Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/softflowd-1.0.0/closefrom.c
Examining data/softflowd-1.0.0/common.h
Examining data/softflowd-1.0.0/convtime.c
Examining data/softflowd-1.0.0/convtime.h
Examining data/softflowd-1.0.0/daemon.c
Examining data/softflowd-1.0.0/freelist.c
Examining data/softflowd-1.0.0/freelist.h
Examining data/softflowd-1.0.0/ipfix.c
Examining data/softflowd-1.0.0/ipfix.h
Examining data/softflowd-1.0.0/log.c
Examining data/softflowd-1.0.0/log.h
Examining data/softflowd-1.0.0/netflow1.c
Examining data/softflowd-1.0.0/netflow5.c
Examining data/softflowd-1.0.0/netflow9.c
Examining data/softflowd-1.0.0/netflow9.h
Examining data/softflowd-1.0.0/ntopng.c
Examining data/softflowd-1.0.0/psamp.c
Examining data/softflowd-1.0.0/psamp.h
Examining data/softflowd-1.0.0/softflowctl.c
Examining data/softflowd-1.0.0/softflowd.c
Examining data/softflowd-1.0.0/softflowd.h
Examining data/softflowd-1.0.0/strlcat.c
Examining data/softflowd-1.0.0/strlcpy.c
Examining data/softflowd-1.0.0/sys-tree.h
Examining data/softflowd-1.0.0/treetype.h
FINAL RESULTS:
data/softflowd-1.0.0/log.c:48:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/softflowd-1.0.0/softflowctl.c:48:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "hc:")) != -1) {
data/softflowd-1.0.0/softflowd.c:1858:7: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot (PRIVDROP_CHROOT_DIR) != 0) {
data/softflowd-1.0.0/softflowd.c:1937:11: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt (argc, argv,
data/softflowd-1.0.0/closefrom.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fdpath[PATH_MAX], *endp;
data/softflowd-1.0.0/daemon.c:70:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
data/softflowd-1.0.0/ipfix.c:658:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d4[i]->sourceIPv4Address, &flow->addr[i].v4, 4);
data/softflowd-1.0.0/ipfix.c:659:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d4[i]->destinationIPv4Address, &flow->addr[i ^ 1].v4, 4);
data/softflowd-1.0.0/ipfix.c:663:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d6[i]->sourceIPv6Address, &flow->addr[i].v6, 16);
data/softflowd-1.0.0/ipfix.c:664:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d6[i]->destinationIPv6Address, &flow->addr[i ^ 1].v6, 16);
data/softflowd-1.0.0/ipfix.c:701:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&de[i]->sourceMacAddress, &flow->ethermac[i], 6);
data/softflowd-1.0.0/ipfix.c:702:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&de[i]->destinationMacAddress, &flow->ethermac[i ^ 1], 6);
data/softflowd-1.0.0/ipfix.c:759:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet + *offset, template, size);
data/softflowd-1.0.0/ipfix.c:763:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet + *offset, template->v, size);
data/softflowd-1.0.0/ipfix.c:843:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet + offset, &option_template, opt_tmpl_len);
data/softflowd-1.0.0/ipfix.c:846:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet + offset, &option_data, sizeof (option_data));
data/softflowd-1.0.0/ipfix.c:849:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet + offset, &nf9opt_data, sizeof (nf9opt_data));
data/softflowd-1.0.0/netflow9.c:265:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d[0].d4.src_addr, &flow->addr[0].v4, 4);
data/softflowd-1.0.0/netflow9.c:266:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d[0].d4.dst_addr, &flow->addr[1].v4, 4);
data/softflowd-1.0.0/netflow9.c:267:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d[1].d4.src_addr, &flow->addr[1].v4, 4);
data/softflowd-1.0.0/netflow9.c:268:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d[1].d4.dst_addr, &flow->addr[0].v4, 4);
data/softflowd-1.0.0/netflow9.c:275:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d[0].d6.src_addr, &flow->addr[0].v6, 16);
data/softflowd-1.0.0/netflow9.c:276:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d[0].d6.dst_addr, &flow->addr[1].v6, 16);
data/softflowd-1.0.0/netflow9.c:277:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d[1].d6.src_addr, &flow->addr[1].v6, 16);
data/softflowd-1.0.0/netflow9.c:278:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&d[1].d6.dst_addr, &flow->addr[0].v6, 16);
data/softflowd-1.0.0/netflow9.c:312:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet + ret_len, &d[0], freclen);
data/softflowd-1.0.0/netflow9.c:319:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet + ret_len, &d[1], freclen);
data/softflowd-1.0.0/netflow9.c:378:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet + offset, &v4_template, sizeof (v4_template));
data/softflowd-1.0.0/netflow9.c:381:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet + offset, &v6_template, sizeof (v6_template));
data/softflowd-1.0.0/netflow9.c:385:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet + offset, &option_template, sizeof (option_template));
data/softflowd-1.0.0/netflow9.c:388:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet + offset, &option_data, sizeof (option_data));
data/softflowd-1.0.0/ntopng.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char url[16];
data/softflowd-1.0.0/ntopng.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char connect_str[6 + NI_MAXHOST + 1 + NI_MAXSERV + 1]; /* "tcp://hostname:port" */
data/softflowd-1.0.0/ntopng.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[INET_ADDRSTRLEN];
