Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/sddm-0.19.0/src/auth/Auth.cpp Examining data/sddm-0.19.0/src/auth/Auth.h Examining data/sddm-0.19.0/src/auth/AuthMessages.h Examining data/sddm-0.19.0/src/auth/AuthPrompt.cpp Examining data/sddm-0.19.0/src/auth/AuthPrompt.h Examining data/sddm-0.19.0/src/auth/AuthRequest.cpp Examining data/sddm-0.19.0/src/auth/AuthRequest.h Examining data/sddm-0.19.0/src/common/ConfigReader.cpp Examining data/sddm-0.19.0/src/common/ConfigReader.h Examining data/sddm-0.19.0/src/common/Configuration.cpp Examining data/sddm-0.19.0/src/common/MessageHandler.h Examining data/sddm-0.19.0/src/common/Messages.h Examining data/sddm-0.19.0/src/common/SafeDataStream.cpp Examining data/sddm-0.19.0/src/common/SafeDataStream.h Examining data/sddm-0.19.0/src/common/Session.h Examining data/sddm-0.19.0/src/common/SocketWriter.cpp Examining data/sddm-0.19.0/src/common/SocketWriter.h Examining data/sddm-0.19.0/src/common/ThemeConfig.cpp Examining data/sddm-0.19.0/src/common/ThemeConfig.h Examining data/sddm-0.19.0/src/common/ThemeMetadata.cpp Examining data/sddm-0.19.0/src/common/ThemeMetadata.h Examining data/sddm-0.19.0/src/common/VirtualTerminal.cpp Examining data/sddm-0.19.0/src/common/VirtualTerminal.h Examining data/sddm-0.19.0/src/common/VirtualTerminal_FreeBSD.cpp Examining data/sddm-0.19.0/src/common/Configuration.h Examining data/sddm-0.19.0/src/common/Session.cpp Examining data/sddm-0.19.0/src/daemon/DaemonApp.cpp Examining data/sddm-0.19.0/src/daemon/DaemonApp.h Examining data/sddm-0.19.0/src/daemon/Display.cpp Examining data/sddm-0.19.0/src/daemon/Display.h Examining data/sddm-0.19.0/src/daemon/DisplayManager.cpp Examining data/sddm-0.19.0/src/daemon/DisplayManager.h Examining data/sddm-0.19.0/src/daemon/DisplayServer.cpp Examining data/sddm-0.19.0/src/daemon/DisplayServer.h Examining data/sddm-0.19.0/src/daemon/Greeter.cpp Examining data/sddm-0.19.0/src/daemon/Greeter.h Examining data/sddm-0.19.0/src/daemon/LogindDBusTypes.cpp Examining data/sddm-0.19.0/src/daemon/LogindDBusTypes.h Examining data/sddm-0.19.0/src/daemon/PowerManager.cpp Examining data/sddm-0.19.0/src/daemon/PowerManager.h Examining data/sddm-0.19.0/src/daemon/Seat.cpp Examining data/sddm-0.19.0/src/daemon/Seat.h Examining data/sddm-0.19.0/src/daemon/SeatManager.cpp Examining data/sddm-0.19.0/src/daemon/SeatManager.h Examining data/sddm-0.19.0/src/daemon/SignalHandler.cpp Examining data/sddm-0.19.0/src/daemon/SignalHandler.h Examining data/sddm-0.19.0/src/daemon/SocketServer.cpp Examining data/sddm-0.19.0/src/daemon/SocketServer.h Examining data/sddm-0.19.0/src/daemon/Utils.h Examining data/sddm-0.19.0/src/daemon/XorgDisplayServer.cpp Examining data/sddm-0.19.0/src/daemon/XorgDisplayServer.h Examining data/sddm-0.19.0/src/greeter/GreeterApp.cpp Examining data/sddm-0.19.0/src/greeter/GreeterApp.h Examining data/sddm-0.19.0/src/greeter/GreeterProxy.cpp Examining data/sddm-0.19.0/src/greeter/GreeterProxy.h Examining data/sddm-0.19.0/src/greeter/KeyboardBackend.h Examining data/sddm-0.19.0/src/greeter/KeyboardLayout.cpp Examining data/sddm-0.19.0/src/greeter/KeyboardLayout.h Examining data/sddm-0.19.0/src/greeter/KeyboardModel.cpp Examining data/sddm-0.19.0/src/greeter/KeyboardModel.h Examining data/sddm-0.19.0/src/greeter/KeyboardModel_p.h Examining data/sddm-0.19.0/src/greeter/ScreenModel.cpp Examining data/sddm-0.19.0/src/greeter/ScreenModel.h Examining data/sddm-0.19.0/src/greeter/SessionModel.cpp Examining data/sddm-0.19.0/src/greeter/SessionModel.h Examining data/sddm-0.19.0/src/greeter/UserModel.cpp Examining data/sddm-0.19.0/src/greeter/UserModel.h Examining data/sddm-0.19.0/src/greeter/XcbKeyboardBackend.cpp Examining data/sddm-0.19.0/src/greeter/XcbKeyboardBackend.h Examining data/sddm-0.19.0/src/helper/Backend.cpp Examining data/sddm-0.19.0/src/helper/Backend.h Examining data/sddm-0.19.0/src/helper/HelperApp.cpp Examining data/sddm-0.19.0/src/helper/HelperApp.h Examining data/sddm-0.19.0/src/helper/UserSession.cpp Examining data/sddm-0.19.0/src/helper/UserSession.h Examining data/sddm-0.19.0/src/helper/backend/PamBackend.cpp Examining data/sddm-0.19.0/src/helper/backend/PamBackend.h Examining data/sddm-0.19.0/src/helper/backend/PamHandle.cpp Examining data/sddm-0.19.0/src/helper/backend/PamHandle.h Examining data/sddm-0.19.0/src/helper/backend/PasswdBackend.cpp Examining data/sddm-0.19.0/src/helper/backend/PasswdBackend.h Examining data/sddm-0.19.0/test/ConfigurationTest.cpp Examining data/sddm-0.19.0/test/ConfigurationTest.h