Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/stressapptest-1.0.6/src/finelock_queue.cc
Examining data/stressapptest-1.0.6/src/finelock_queue.h
Examining data/stressapptest-1.0.6/src/adler32memcpy.cc
Examining data/stressapptest-1.0.6/src/os_factory.cc
Examining data/stressapptest-1.0.6/src/worker.cc
Examining data/stressapptest-1.0.6/src/adler32memcpy.h
Examining data/stressapptest-1.0.6/src/stressapptest_config_android.h
Examining data/stressapptest-1.0.6/src/worker.h
Examining data/stressapptest-1.0.6/src/pattern.cc
Examining data/stressapptest-1.0.6/src/error_diag.cc
Examining data/stressapptest-1.0.6/src/sat_factory.cc
Examining data/stressapptest-1.0.6/src/sattypes.h
Examining data/stressapptest-1.0.6/src/logger.cc
Examining data/stressapptest-1.0.6/src/error_diag.h
Examining data/stressapptest-1.0.6/src/pattern.h
Examining data/stressapptest-1.0.6/src/os.cc
Examining data/stressapptest-1.0.6/src/logger.h
Examining data/stressapptest-1.0.6/src/os.h
Examining data/stressapptest-1.0.6/src/main.cc
Examining data/stressapptest-1.0.6/src/queue.cc
Examining data/stressapptest-1.0.6/src/queue.h
Examining data/stressapptest-1.0.6/src/sat.cc
Examining data/stressapptest-1.0.6/src/disk_blocks.cc
Examining data/stressapptest-1.0.6/src/disk_blocks.h
Examining data/stressapptest-1.0.6/src/sat.h
FINAL RESULTS:
data/stressapptest-1.0.6/src/logger.cc:40:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int length = vsnprintf(buffer, sizeof buffer, format, args);
data/stressapptest-1.0.6/src/sat.cc:125:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error Build system regression - COPTS disregarded.
data/stressapptest-1.0.6/src/disk_blocks.cc:52:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int64 x = random();
data/stressapptest-1.0.6/src/disk_blocks.cc:53:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
x = (x << 30) ^ random();
data/stressapptest-1.0.6/src/disk_blocks.cc:54:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
x = (x << 30) ^ random();
data/stressapptest-1.0.6/src/pattern.cc:406:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
unsigned int target = random();
data/stressapptest-1.0.6/src/queue.cc:82:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint64 rand = random();
data/stressapptest-1.0.6/src/worker.cc:1512:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int offset = random() % sat_->page_length();
data/stressapptest-1.0.6/src/worker.cc:3102:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
current_blocks = (random() % blocks) + 1;
data/stressapptest-1.0.6/src/worker.cc:3158:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/stressapptest-1.0.6/src/worker.cc:3361:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
offset = random() % (sat_->page_length() / wordsize_);
data/stressapptest-1.0.6/src/worker.cc:3374:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
offset = random() % (sat_->page_length() / wordsize_);
data/stressapptest-1.0.6/src/adler32memcpy.cc:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/stressapptest-1.0.6/src/error_diag.cc:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimm_string[256] = "";
data/stressapptest-1.0.6/src/finelock_queue.cc:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/stressapptest-1.0.6/src/logger.cc:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/stressapptest-1.0.6/src/os.cc:134:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(kPagemapPath, O_RDONLY);
data/stressapptest-1.0.6/src/os.cc:220:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int dcfile = open(drop_caches_file, O_WRONLY);
data/stressapptest-1.0.6/src/os.cc:352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65] = "0";
data/stressapptest-1.0.6/src/os.cc:357:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int hpfile = open(hugepages_info_file, O_RDONLY);
data/stressapptest-1.0.6/src/os.cc:580:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char location_message[256] = "";
data/stressapptest-1.0.6/src/os.cc:582:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(location_message, "mapped as needed");
data/stressapptest-1.0.6/src/os.cc:584:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(location_message, "at %p", shmaddr);
data/stressapptest-1.0.6/src/os.cc:695:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_file[256];
data/stressapptest-1.0.6/src/os.cc:700:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(dev_file, O_RDWR);
data/stressapptest-1.0.6/src/os.cc:792:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/stressapptest-1.0.6/src/os.cc:794:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(buf, O_RDWR);
data/stressapptest-1.0.6/src/os.cc:916:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/stressapptest-1.0.6/src/os.cc:917:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/stressapptest-1.0.6/src/os.cc:920:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/stressapptest-1.0.6/src/os.cc:930:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/stressapptest-1.0.6/src/os.cc:931:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/stressapptest-1.0.6/src/os.cc:939:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/stressapptest-1.0.6/src/pattern.h:39:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char weight[4]; // Weighted frequency of this pattern.
