Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pg-similarity-1.0/block.c
Examining data/pg-similarity-1.0/cosine.c
Examining data/pg-similarity-1.0/dice.c
Examining data/pg-similarity-1.0/euclidean.c
Examining data/pg-similarity-1.0/hamming.c
Examining data/pg-similarity-1.0/jaccard.c
Examining data/pg-similarity-1.0/jaro.c
Examining data/pg-similarity-1.0/levenshtein.c
Examining data/pg-similarity-1.0/matching.c
Examining data/pg-similarity-1.0/mongeelkan.c
Examining data/pg-similarity-1.0/needlemanwunsch.c
Examining data/pg-similarity-1.0/overlap.c
Examining data/pg-similarity-1.0/qgram.c
Examining data/pg-similarity-1.0/similarity.c
Examining data/pg-similarity-1.0/similarity.h
Examining data/pg-similarity-1.0/similarity_gin.c
Examining data/pg-similarity-1.0/smithwaterman.c
Examining data/pg-similarity-1.0/smithwatermangotoh.c
Examining data/pg-similarity-1.0/soundex.c
Examining data/pg-similarity-1.0/tokenizer.c
Examining data/pg-similarity-1.0/tokenizer.h
FINAL RESULTS:
data/pg-similarity-1.0/tokenizer.c:48:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(n, t->head->data);
data/pg-similarity-1.0/similarity.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *approx_set[7] = {
data/pg-similarity-1.0/block.c:59:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/block.c:59:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/cosine.c:40:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/cosine.c:40:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/dice.c:53:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/dice.c:53:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/euclidean.c:61:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/euclidean.c:61:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/hamming.c:147:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(a);
data/pg-similarity-1.0/hamming.c:148:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(b);
data/pg-similarity-1.0/jaccard.c:53:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/jaccard.c:53:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/jaro.c:83:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(a);
data/pg-similarity-1.0/jaro.c:84:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(b);
data/pg-similarity-1.0/jaro.c:281:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(a) && i < strlen(b) && i < PGS_JARO_PREFIX_SIZE; i++)
data/pg-similarity-1.0/jaro.c:281:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(a) && i < strlen(b) && i < PGS_JARO_PREFIX_SIZE; i++)
data/pg-similarity-1.0/levenshtein.c:57:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(a);
data/pg-similarity-1.0/levenshtein.c:58:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(b);
data/pg-similarity-1.0/levenshtein.c:141:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(a);
data/pg-similarity-1.0/levenshtein.c:142:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(b);
data/pg-similarity-1.0/levenshtein.c:217:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/levenshtein.c:217:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/levenshtein.c:223:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = max2(strlen(a), strlen(b));
data/pg-similarity-1.0/levenshtein.c:223:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = max2(strlen(a), strlen(b));
data/pg-similarity-1.0/levenshtein.c:283:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/levenshtein.c:283:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/levenshtein.c:289:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = max2(strlen(a), strlen(b));
data/pg-similarity-1.0/levenshtein.c:289:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = max2(strlen(a), strlen(b));
data/pg-similarity-1.0/matching.c:54:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/matching.c:54:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/mongeelkan.c:30:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(a);
data/pg-similarity-1.0/mongeelkan.c:31:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(b);
data/pg-similarity-1.0/mongeelkan.c:175:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/mongeelkan.c:175:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/needlemanwunsch.c:76:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(a);
data/pg-similarity-1.0/needlemanwunsch.c:77:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(b);
data/pg-similarity-1.0/needlemanwunsch.c:157:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/needlemanwunsch.c:157:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/needlemanwunsch.c:163:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxvalue = (float8) max2(strlen(a), strlen(b));
data/pg-similarity-1.0/needlemanwunsch.c:163:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxvalue = (float8) max2(strlen(a), strlen(b));