FINAL RESULTS: data/sddm-0.19.0/src/daemon/Display.cpp:167:21: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(qPrintable(m_socketServer->socketAddress()), pw->pw_uid, pw->pw_gid) == -1) { data/sddm-0.19.0/src/daemon/XorgDisplayServer.cpp:361:17: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(qPrintable(fileName), pw->pw_uid, pw->pw_gid) == -1) data/sddm-0.19.0/src/daemon/XorgDisplayServer.cpp:103:20: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE *fp = popen(qPrintable(cmd), "w"); data/sddm-0.19.0/src/greeter/GreeterApp.cpp:60:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (m_components_tranlator->load(QLocale::system(), QString(), QString(), QStringLiteral(COMPONENTS_TRANSLATION_DIR))) data/sddm-0.19.0/src/greeter/GreeterApp.cpp:134:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (m_theme_translator->load(QLocale::system(), QString(), QString(), data/sddm-0.19.0/src/helper/UserSession.cpp:284:24: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE *fp = popen(qPrintable(cmd), "w"); data/sddm-0.19.0/src/helper/backend/PasswdBackend.cpp:92:38: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. const char * const crypted = crypt(qPrintable(password), system_passwd); data/sddm-0.19.0/src/auth/Auth.cpp:119:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (localeFile.open(QIODevice::ReadOnly | QIODevice::Text)) { data/sddm-0.19.0/src/common/ConfigReader.cpp:196:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!in.open(QIODevice::ReadOnly)) data/sddm-0.19.0/src/common/ConfigReader.cpp:284:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); // first just for reading data/sddm-0.19.0/src/common/ConfigReader.cpp:353:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/src/common/MessageHandler.h:57:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileBuffer[PATH_MAX + sizeof("CODE_FILE=")]; data/sddm-0.19.0/src/common/MessageHandler.h:60:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lineBuffer[32]; data/sddm-0.19.0/src/common/MessageHandler.h:74:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::Append | QFile::WriteOnly)) data/sddm-0.19.0/src/common/MessageHandler.h:75:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QFile::Truncate | QFile::WriteOnly); data/sddm-0.19.0/src/common/Session.cpp:141:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) data/sddm-0.19.0/src/common/VirtualTerminal.cpp:40:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open("/dev/tty0", O_RDWR | O_NOCTTY); data/sddm-0.19.0/src/common/VirtualTerminal.cpp:46:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open("/dev/tty0", O_RDWR | O_NOCTTY); data/sddm-0.19.0/src/common/VirtualTerminal.cpp:120:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open("/dev/tty0", O_RDWR | O_NOCTTY); data/sddm-0.19.0/src/common/VirtualTerminal.cpp:156:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int activeVtFd = open("/dev/tty0", O_RDWR | O_NOCTTY); data/sddm-0.19.0/src/common/VirtualTerminal.cpp:159:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int vtFd = open(qPrintable(ttyString), O_RDWR | O_NOCTTY); data/sddm-0.19.0/src/daemon/XorgDisplayServer.cpp:97:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file_handler.open(QIODevice::Append); data/sddm-0.19.0/src/daemon/XorgDisplayServer.cpp:205:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!readPipe.open(pipeFds[0], QIODevice::ReadOnly)) { data/sddm-0.19.0/src/helper/UserSession.cpp:85:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int vtFd = ::open(qPrintable(ttyString), O_RDWR | O_NOCTTY); data/sddm-0.19.0/src/helper/UserSession.cpp:95:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int stdinFd = ::open("/dev/null", O_RDWR); data/sddm-0.19.0/src/helper/UserSession.cpp:122:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = ::open(qPrintable(ns), O_RDONLY); data/sddm-0.19.0/src/helper/UserSession.cpp:195:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(groups, pam_groups, (n_pam_groups * sizeof(gid_t))); data/sddm-0.19.0/src/helper/UserSession.cpp:196:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((groups + n_pam_groups), user_groups, data/sddm-0.19.0/src/helper/UserSession.cpp:244:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = ::open(qPrintable(sessionLog), O_WRONLY | O_CREAT | O_TRUNC, 0600); data/sddm-0.19.0/src/helper/UserSession.cpp:254:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = ::open("/dev/null", O_WRONLY); data/sddm-0.19.0/src/helper/UserSession.cpp:278:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file_handler.open(QIODevice::Append); data/sddm-0.19.0/src/helper/backend/PamBackend.cpp:352:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resp[i]->resp, response.constData(), response.length()); data/sddm-0.19.0/test/ConfigurationTest.cpp:87:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFile.