Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/netstat-nat-1.4.10/netstat-nat.c
Examining data/netstat-nat-1.4.10/netstat-nat.h
FINAL RESULTS:
data/netstat-nat-1.4.10/netstat-nat.c:734:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gen_buffer, split);
data/netstat-nat-1.4.10/netstat-nat.c:230:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, args)) != -1) {
data/netstat-nat-1.4.10/netstat-nat.c:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[16];
data/netstat-nat-1.4.10/netstat-nat.c:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[16];
data/netstat-nat-1.4.10/netstat-nat.c:185:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SRC_IP[50];
data/netstat-nat-1.4.10/netstat-nat.c:186:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DST_IP[50];
data/netstat-nat-1.4.10/netstat-nat.c:191:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char PROTOCOL[4];
data/netstat-nat-1.4.10/netstat-nat.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[350];
data/netstat-nat-1.4.10/netstat-nat.c:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[50];
data/netstat-nat-1.4.10/netstat-nat.c:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[50];
data/netstat-nat-1.4.10/netstat-nat.c:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[50];
data/netstat-nat-1.4.10/netstat-nat.c:210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/netstat-nat-1.4.10/netstat-nat.c:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[100];
data/netstat-nat-1.4.10/netstat-nat.c:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[50] = "NATed Address";
data/netstat-nat-1.4.10/netstat-nat.c:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nathost[50] = "NAT-host Address";
data/netstat-nat-1.4.10/netstat-nat.c:214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[50] = "Destination Address";
data/netstat-nat-1.4.10/netstat-nat.c:346:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(NF_CONNTRACK_LOCATION, "r")) == NULL) {
data/netstat-nat-1.4.10/netstat-nat.c:347:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(IP_CONNTRACK_LOCATION, "r")) == NULL) {
data/netstat-nat-1.4.10/netstat-nat.c:527:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char protocol_name[11] = "";
data/netstat-nat-1.4.10/netstat-nat.c:528:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char protocol_raw[6] = "";
data/netstat-nat-1.4.10/netstat-nat.c:531:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(protocol, "tcp", 3);
data/netstat-nat-1.4.10/netstat-nat.c:534:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(protocol, "udp", 3);
data/netstat-nat-1.4.10/netstat-nat.c:537:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(protocol, "icmp", 4);
data/netstat-nat-1.4.10/netstat-nat.c:550:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
protocol_nr = atoi(protocol_raw);
data/netstat-nat-1.4.10/netstat-nat.c:552:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(protocol, protocol_name, 5);
data/netstat-nat-1.4.10/netstat-nat.c:566:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, "ESTABLISHED", 11);
data/netstat-nat-1.4.10/netstat-nat.c:569:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, "TIME_WAIT", 9);
data/netstat-nat-1.4.10/netstat-nat.c:572:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, "FIN_WAIT", 8);
data/netstat-nat-1.4.10/netstat-nat.c:575:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, "SYN_RECV", 8);
data/netstat-nat-1.4.10/netstat-nat.c:578:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, "SYN_SENT", 8);
data/netstat-nat-1.4.10/netstat-nat.c:581:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, "UNREPLIED", 9);
data/netstat-nat-1.4.10/netstat-nat.c:584:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, "CLOSE", 5);
data/netstat-nat-1.4.10/netstat-nat.c:587:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, "ASSURED", 7);
data/netstat-nat-1.4.10/netstat-nat.c:591:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, "UNREPLIED", 9);
data/netstat-nat-1.4.10/netstat-nat.c:594:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state, " ", 1);
data/netstat-nat-1.4.10/netstat-nat.c:604:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcip_f[16] = "";
data/netstat-nat-1.4.10/netstat-nat.c:605:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstip_f[16] = "";
data/netstat-nat-1.4.10/netstat-nat.c:606:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcip_s[16] = "";
data/netstat-nat-1.4.10/netstat-nat.c:607:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstip_s[16] = "";
data/netstat-nat-1.4.10/netstat-nat.c:608:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcport[6] = "";
data/netstat-nat-1.4.10/netstat-nat.c:609:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstport[6] = "";
data/netstat-nat-1.4.10/netstat-nat.c:610:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcport_s[6] = "";
data/netstat-nat-1.4.10/netstat-nat.c:611:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstport_s[6] = "";
data/netstat-nat-1.4.10/netstat-nat.c:612:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char protocol[5] = "";
data/netstat-nat-1.4.10/netstat-nat.c:613:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[12] = "";