data/stressapptest-1.0.6/src/sat.cc:79:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile_ = open(logfilename_,
data/stressapptest-1.0.6/src/sat.cc:496:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/stressapptest-1.0.6/src/sat.h:174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfilename_[255]; // Name of file to log to.
data/stressapptest-1.0.6/src/sattypes.h:178:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/stressapptest-1.0.6/src/worker.cc:340:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/stressapptest-1.0.6/src/worker.cc:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/stressapptest-1.0.6/src/worker.cc:591:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimm_string[256] = "";
data/stressapptest-1.0.6/src/worker.cc:651:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimm_string[256] = "";
data/stressapptest-1.0.6/src/worker.cc:957:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dimm_string[256] = "";
data/stressapptest-1.0.6/src/worker.cc:958:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_dimm_string[256] = "";
data/stressapptest-1.0.6/src/worker.cc:1243:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sourcemem, targetmem, blocksize);
data/stressapptest-1.0.6/src/worker.cc:1387:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sourcemem, targetmem, blocksize);
data/stressapptest-1.0.6/src/worker.cc:1523:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst.addr, src.addr, sat_->page_length());
data/stressapptest-1.0.6/src/worker.cc:1615:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename_.c_str(), flags | O_DIRECT, 0644);
data/stressapptest-1.0.6/src/worker.cc:1618:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename_.c_str(), flags, 0644); // Try without O_DIRECT
data/stressapptest-1.0.6/src/worker.cc:2080:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/stressapptest-1.0.6/src/worker.cc:2136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = "";
data/stressapptest-1.0.6/src/worker.cc:2169:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = "";
data/stressapptest-1.0.6/src/worker.cc:2712:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(device_name_.c_str(), flags | O_DIRECT, 0);
data/stressapptest-1.0.6/src/worker.cc:2715:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device_name_.c_str(), flags, 0); // Try without O_DIRECT
data/stressapptest-1.0.6/src/worker.cc:2935:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/stressapptest-1.0.6/src/worker.cc:2976:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/stressapptest-1.0.6/src/worker.cc:3042:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block_buffer_, pe.addr, block->GetSize());
data/stressapptest-1.0.6/src/worker.h:275:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cpu_mask_, mask, sizeof(*mask));
data/stressapptest-1.0.6/src/worker.h:484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[512-4];
data/stressapptest-1.0.6/src/worker.h:511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_[256];
data/stressapptest-1.0.6/src/os.cc:139:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (lseek64(fd, off, SEEK_SET) != off || read(fd, &frame, 8) != 8) {
data/stressapptest-1.0.6/src/os.cc:359:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t bytes_read = read(hpfile, buf, 64);
data/stressapptest-1.0.6/src/os.cc:595:30: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
buf = static_cast<char*>(memalign(4096, length));
data/stressapptest-1.0.6/src/os.cc:731:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &datacast, size) != static_cast<ssize_t>(size)) {
data/stressapptest-1.0.6/src/os.cc:814:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool res = (sizeof(*data) == read(fd, data, sizeof(*data)));
data/stressapptest-1.0.6/src/os.cc:923:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, 256);
data/stressapptest-1.0.6/src/sat.cc:1356:34: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
num = reinterpret_cast<int*>(memalign(kCacheLineSize,
data/stressapptest-1.0.6/src/worker.cc:117:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, errmsg, len);
data/stressapptest-1.0.6/src/worker.cc:1706:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int64 size = read(fd, dst->addr, page_length);
data/stressapptest-1.0.6/src/worker.cc:1828:19: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
local_page_ = memalign(512, sat_->page_length());
data/stressapptest-1.0.6/src/worker.cc:2021:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ipaddr_, ipaddr_init, 256);
data/stressapptest-1.0.6/src/worker.cc:2400:16: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
local_page = memalign(512, sat_->page_length());
data/stressapptest-1.0.6/src/worker.cc:3171:19: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
block_buffer_ = memalign(kBufferAlignment, sat_->page_length());
ANALYSIS SUMMARY:
Hits = 73
Lines analyzed = 11323 in approximately 0.27 seconds (42143 lines/second)
Physical Source Lines of Code (SLOC) = 7505
Hits@level = [0] 22 [1] 13 [2] 48 [3] 10 [4] 2 [5] 0
Hits@level+ = [0+] 95 [1+] 73 [2+] 60 [3+] 12 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 12.6582 [1+] 9.72685 [2+] 7.99467 [3+] 1.59893 [4+] 0.266489 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.