data/softflowd-1.0.0/ntopng.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[INET_ADDRSTRLEN];
data/softflowd-1.0.0/ntopng.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[INET6_ADDRSTRLEN];
data/softflowd-1.0.0/ntopng.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[INET6_ADDRSTRLEN];
data/softflowd-1.0.0/ntopng.c:168:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char json[MAX_JSON_SIZE];
data/softflowd-1.0.0/psamp.c:84:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&packet[offset], &template, sizeof (template));
data/softflowd-1.0.0/psamp.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&packet[offset], pkt, copysize);
data/softflowd-1.0.0/psamp.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IPFIX_SOFTFLOWD_MAX_PACKET_SIZE];
data/softflowd-1.0.0/softflowctl.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192], *command;
data/softflowd-1.0.0/softflowd.c:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], tmp[3];
data/softflowd-1.0.0/softflowd.c:274:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/softflowd-1.0.0/softflowd.c:283:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *
data/softflowd-1.0.0/softflowd.c:285:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/softflowd-1.0.0/softflowd.c:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr1[64], addr2[64], start_time[32], fin_time[32];
data/softflowd-1.0.0/softflowd.c:296:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/softflowd-1.0.0/softflowd.c:328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr1[64], addr2[64];
data/softflowd-1.0.0/softflowd.c:329:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/softflowd-1.0.0/softflowd.c:514:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (flow->ethermac[ndx], ether->ether_shost, ETH_ALEN);
data/softflowd-1.0.0/softflowd.c:515:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (flow->ethermac[ndx ^ 1], ether->ether_dhost, ETH_ALEN);
data/softflowd-1.0.0/softflowd.c:669:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (flow, &tmp, sizeof (*flow));
data/softflowd-1.0.0/softflowd.c:952:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sp.flows, expired_flows, sizeof (struct FLOW) * num_expired);
data/softflowd-1.0.0/softflowd.c:1077:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proto[32];
data/softflowd-1.0.0/softflowd.c:1306:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&packet_header, phdr, sizeof (struct pcap_pkthdr));
data/softflowd-1.0.0/softflowd.c:1341:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64], *p;
data/softflowd-1.0.0/softflowd.c:1570:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[PCAP_ERRBUF_SIZE];
data/softflowd-1.0.0/softflowd.c:1822:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (addr, res->ai_addr, res->ai_addrlen);
data/softflowd-1.0.0/softflowd.c:1966:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if_index = (u_int16_t) atoi (dev);
data/softflowd-1.0.0/softflowd.c:2014:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hoplimit = atoi (optarg);
data/softflowd-1.0.0/softflowd.c:2022:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((flowtrack.param.max_flows = atoi (optarg)) < 0) {
data/softflowd-1.0.0/softflowd.c:2054:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = version ? version : atoi (optarg);
data/softflowd-1.0.0/softflowd.c:2062:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
flowtrack.param.option.sample = atoi (optarg);
data/softflowd-1.0.0/softflowd.c:2104:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snaplen = atoi (optarg);
data/softflowd-1.0.0/softflowd.c:2110:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
recvport = atoi (optarg);
data/softflowd-1.0.0/softflowd.c:2182:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pidfile = fopen (pidfile_path, "r")) != NULL) {
data/softflowd-1.0.0/softflowd.c:2199:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pidfile = fopen (pidfile_path, "w")) == NULL) {
data/softflowd-1.0.0/softflowd.h:251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[NI_MAXHOST];
data/softflowd-1.0.0/softflowd.h:252:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char servname[NI_MAXSERV];
data/softflowd-1.0.0/closefrom.c:30:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define NAMLEN(dirent) strlen((dirent)->d_name)
data/softflowd-1.0.0/softflowctl.c:80:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ctlsock_path) + 1;
data/softflowd-1.0.0/softflowd.c:1544:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addrlen = offsetof (struct sockaddr_un, sun_path) + strlen (path) + 1;
data/softflowd-1.0.0/softflowd.c:1655:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret_len += strlen (argv[i]);
data/softflowd-1.0.0/softflowd.c:1965:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dev) > 0) {
data/softflowd-1.0.0/softflowd.c:1970:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dev) == 0) {
data/softflowd-1.0.0/strlcat.c:53:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(dlen + strlen(s));
ANALYSIS SUMMARY:
Hits = 77
Lines analyzed = 7044 in approximately 0.25 seconds (27912 lines/second)
Physical Source Lines of Code (SLOC) = 5321
Hits@level = [0] 127 [1] 7 [2] 66 [3] 3 [4] 1 [5] 0
Hits@level+ = [0+] 204 [1+] 77 [2+] 70 [3+] 4 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 38.3387 [1+] 14.471 [2+] 13.1554 [3+] 0.751738 [4+] 0.187935 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.