Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ros-kdl-parser-1.14.1/kdl_parser/include/kdl_parser/kdl_parser.hpp Examining data/ros-kdl-parser-1.14.1/kdl_parser/include/kdl_parser/visibility_control.hpp Examining data/ros-kdl-parser-1.14.1/kdl_parser/src/check_kdl_parser.cpp Examining data/ros-kdl-parser-1.14.1/kdl_parser/src/kdl_parser.cpp Examining data/ros-kdl-parser-1.14.1/kdl_parser/test/test_inertia_rpy.cpp Examining data/ros-kdl-parser-1.14.1/kdl_parser/test/test_kdl_parser.cpp FINAL RESULTS: data/ros-kdl-parser-1.14.1/kdl_parser/src/kdl_parser.cpp:51:24: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ROS_DEBUG(...) fprintf(stdout, __VA_ARGS__); data/ros-kdl-parser-1.14.1/kdl_parser/src/kdl_parser.cpp:52:24: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ROS_ERROR(...) fprintf(stderr, __VA_ARGS__); data/ros-kdl-parser-1.14.1/kdl_parser/src/kdl_parser.cpp:53:23: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ROS_WARN(...) fprintf(stderr, __VA_ARGS__); ANALYSIS SUMMARY: Hits = 3 Lines analyzed = 727 in approximately 0.06 seconds (12348 lines/second) Physical Source Lines of Code (SLOC) = 361 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 8.31025 [1+] 8.31025 [2+] 8.31025 [3+] 8.31025 [4+] 8.31025 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.