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/test/ConfigurationTest.cpp:100:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(confFile.open(QIODevice::ReadOnly)); data/sddm-0.19.0/test/ConfigurationTest.cpp:101:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(confCopy.open(QIODevice::ReadOnly)); data/sddm-0.19.0/test/ConfigurationTest.cpp:114:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFile.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/test/ConfigurationTest.cpp:130:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFile.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/test/ConfigurationTest.cpp:138:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(confFile.open(QIODevice::ReadOnly)); data/sddm-0.19.0/test/ConfigurationTest.cpp:148:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFile.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/test/ConfigurationTest.cpp:168:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFileA.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/test/ConfigurationTest.cpp:174:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFileB.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/test/ConfigurationTest.cpp:182:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFileC.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/test/ConfigurationTest.cpp:188:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFileMain.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/test/ConfigurationTest.cpp:209:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFile.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/test/ConfigurationTest.cpp:220:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFile.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/test/ConfigurationTest.cpp:231:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFileA.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/test/ConfigurationTest.cpp:240:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confFileA.open(QIODevice::WriteOnly | QIODevice::Truncate); data/sddm-0.19.0/src/common/SafeDataStream.cpp:60:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_device->read((char*) &length, sizeof(length)); data/sddm-0.19.0/src/common/SafeDataStream.cpp:73:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_data.append(m_device->read(length - m_data.length())); data/sddm-0.19.0/src/daemon/SignalHandler.cpp:156:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (::read(sighupFd[1], &a, sizeof(a)) == -1) { data/sddm-0.19.0/src/daemon/SignalHandler.cpp:178:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (::read(sigintFd[1], &a, sizeof(a)) == -1) { data/sddm-0.19.0/src/daemon/SignalHandler.cpp:200:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (::read(sigtermFd[1], &a, sizeof(a)) == -1) { data/sddm-0.19.0/src/daemon/SignalHandler.cpp:222:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (::read(sigusr1Fd[1], &a, sizeof(a)) == -1) { data/sddm-0.19.0/src/helper/HelperApp.cpp:288:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry.ut_line, ttyChar, sizeof(entry.ut_line) - 1); data/sddm-0.19.0/src/helper/HelperApp.cpp:294:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry.ut_host, displayChar, sizeof(entry.ut_host) - 1); data/sddm-0.19.0/src/helper/HelperApp.cpp:299:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry.ut_user, userChar, sizeof(entry.ut_user) -1); data/sddm-0.19.0/src/helper/HelperApp.cpp:342:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry.ut_line, ttyChar, sizeof(entry.ut_line) - 1); data/sddm-0.19.0/src/helper/HelperApp.cpp:348:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(entry.ut_host, displayChar, sizeof(entry.ut_host) - 1); ANALYSIS SUMMARY: Hits = 58 Lines analyzed = 11230 in approximately 0.35 seconds (32517 lines/second) Physical Source Lines of Code (SLOC) = 6936 Hits@level = [0] 9 [1] 11 [2] 40 [3] 0 [4] 5 [5] 2 Hits@level+ = [0+] 67 [1+] 58 [2+] 47 [3+] 7 [4+] 7 [5+] 2 Hits/KSLOC@level+ = [0+] 9.65975 [1+] 8.36217 [2+] 6.77624 [3+] 1.00923 [4+] 1.00923 [5+] 0.288351 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.