Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ruby-vmstat-2.3.0/ext/vmstat/hw/bsd.h
Examining data/ruby-vmstat-2.3.0/ext/vmstat/hw/mach.h
Examining data/ruby-vmstat-2.3.0/ext/vmstat/hw/posix.h
Examining data/ruby-vmstat-2.3.0/ext/vmstat/hw/sysctl.h
Examining data/ruby-vmstat-2.3.0/ext/vmstat/hw/statfs.h
Examining data/ruby-vmstat-2.3.0/ext/vmstat/vmstat.c
Examining data/ruby-vmstat-2.3.0/ext/vmstat/vmstat.h
FINAL RESULTS:
data/ruby-vmstat-2.3.0/ext/vmstat/hw/bsd.h:14:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
long system;
data/ruby-vmstat-2.3.0/ext/vmstat/hw/statfs.h:29:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_new(stat.f_mntfromname, strlen(stat.f_mntfromname)),
data/ruby-vmstat-2.3.0/ext/vmstat/hw/statfs.h:30:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_new(stat.f_mntonname, strlen(stat.f_mntonname)),
ANALYSIS SUMMARY:
Hits = 3
Lines analyzed = 419 in approximately 0.02 seconds (19725 lines/second)
Physical Source Lines of Code (SLOC) = 347
Hits@level = [0] 0 [1] 2 [2] 0 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 3 [1+] 3 [2+] 1 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 8.64553 [1+] 8.64553 [2+] 2.88184 [3+] 2.88184 [4+] 2.88184 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.