Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/wmdiskmon-0.0.2/src/dockapp.c Examining data/wmdiskmon-0.0.2/src/dockapp.h Examining data/wmdiskmon-0.0.2/src/main.c FINAL RESULTS: data/wmdiskmon-0.0.2/src/main.c:508:12: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. file = popen("df -P", "r"); data/wmdiskmon-0.0.2/src/main.c:522:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(line, "%s %d %d %d %d%% %s", data/wmdiskmon-0.0.2/src/main.c:321:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[MAXCHARS + 1]; data/wmdiskmon-0.0.2/src/main.c:341:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line1[MAXCHARS + 1]; data/wmdiskmon-0.0.2/src/main.c:342:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line2[MAXCHARS + 1]; data/wmdiskmon-0.0.2/src/main.c:343:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line3[MAXCHARS + 1]; data/wmdiskmon-0.0.2/src/main.c:367:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(line2, "Error"); data/wmdiskmon-0.0.2/src/main.c:510:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXSTRLEN + 1]; data/wmdiskmon-0.0.2/src/main.c:518:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char device[MAXSTRLEN + 1]; data/wmdiskmon-0.0.2/src/main.c:519:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mountp[MAXSTRLEN + 1]; data/wmdiskmon-0.0.2/src/main.c:548:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[4]; data/wmdiskmon-0.0.2/src/main.c:326:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(text, p->entry ? p->entry : "Error", MAXCHARS); data/wmdiskmon-0.0.2/src/main.c:328:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(text, p->mountp ? p->mountp : "Error", MAXCHARS); ANALYSIS SUMMARY: Hits = 13 Lines analyzed = 1105 in approximately 0.04 seconds (28856 lines/second) Physical Source Lines of Code (SLOC) = 849 Hits@level = [0] 23 [1] 2 [2] 9 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 36 [1+] 13 [2+] 11 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 42.4028 [1+] 15.3121 [2+] 12.9564 [3+] 2.35571 [4+] 2.35571 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.