Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/python-aiohttp-3.6.2/aiohttp/_find_header.c Examining data/python-aiohttp-3.6.2/aiohttp/_find_header.h Examining data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c Examining data/python-aiohttp-3.6.2/aiohttp/_helpers.c Examining data/python-aiohttp-3.6.2/aiohttp/_http_parser.c Examining data/python-aiohttp-3.6.2/aiohttp/_http_writer.c Examining data/python-aiohttp-3.6.2/aiohttp/_websocket.c Examining data/python-aiohttp-3.6.2/vendor/http-parser/bench.c Examining data/python-aiohttp-3.6.2/vendor/http-parser/contrib/parsertrace.c Examining data/python-aiohttp-3.6.2/vendor/http-parser/contrib/url_parser.c Examining data/python-aiohttp-3.6.2/vendor/http-parser/http_parser.c Examining data/python-aiohttp-3.6.2/vendor/http-parser/http_parser.h Examining data/python-aiohttp-3.6.2/vendor/http-parser/test.c FINAL RESULTS: data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:769:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/python-aiohttp-3.6.2/aiohttp/_helpers.c:769:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:775:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:772:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/python-aiohttp-3.6.2/aiohttp/_websocket.c:773:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3810:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. size_t buf1len = sprintf(buf1, "%s\r\nConnection: Keep-Alive\r\nContent-Length: %lu\r\n\r\n", data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3847:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(total, r1->raw); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3848:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(total, r2->raw); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3849:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(total, r3->raw); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3898:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(total, r1->raw); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3899:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(total, r2->raw); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3900:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(total, r3->raw); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4327:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4347:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method); data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:6287:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:6288:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:6288:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:6309:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/python-aiohttp-3.6.2/aiohttp/_helpers.c:4305:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/python-aiohttp-3.6.2/aiohttp/_helpers.c:4306:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/python-aiohttp-3.6.2/aiohttp/_helpers.c:4306:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/python-aiohttp-3.6.2/aiohttp/_helpers.c:4327:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21448:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate) PyErr_Clear(); data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21449:18: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21449:58: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (!setstate || __Pyx_setup_reduce_is_named(setstate, __pyx_n_s_setstate_cython)) { data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21470:16: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Py_XDECREF(setstate); data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:722:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:7085:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:7089:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/python-aiohttp-3.6.2/aiohttp/_helpers.c:722:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/python-aiohttp-3.6.2/aiohttp/_helpers.c:5072:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/python-aiohttp-3.6.2/aiohttp/_helpers.c:5076:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:728:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:2445:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy((__pyx_v_ptr + __pyx_v_s), __pyx_v_at, __pyx_v_length)); data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:7544:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy((__pyx_v_buf + __pyx_v_size), __pyx_v_at, __pyx_v_length)); data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:7629:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy((__pyx_v_buf + __pyx_v_size), __pyx_v_at, __pyx_v_length)); data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21500:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:23878:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:23882:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:725:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:1240:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char __pyx_v_7aiohttp_12_http_writer_BUFFER[0x4000]; data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:1503:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)(memcpy(__pyx_v_buf, __pyx_v_writer->buf, __pyx_v_writer->size)); data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:4601:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:5535:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:5539:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/python-aiohttp-3.6.2/aiohttp/_websocket.c:726:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/python-aiohttp-3.6.2/aiohttp/_websocket.c:2448:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning[200]; data/python-aiohttp-3.6.2/aiohttp/_websocket.c:3292:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/python-aiohttp-3.6.2/aiohttp/_websocket.c:3296:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/python-aiohttp-3.6.2/vendor/http-parser/contrib/parsertrace.c:108:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* file = fopen(filename, "r"); data/python-aiohttp-3.6.2/vendor/http-parser/http_parser.c:187:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char tokens[256] = { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char response_status[MAX_ELEMENT_SIZE]; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:55:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char request_path[MAX_ELEMENT_SIZE]; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:56:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char request_url[MAX_ELEMENT_SIZE]; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fragment[MAX_ELEMENT_SIZE]; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_string[MAX_ELEMENT_SIZE]; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char body[MAX_ELEMENT_SIZE]; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char headers [MAX_HEADERS][2][MAX_ELEMENT_SIZE]; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:1984:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + dlen, src, ncpy); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2002:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, ncpy); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2537:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ubuf[256]; \ data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2540:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ubuf, (found)->request_url + (u)->field_data[(fn)].off, \ data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3809:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[3000]; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3840:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char total[ strlen(r1->raw) data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3893:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char total[80*1024] = "\0"; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3894:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[80*1024] = "\0"; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3895:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[80*1024] = "\0"; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3896:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[80*1024] = "\0"; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4024:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, headers, headers_len); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4029:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + wrote, "400\r\n", 5); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4033:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf + wrote, "\r\n"); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4037:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + wrote, "0\r\n\r\n", 6); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4326:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4346:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:646:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:767:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/python-aiohttp-3.6.2/aiohttp/_frozenlist.c:7133:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/python-aiohttp-3.6.2/aiohttp/_helpers.c:646:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/python-aiohttp-3.6.2/aiohttp/_helpers.c:767:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/python-aiohttp-3.6.2/aiohttp/_helpers.c:5120:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:652:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:773:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:19562:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_t_1 = __Pyx_decode_c_string(__pyx_t_82, 0, strlen(__pyx_t_82), NULL, NULL, PyUnicode_DecodeASCII); if (unlikely(!