data/gjs-1.66.1/test/gjs-test-coverage.cpp:1163:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(base_name) - 3);
data/gjs-1.66.1/test/gjs-test-coverage.cpp:1226:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (expected[i].source_file_path)) == 0) {
data/gjs-1.66.1/test/gjs-tests.cpp:240:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(VALID_UTF8_STRING), &v_out);
data/gjs-1.66.1/test/gjs-tests.cpp:250:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
JS::ConstUTF8CharsZ jschars(VALID_UTF8_STRING, strlen(VALID_UTF8_STRING));
data/gjs-1.66.1/test/gjs-tests.cpp:271:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
JS::ConstUTF8CharsZ jschars(VALID_UTF8_STRING, strlen(VALID_UTF8_STRING));
ANALYSIS SUMMARY:
Hits = 54
Lines analyzed = 39954 in approximately 0.94 seconds (42507 lines/second)
Physical Source Lines of Code (SLOC) = 27007
Hits@level = [0] 6 [1] 30 [2] 23 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 60 [1+] 54 [2+] 24 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 2.22165 [1+] 1.99948 [2+] 0.888658 [3+] 0.0370274 [4+] 0.0370274 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.