data/pg-similarity-1.0/overlap.c:54:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/overlap.c:54:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/similarity.c:84:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < 0 || i >= strlen(a))
data/pg-similarity-1.0/similarity.c:86:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (j < 0 || j >= strlen(b))
data/pg-similarity-1.0/similarity.c:108:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i < 0 || i >= strlen(a))
data/pg-similarity-1.0/similarity.c:110:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (j < 0 || j >= strlen(b))
data/pg-similarity-1.0/similarity_gin.c:96:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
td = cstring_to_text_with_len(t->data, strlen(t->data));
data/pg-similarity-1.0/similarity_gin.c:178:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
td = cstring_to_text_with_len(t->data, strlen(t->data));
data/pg-similarity-1.0/smithwaterman.c:82:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(a);
data/pg-similarity-1.0/smithwaterman.c:83:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(b);
data/pg-similarity-1.0/smithwaterman.c:197:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/smithwaterman.c:197:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/smithwaterman.c:203:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxvalue = (float8) min2(strlen(a), strlen(b));
data/pg-similarity-1.0/smithwaterman.c:203:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxvalue = (float8) min2(strlen(a), strlen(b));
data/pg-similarity-1.0/smithwatermangotoh.c:25:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(a);
data/pg-similarity-1.0/smithwatermangotoh.c:26:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blen = strlen(b);
data/pg-similarity-1.0/smithwatermangotoh.c:167:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/smithwatermangotoh.c:167:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/smithwatermangotoh.c:173:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxvalue = (float8) min2(strlen(a), strlen(b));
data/pg-similarity-1.0/smithwatermangotoh.c:173:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxvalue = (float8) min2(strlen(a), strlen(b));
data/pg-similarity-1.0/soundex.c:38:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(a);
data/pg-similarity-1.0/soundex.c:108:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/soundex.c:108:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a) > PGS_MAX_STR_LEN || strlen(b) > PGS_MAX_STR_LEN)
data/pg-similarity-1.0/tokenizer.c:46:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(t->head->data);
data/pg-similarity-1.0/tokenizer.c:250:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tok, sptr, c);
data/pg-similarity-1.0/tokenizer.c:259:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Assert(strlen(tok) <= PGS_MAX_TOKEN_LEN);
data/pg-similarity-1.0/tokenizer.c:336:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tok, sptr, c);
data/pg-similarity-1.0/tokenizer.c:344:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
elog(DEBUG4, "tok: \"%s\"; size: %u", tok, (unsigned int) strlen(tok));
data/pg-similarity-1.0/tokenizer.c:346:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Assert(strlen(tok) <= PGS_MAX_TOKEN_LEN);
data/pg-similarity-1.0/tokenizer.c:369:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/pg-similarity-1.0/tokenizer.c:383:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((buf + i), s, PGS_GRAM_LEN - i);
data/pg-similarity-1.0/tokenizer.c:401:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((buf + 1), s, PGS_GRAM_LEN - 1);
data/pg-similarity-1.0/tokenizer.c:420:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, p, PGS_GRAM_LEN);
data/pg-similarity-1.0/tokenizer.c:444:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, p, PGS_GRAM_LEN - i);
data/pg-similarity-1.0/tokenizer.c:464:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, p, PGS_GRAM_LEN - 1);
data/pg-similarity-1.0/tokenizer.c:554:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tok, sptr, c);
data/pg-similarity-1.0/tokenizer.c:562:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
elog(DEBUG4, "tok: \"%s\"; size: %u", tok, (unsigned int) strlen(tok));
data/pg-similarity-1.0/tokenizer.c:564:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Assert(strlen(tok) <= PGS_MAX_TOKEN_LEN);
ANALYSIS SUMMARY:
Hits = 80
Lines analyzed = 5075 in approximately 0.15 seconds (33386 lines/second)
Physical Source Lines of Code (SLOC) = 3268
Hits@level = [0] 0 [1] 78 [2] 1 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 80 [1+] 80 [2+] 2 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 24.4798 [1+] 24.4798 [2+] 0.611995 [3+] 0.305998 [4+] 0.305998 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.