data/netstat-nat-1.4.10/netstat-nat.c:714:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_port[10];
data/netstat-nat-1.4.10/netstat-nat.c:720:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
portnr = htons(atoi(buf_port));
data/netstat-nat-1.4.10/netstat-nat.c:943:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, &line[i + searchLen], j - i - searchLen);
data/netstat-nat-1.4.10/netstat-nat.c:978:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, &line[i + searchLen], j - i - searchLen);
data/netstat-nat-1.4.10/netstat-nat.c:986:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strconvers[10] = "";
data/netstat-nat-1.4.10/netstat-nat.c:989:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(protocol_name, proto_struct->p_name, 5);
data/netstat-nat-1.4.10/netstat-nat.c:993:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(protocol_name, strconvers, 5);
data/netstat-nat-1.4.10/netstat-nat.c:380:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > 0) {
data/netstat-nat-1.4.10/netstat-nat.c:433:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pa[index][3]) > 0 || strlen(pa[index][4]) > 0 || strlen(pa[index][7]) > 0) {
data/netstat-nat-1.4.10/netstat-nat.c:433:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pa[index][3]) > 0 || strlen(pa[index][4]) > 0 || strlen(pa[index][7]) > 0) {
data/netstat-nat-1.4.10/netstat-nat.c:433:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pa[index][3]) > 0 || strlen(pa[index][4]) > 0 || strlen(pa[index][7]) > 0) {
data/netstat-nat-1.4.10/netstat-nat.c:441:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, pa[index][1], 29 - strlen(pa[index][3]));
data/netstat-nat-1.4.10/netstat-nat.c:441:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, pa[index][1], 29 - strlen(pa[index][3]));
data/netstat-nat-1.4.10/netstat-nat.c:450:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, pa[index][2], 29 - strlen(pa[index][4]));
data/netstat-nat-1.4.10/netstat-nat.c:450:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, pa[index][2], 29 - strlen(pa[index][4]));
data/netstat-nat-1.4.10/netstat-nat.c:460:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, pa[index][6], 29 - strlen(pa[index][7]));
data/netstat-nat-1.4.10/netstat-nat.c:460:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, pa[index][6], 29 - strlen(pa[index][7]));
data/netstat-nat-1.4.10/netstat-nat.c:471:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, pa[index][1], 39 - strlen(pa[index][3]));
data/netstat-nat-1.4.10/netstat-nat.c:471:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, pa[index][1], 39 - strlen(pa[index][3]));
data/netstat-nat-1.4.10/netstat-nat.c:480:6: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, pa[index][2], 39 - strlen(pa[index][4]));
data/netstat-nat-1.4.10/netstat-nat.c:480:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, pa[index][2], 39 - strlen(pa[index][4]));
data/netstat-nat-1.4.10/netstat-nat.c:490:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, pa[index][6], 39 - strlen(pa[index][7]));
data/netstat-nat-1.4.10/netstat-nat.c:490:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, pa[index][6], 39 - strlen(pa[index][7]));
data/netstat-nat-1.4.10/netstat-nat.c:541:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(line); i++ ) {
data/netstat-nat-1.4.10/netstat-nat.c:544:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = i; j < strlen(line); j++) {
data/netstat-nat-1.4.10/netstat-nat.c:548:21: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(protocol_raw, &line[j], 1);
data/netstat-nat-1.4.10/netstat-nat.c:856:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new->ip, ip, 15);
data/netstat-nat-1.4.10/netstat-nat.c:857:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new->dev, dev, 15);
data/netstat-nat-1.4.10/netstat-nat.c:904:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
searchLen = strlen(search);
data/netstat-nat-1.4.10/netstat-nat.c:905:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (searchLen > strlen(string)) {
data/netstat-nat-1.4.10/netstat-nat.c:908:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string) - searchLen + 1; i++) {
data/netstat-nat-1.4.10/netstat-nat.c:924:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineLen = strlen(line);
data/netstat-nat-1.4.10/netstat-nat.c:925:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
searchLen = strlen(search);
data/netstat-nat-1.4.10/netstat-nat.c:956:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lineLen = strlen(line);
data/netstat-nat-1.4.10/netstat-nat.c:957:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
searchLen = strlen(search);
data/netstat-nat-1.4.10/netstat-nat.h:69:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, src, (dst_size - 1));
ANALYSIS SUMMARY:
Hits = 81
Lines analyzed = 1092 in approximately 0.05 seconds (23693 lines/second)
Physical Source Lines of Code (SLOC) = 949
Hits@level = [0] 54 [1] 29 [2] 50 [3] 1 [4] 1 [5] 0
Hits@level+ = [0+] 135 [1+] 81 [2+] 52 [3+] 2 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 142.255 [1+] 85.353 [2+] 54.7945 [3+] 2.10748 [4+] 1.05374 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.