COMMAND : flawfinder -SQ Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:63: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:83: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:94: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:95: [4] (shell) popen: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:121: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:122: [4] (shell) popen: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:145: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:176: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:177: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:178: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:188: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:189: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:190: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:218: [4] (shell) popen: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:230: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:249: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:267: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:268: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:275: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:276: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:308: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:314: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:320: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:53: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:54: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:55: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:66: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:80: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:86: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:115: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:151: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:167: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:216: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:222: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:233: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:274: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:281: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:291: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:299: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:69: [1] (buffer) fgetc: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:89: [1] (buffer) fgetc: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:143: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:154: [1] (buffer) fgetc: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:238: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/wireless.c:302: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 47 Lines analyzed = 325 in 0.53 seconds (12814 lines/second) Physical Source Lines of Code (SLOC) = 253 Hits@level = [0] 0 [1] 8 [2] 16 [3] 0 [4] 23 [5] 0 Hits@level+ = [0+] 47 [1+] 47 [2+] 39 [3+] 23 [4+] 23 [5+] 0 Hits/KSLOC@level+ = [0+] 185.771 [1+] 185.771 [2+] 154.15 [3+] 90.9091 [4+] 90.9091 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/powertop.h:34: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.h:67: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.h:68: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.h:76: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 4 Lines analyzed = 125 in 0.52 seconds (7342 lines/second) Physical Source Lines of Code (SLOC) = 74 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 54.0541 [1+] 54.0541 [2+] 54.0541 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:73: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:80: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:98: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:100: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:107: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:121: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:123: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:148: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:149: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:207: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:40: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:41: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:66: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:67: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:74: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:81: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:101: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:108: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:135: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:136: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:137: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:150: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:206: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:115: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:115: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:116: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:117: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:117: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:118: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/urbnum.c:120: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 30 Lines analyzed = 219 in 0.53 seconds (6917 lines/second) Physical Source Lines of Code (SLOC) = 170 Hits@level = [0] 0 [1] 7 [2] 13 [3] 0 [4] 10 [5] 0 Hits@level+ = [0+] 30 [1+] 30 [2+] 23 [3+] 10 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 176.471 [1+] 176.471 [2+] 135.294 [3+] 58.8235 [4+] 58.8235 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/config.c:46: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.zXtUV1/src/config.c:47: [4] (shell) popen: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/config.c:52: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/config.c:68: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/config.c:71: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/config.c:80: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/config.c:98: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/config.c:99: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/config.c:36: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/config.c:42: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/config.c:43: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/config.c:49: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/config.c:57: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/config.c:69: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/config.c:72: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/config.c:77: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/config.c:92: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/config.c:93: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 18 Lines analyzed = 112 in 0.52 seconds (6836 lines/second) Physical Source Lines of Code (SLOC) = 76 Hits@level = [0] 0 [1] 0 [2] 10 [3] 0 [4] 8 [5] 0 Hits@level+ = [0+] 18 [1+] 18 [2+] 18 [3+] 8 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 236.842 [1+] 236.842 [2+] 236.842 [3+] 105.263 [4+] 105.263 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/sata.c:51: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/sata.c:83: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/sata.c:42: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/sata.c:52: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/sata.c:68: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/sata.c:69: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/sata.c:84: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. Hits = 7 Lines analyzed = 106 in 0.52 seconds (6726 lines/second) Physical Source Lines of Code (SLOC) = 68 Hits@level = [0] 0 [1] 0 [2] 5 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 7 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 102.941 [1+] 102.941 [2+] 102.941 [3+] 29.4118 [4+] 29.4118 