Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/yubikey-personalization-gui-3.1.24/tests/yubikeyutiltest.h
Examining data/yubikey-personalization-gui-3.1.24/tests/scanedittest.cpp
Examining data/yubikey-personalization-gui-3.1.24/tests/scanedittest.h
Examining data/yubikey-personalization-gui-3.1.24/tests/yubikeyutiltest.cpp
Examining data/yubikey-personalization-gui-3.1.24/tests/test.cpp
Examining data/yubikey-personalization-gui-3.1.24/tests/versiontest.h
Examining data/yubikey-personalization-gui-3.1.24/tests/versiontest.cpp
Examining data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp
Examining data/yubikey-personalization-gui-3.1.24/lib/us-scanedit.cpp
Examining data/yubikey-personalization-gui-3.1.24/lib/de-scanedit.h
Examining data/yubikey-personalization-gui-3.1.24/lib/crandom.cpp
Examining data/yubikey-personalization-gui-3.1.24/lib/scanedit.h
Examining data/yubikey-personalization-gui-3.1.24/lib/common.h
Examining data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.h
Examining data/yubikey-personalization-gui-3.1.24/lib/scanedit.cpp
Examining data/yubikey-personalization-gui-3.1.24/lib/crandom.h
Examining data/yubikey-personalization-gui-3.1.24/lib/us-scanedit.h
Examining data/yubikey-personalization-gui-3.1.24/lib/de-scanedit.cpp
Examining data/yubikey-personalization-gui-3.1.24/lib/otpdef.h
Examining data/yubikey-personalization-gui-3.1.24/src/yubikeyfinder.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/yubikeylogger.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/yubikeyconfig.h
Examining data/yubikey-personalization-gui-3.1.24/src/yubikeyconfig.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.h
Examining data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/version.h
Examining data/yubikey-personalization-gui-3.1.24/src/yubikeylogger.h
Examining data/yubikey-personalization-gui-3.1.24/src/yubikeyfinder.h
Examining data/yubikey-personalization-gui-3.1.24/src/help.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/otppage.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/ui/yubiaccbox.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/ui/aboutpage.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/ui/helpbox.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/ui/yubiaccbox.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/confirmbox.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/settingpage.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/ui/diagnostics.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/diagnostics.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/ui/helpbox.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/toolpage.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/ui/toolpage.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/mainwindow.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/settingpage.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/mainwindow.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/ui/aboutpage.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/otppage.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/chalresppage.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/staticpage.h
Examining data/yubikey-personalization-gui-3.1.24/src/ui/confirmbox.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/ui/staticpage.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/ui/chalresppage.cpp
Examining data/yubikey-personalization-gui-3.1.24/src/main.cpp
FINAL RESULTS:
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:214:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
CRandom random;
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:215:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random.getRand(buf, bufSize);
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[strLen * 2 + 1];
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[strLen * 2 + 1];
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modhex[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:208:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[bufSize];
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:229:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *random_file = fopen(*random_place, "r");
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:250:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, buf, bufLen);
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:265:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[bufSize];
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:283:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[bufSize];
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:312:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hexDecoded[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:351:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[resultLen];
data/yubikey-personalization-gui-3.1.24/src/ui/mainwindow.cpp:436:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.cpp:335:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tempMUI[4];
data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.cpp:431:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.cpp:439:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pubId + 2, buf, OATH_HOTP_MUI_SIZE);
data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.cpp:656:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.cpp:668:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pubId + 0, buf, OATH_HOTP_OMP_SIZE);
data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.cpp:679:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.cpp:692:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pubId + 1, buf, OATH_HOTP_TT_SIZE);
data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.cpp:707:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.cpp:923:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pubId[6];
data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.cpp:924:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pubId, m_pubId, 2);
data/yubikey-personalization-gui-3.1.24/src/ui/oathpage.h:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_pubId[2];
data/yubikey-personalization-gui-3.1.24/src/ui/otppage.cpp:252:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pubIdPrefix[prefix.size() * 2 + 1];
data/yubikey-personalization-gui-3.1.24/src/ui/otppage.cpp:441:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_tempFile.open();
data/yubikey-personalization-gui-3.1.24/src/ui/otppage.cpp:518:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/yubikey-personalization-gui-3.1.24/src/ui/settingpage.cpp:555:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/yubikey-personalization-gui-3.1.24/src/ui/toolpage.cpp:220:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/yubikey-personalization-gui-3.1.24/src/ui/toolpage.cpp:472:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/yubikey-personalization-gui-3.1.24/src/ui/toolpage.cpp:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/yubikey-personalization-gui-3.1.24/src/yubikeylogger.cpp:92:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!m_logFile->open(QIODevice::WriteOnly | QIODevice::Append)) {
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:224:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pubIdStr[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:229:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pubId[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:249:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pvtIdStr[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:254:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pvtId[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:275:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secretKeyStr[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:307:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char newAccessCode[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:403:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char accessCode[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:413:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conf_buf[1024];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:480:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char accessCode[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:488:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:495:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::WriteOnly | QIODevice::Text | QIODevice::Truncate)) {
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:543:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[64];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:602:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char accessCode[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:672:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char accessCode[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:718:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char accessCodeStr[MAX_SIZE];
data/yubikey-personalization-gui-3.1.24/tests/yubikeyutiltest.cpp:34:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[3];
data/yubikey-personalization-gui-3.1.24/tests/yubikeyutiltest.cpp:48:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[3];
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:106:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t hexLen = strlen(hex);
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:140:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t modhexLen = strlen(modhex);
data/yubikey-personalization-gui-3.1.24/lib/yubikeyutil.cpp:172:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(result, (char *) strByteArr.data(), strLen);
data/yubikey-personalization-gui-3.1.24/src/ui/toolpage.cpp:477:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int len = file.read(data, 1024);
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:227:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pubIdStrLen = strlen(pubIdStr);
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:252:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pvtIdStrLen = strlen(pvtIdStr);
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:281:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(longSecretKey && strlen(secretKeyStr) == 40) {
data/yubikey-personalization-gui-3.1.24/src/yubikeywriter.cpp:721:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t accessCodeStrLen = strlen(accessCodeStr);
ANALYSIS SUMMARY:
Hits = 58
Lines analyzed = 12068 in approximately 0.33 seconds (36227 lines/second)
Physical Source Lines of Code (SLOC) = 8113
Hits@level = [0] 1 [1] 8 [2] 48 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 59 [1+] 58 [2+] 50 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 7.27228 [1+] 7.14902 [2+] 6.16295 [3+] 0.246518 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.