__pyx_t_1)) __PYX_ERR(0, 72, __pyx_L1_error) data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:21154:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t slen = strlen(cstring); data/python-aiohttp-3.6.2/aiohttp/_http_parser.c:23926:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:649:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:770:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/python-aiohttp-3.6.2/aiohttp/_http_writer.c:5583:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/python-aiohttp-3.6.2/aiohttp/_websocket.c:650:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/python-aiohttp-3.6.2/aiohttp/_websocket.c:771:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c) + 1); data/python-aiohttp-3.6.2/aiohttp/_websocket.c:3340:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/python-aiohttp-3.6.2/vendor/http-parser/contrib/url_parser.c:34:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[2]); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2585:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (http_parser_parse_url(m->request_url, strlen(m->request_url), 0, &u)) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2681:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). off += strlen(m->raw); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2684:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). off -= strlen(m->upgrade); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2693:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *(body + nread + strlen(m->upgrade)) = '\0'; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:2714:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t i, j, len = strlen(raw), error_location_line = 0; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3356:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). test->url ? strlen(test->url) : 0, data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3407:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t raw_len = strlen(message->raw); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3412:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3423:70: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!messages[0].headers_complete_cb_called && parser.nread != read) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3424:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(parser.nread == read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3425:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(msg1, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3430:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). messages[num_messages - 1].upgrade = msg1 + read; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3434:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != msg1len) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3435:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(msg1, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3444:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). messages[num_messages - 1].upgrade = msg2 + read; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3448:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != msg2len) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3449:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(msg2, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3455:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != 0) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3456:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(message->raw, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3476:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3477:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l = strlen(message->raw); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3484:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != toread) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3485:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(message->raw, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3492:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != 0) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3493:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(message->raw, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3514:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). parse(buf, strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3548:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3549:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(parsed == strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3552:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buflen = strlen(buf); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3582:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3583:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(parsed == strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3586:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buflen = strlen(buf); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3616:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3617:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(parsed == strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3620:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buflen = strlen(buf); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3643:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3644:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(parsed == strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3647:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buflen = strlen(buf); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3670:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3671:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(parsed == strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3674:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buflen = strlen(buf); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3719:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3720:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(parsed == strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3723:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buflen = strlen(buf); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3748:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3749:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(parsed == strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3751:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(parser.nread == strlen(buf)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3840:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char total[ strlen(r1->raw) data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3841:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(r2->raw) data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3842:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(r3->raw) data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3853:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3855:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). read = parse(total, strlen(total)); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3858:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). upgrade_message_fix(total, read, 3, r1, r2, r3); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3862:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != strlen(total)) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3862:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (read != strlen(total)) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3863:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(total, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3869:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != 0) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3870:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(total, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3902:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read; data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3904:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int total_len = strlen(total); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3942:72: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!messages[0].headers_complete_cb_called && parser.nread != read) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3943:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(buf1, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3949:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != buf1_len) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3950:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(buf1, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3958:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != buf1_len + buf2_len) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3959:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(buf2, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3967:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read != buf1_len + buf2_len + buf3_len) { data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3968:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). print_error(buf3, read); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:3976:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). upgrade_message_fix(total, read, 3, r1, r2, r3); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4020:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t headers_len = strlen(headers); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4050:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buflen = strlen(msg->raw); data/python-aiohttp-3.6.2/vendor/http-parser/test.c:4099:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buflen = strlen(msg->raw); ANALYSIS SUMMARY: Hits = 164 Lines analyzed = 63928 in approximately 1.45 seconds (43976 lines/second) Physical Source Lines of Code (SLOC) = 49834 Hits@level = [0] 91 [1] 90 [2] 48 [3] 12 [4] 14 [5] 0 Hits@level+ = [0+] 255 [1+] 164 [2+] 74 [3+] 26 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 5.11699 [1+] 3.29093 [2+] 1.48493 [3+] 0.521732 [4+] 0.280933 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.