Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/purple-discord-0.9.2020.07.17.git.8fd7ceb/glib_compat.h
Examining data/purple-discord-0.9.2020.07.17.git.8fd7ceb/json_compat.h
Examining data/purple-discord-0.9.2020.07.17.git.8fd7ceb/libdiscord.c
Examining data/purple-discord-0.9.2020.07.17.git.8fd7ceb/markdown.c
Examining data/purple-discord-0.9.2020.07.17.git.8fd7ceb/markdown.h
Examining data/purple-discord-0.9.2020.07.17.git.8fd7ceb/purple_compat.h
FINAL RESULTS:
data/purple-discord-0.9.2020.07.17.git.8fd7ceb/libdiscord.c:5626:48: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
nonce = g_strdup_printf("%" G_GUINT32_FORMAT, g_random_int());
data/purple-discord-0.9.2020.07.17.git.8fd7ceb/libdiscord.c:1011:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header_len = strlen(headers);
data/purple-discord-0.9.2020.07.17.git.8fd7ceb/libdiscord.c:1221:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_string_append_printf(headers, "Content-Length: %" G_GSIZE_FORMAT "\r\n", strlen(postdata));
data/purple-discord-0.9.2020.07.17.git.8fd7ceb/libdiscord.c:4673:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
purple_ssl_write(da->websocket, websocket_header, strlen(websocket_header));
data/purple-discord-0.9.2020.07.17.git.8fd7ceb/libdiscord.c:5007:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint i = strlen(str) - 1;
data/purple-discord-0.9.2020.07.17.git.8fd7ceb/libdiscord.c:5640:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
final_len = strlen(final);
data/purple-discord-0.9.2020.07.17.git.8fd7ceb/libdiscord.c:6043:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!name || !strlen(name)) {
data/purple-discord-0.9.2020.07.17.git.8fd7ceb/markdown.c:135:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint html_len = strlen(html);
data/purple-discord-0.9.2020.07.17.git.8fd7ceb/markdown.c:287:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t markdown_len = strlen(markdown);
ANALYSIS SUMMARY:
Hits = 9
Lines analyzed = 7585 in approximately 0.18 seconds (41875 lines/second)
Physical Source Lines of Code (SLOC) = 5583
Hits@level = [0] 0 [1] 8 [2] 0 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 9 [1+] 9 [2+] 1 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.61204 [1+] 1.61204 [2+] 0.179115 [3+] 0.179115 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.