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/bluetooth.c:93: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/bluetooth.c:94: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/bluetooth.c:108: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.zXtUV1/src/bluetooth.c:122: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.zXtUV1/src/bluetooth.c:132: [4] (shell) popen: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/bluetooth.c:68: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/bluetooth.c:116: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.zXtUV1/src/bluetooth.c:134: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/bluetooth.c:140: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 9 Lines analyzed = 151 in 0.52 seconds (9091 lines/second) Physical Source Lines of Code (SLOC) = 96 Hits@level = [0] 0 [1] 1 [2] 3 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 8 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 93.75 [1+] 93.75 [2+] 83.3333 [3+] 52.0833 [4+] 52.0833 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:150: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:181: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:38: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:49: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:56: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:69: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:88: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:98: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:99: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:119: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:120: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:145: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:152: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:162: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:163: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:187: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:189: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:211: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:221: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:225: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:242: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:274: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:284: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:286: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:296: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/misctips.c:297: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. Hits = 26 Lines analyzed = 304 in 0.53 seconds (9741 lines/second) Physical Source Lines of Code (SLOC) = 247 Hits@level = [0] 0 [1] 0 [2] 24 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 26 [1+] 26 [2+] 26 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 105.263 [1+] 105.263 [2+] 105.263 [3+] 8.09717 [4+] 8.09717 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/xrandr.c:39: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/xrandr.c:40: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/xrandr.c:54: [4] (shell) popen: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/xrandr.c:48: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 4 Lines analyzed = 82 in 0.51 seconds (5571 lines/second) Physical Source Lines of Code (SLOC) = 50 Hits@level = [0] 0 [1] 0 [2] 1 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 80 [1+] 80 [2+] 80 [3+] 60 [4+] 60 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/usb.c:49: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/usb.c:55: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/usb.c:83: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/usb.c:98: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/usb.c:40: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/usb.c:50: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/usb.c:56: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/usb.c:71: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/usb.c:72: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/usb.c:84: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/usb.c:99: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. Hits = 11 Lines analyzed = 125 in 0.52 seconds (7738 lines/second) Physical Source Lines of Code (SLOC) = 82 Hits@level = [0] 0 [1] 0 [2] 7 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 11 [1+] 11 [2+] 11 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 134.146 [1+] 134.146 [2+] 134.146 [3+] 48.7805 [4+] 48.7805 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/suggestions.c:135: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/suggestions.c:58: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/suggestions.c:74: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant character. /tmp/bogosec.temp_target.zXtUV1/src/suggestions.c:108: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant character. /tmp/bogosec.temp_target.zXtUV1/src/suggestions.c:119: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/suggestions.c:129: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers. Hits = 6 Lines analyzed = 152 in 0.52 seconds (9532 lines/second) Physical Source Lines of Code (SLOC) = 104 Hits@level = [0] 0 [1] 4 [2] 1 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 2 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 57.6923 [1+] 57.6923 [2+] 19.2308 [3+] 9.61538 [4+] 9.61538 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:121: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:166: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:247: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:249: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:252: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:282: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:339: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:353: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:372: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:378: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:381: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:394: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:506: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:596: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:607: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:618: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:628: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:638: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:725: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:821: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:896: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:972: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:973: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition. Set up the correct permissions (e.g., using setuid()) and try to open the file directly. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:704: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:44: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:63: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:168: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:175: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:176: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:183: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:269: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:283: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:320: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:321: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:354: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:368: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:382: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:395: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:447: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:458: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:488: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:501: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:507: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:575: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:591: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:597: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:608: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:619: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:629: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:639: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:672: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:685: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:729: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:730: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:799: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:805: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:808: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:820: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:838: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:841: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:1065: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:1066: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:221: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:280: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:333: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:351: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:503: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:601: [1] (buffer) getc: Check buffer boundaries if used in a loop. /tmp/bogosec.temp_target.zXtUV1/src/powertop.c:942: [1] (buffer) fgetc: Check buffer boundaries if used in a loop. Hits = 69 Lines analyzed = 1073 in 0.55 seconds (19676 lines/second) Physical Source Lines of Code (SLOC) = 877 Hits@level = [0] 0 [1] 7 [2] 38 [3] 1 [4] 23 [5] 0 Hits@level+ = [0+] 69 [1+] 69 [2+] 62 [3+] 24 [4+] 23 [5+] 0 Hits/KSLOC@level+ = [0+] 78.6773 [1+] 78.6773 [2+] 70.6956 [3+] 27.366 [4+] 26.2258 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/process.c:47: [4] (shell) popen: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/process.c:72: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/process.c:73: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/process.c:84: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/process.c:85: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/process.c:37: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/process.c:42: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/process.c:67: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/process.c:83: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Hits = 9 Lines analyzed = 92 in 0.52 seconds (6091 lines/second) Physical Source Lines of Code (SLOC) = 59 Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 9 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 152.542 [1+] 152.542 [2+] 152.542 [3+] 84.7458 [4+] 84.7458 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/intelcstates.c:93: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/intelcstates.c:105: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/intelcstates.c:73: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/intelcstates.c:74: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/intelcstates.c:106: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/intelcstates.c:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/intelcstates.c:103: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 7 Lines analyzed = 151 in 0.52 seconds (9356 lines/second) Physical Source Lines of Code (SLOC) = 99 Hits@level = [0] 0 [1] 2 [2] 3 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 5 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 70.7071 [1+] 70.7071 [2+] 50.5051 [3+] 20.202 [4+] 20.202 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/ethernet.c:65: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.zXtUV1/src/ethernet.c:106: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. Hits = 2 Lines analyzed = 138 in 0.52 seconds (8131 lines/second) Physical Source Lines of Code (SLOC) = 83 Hits@level = [0] 0 [1] 0 [2] 2 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 2 [1+] 2 [2+] 2 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 24.0964 [1+] 24.0964 [2+] 24.0964 [3+] 0 [4+] 0 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/display.c:46: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited. Use a constant for the format specification. /tmp/bogosec.temp_target.zXtUV1/src/display.c:48: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/display.c:108: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.zXtUV1/src/display.c:109: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk is low because the source is a constant string. /tmp/bogosec.temp_target.zXtUV1/src/display.c:194: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/display.c:196: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/display.c:201: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/display.c:205: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/display.c:208: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/display.c:154: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/display.c:159: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/display.c:174: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). /tmp/bogosec.temp_target.zXtUV1/src/display.c:202: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination. Consider using strncat or strlcat (warning, strncat is easily misused). Risk is low because the source is a constant character. /tmp/bogosec.temp_target.zXtUV1/src/display.c:203: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 14 Lines analyzed = 278 in 0.52 seconds (12301 lines/second) Physical Source Lines of Code (SLOC) = 210 Hits@level = [0] 0 [1] 5 [2] 8 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 14 [1+] 14 [2+] 9 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 66.6667 [1+] 66.6667 [2+] 42.8571 [3+] 4.7619 [4+] 4.7619 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/cpufreq.c:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available. /tmp/bogosec.temp_target.zXtUV1/src/cpufreq.c:52: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/cpufreq.c:85: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/cpufreq.c:95: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination. Consider using strncpy or strlcpy (warning, strncpy is easily misused). /tmp/bogosec.temp_target.zXtUV1/src/cpufreq.c:40: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreq.c:53: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/cpufreq.c:68: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreq.c:69: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreq.c:71: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreq.c:86: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. /tmp/bogosec.temp_target.zXtUV1/src/cpufreq.c:94: [1] (buffer) strlen: Does not handle strings that are not \0-terminated (it could cause a crash if unprotected). Hits = 11 Lines analyzed = 120 in 0.52 seconds (7605 lines/second) Physical Source Lines of Code (SLOC) = 73 Hits@level = [0] 0 [1] 1 [2] 6 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 11 [1+] 11 [2+] 10 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 150.685 [1+] 150.685 [2+] 136.986 [3+] 54.7945 [4+] 54.7945 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:114: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:169: [4] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:45: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:67: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:74: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:77: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:80: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:92: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:93: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:99: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data. /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:101: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length. /tmp/bogosec.temp_target.zXtUV1/src/cpufreqstats.c:115: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?. Hits = 12 Lines analyzed = 174 in 0.52 seconds (9456 lines/second) Physical Source Lines of Code (SLOC) = 116 Hits@level = [0] 0 [1] 0 [2] 10 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 12 [1+] 12 [2+] 12 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 103.448 [1+] 103.448 [2+] 103.448 [3+] 17.2414 [4+] 17.2414 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code!