Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/switchsh-0~20070801/switchsh.c
FINAL RESULTS:
data/switchsh-0~20070801/switchsh.c:65:38: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((noreturn, format(printf, 1, 2)));
data/switchsh-0~20070801/switchsh.c:67:38: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((noreturn, format(printf, 1, 2)));
data/switchsh-0~20070801/switchsh.c:121:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(*argv, argv);
data/switchsh-0~20070801/switchsh.c:131:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/switchsh-0~20070801/switchsh.c:142:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
ANALYSIS SUMMARY:
Hits = 5
Lines analyzed = 147 in approximately 0.01 seconds (12681 lines/second)
Physical Source Lines of Code (SLOC) = 100
Hits@level = [0] 1 [1] 0 [2] 0 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 6 [1+] 5 [2+] 5 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 60 [1+] 50 [2+] 50 [3+] 50 [4+] 50 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.