Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/discosnp-4.4.4/tools/QHC/src/quick_hierarchical_clustering.cpp
Examining data/discosnp-4.4.4/tools/create_coverage_h5_file/src/create_coverage_h5_file.cpp
Examining data/discosnp-4.4.4/tools/kissnp2/src/Bubble.cpp
Examining data/discosnp-4.4.4/tools/kissnp2/src/Bubble.hpp
Examining data/discosnp-4.4.4/tools/kissnp2/src/Filter.cpp
Examining data/discosnp-4.4.4/tools/kissnp2/src/Filter.hpp
Examining data/discosnp-4.4.4/tools/kissnp2/src/Kissnp2.hpp
Examining data/discosnp-4.4.4/tools/kissnp2/src/main.cpp
Examining data/discosnp-4.4.4/tools/kissnp2/src/Kissnp2.cpp
Examining data/discosnp-4.4.4/tools/kissreads2/src/Kissreads2.h
Examining data/discosnp-4.4.4/tools/kissreads2/src/commons.cpp
Examining data/discosnp-4.4.4/tools/kissreads2/src/commons.h
Examining data/discosnp-4.4.4/tools/kissreads2/src/couple.cpp
Examining data/discosnp-4.4.4/tools/kissreads2/src/couple.h
Examining data/discosnp-4.4.4/tools/kissreads2/src/extending_fragment.h
Examining data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp
Examining data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.h
Examining data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp
Examining data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.h
Examining data/discosnp-4.4.4/tools/kissreads2/src/fragment_info.cpp
Examining data/discosnp-4.4.4/tools/kissreads2/src/fragment_info.h
Examining data/discosnp-4.4.4/tools/kissreads2/src/hash.h
Examining data/discosnp-4.4.4/tools/kissreads2/src/interface_libchash.cpp
Examining data/discosnp-4.4.4/tools/kissreads2/src/libchash.cpp
Examining data/discosnp-4.4.4/tools/kissreads2/src/libchash.h
Examining data/discosnp-4.4.4/tools/kissreads2/src/list.cpp
Examining data/discosnp-4.4.4/tools/kissreads2/src/list.h
Examining data/discosnp-4.4.4/tools/kissreads2/src/main.cpp
Examining data/discosnp-4.4.4/tools/kissreads2/src/outputs.cpp
Examining data/discosnp-4.4.4/tools/kissreads2/src/outputs.h
Examining data/discosnp-4.4.4/tools/kissreads2/src/Kissreads2.cpp
Examining data/discosnp-4.4.4/tools/phaser/src/phaser.cpp
Examining data/discosnp-4.4.4/tools/phaser/src/phaser.h
Examining data/discosnp-4.4.4/tools/read_file_names/src/get_read_file_names.cpp
FINAL RESULTS:
data/discosnp-4.4.4/tools/kissreads2/src/libchash.cpp:150:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)(keyTo), (char *)(keyFrom)); \
data/discosnp-4.4.4/tools/kissreads2/src/main.cpp:33:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
using namespace gatb::core::system;
data/discosnp-4.4.4/tools/kissreads2/src/main.cpp:34:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
using namespace gatb::core::system::impl;
data/discosnp-4.4.4/tools/kissreads2/src/Kissreads2.cpp:124:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
coherent_out.open( props->getStr(STR_URI_OUTPUT_COHERENT).c_str(), std::ofstream::out);
data/discosnp-4.4.4/tools/kissreads2/src/Kissreads2.cpp:127:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uncoherent_out.open(props->getStr(STR_URI_OUTPUT_UNCOHERENT).c_str(), std::ofstream::out);
data/discosnp-4.4.4/tools/kissreads2/src/libchash.cpp:126:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grgKeyTruncMask[sizeof(ulong)][sizeof(ulong)];
data/discosnp-4.4.4/tools/kissreads2/src/libchash.cpp:155:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (char *)(keyTo), (char *)(keyFrom), (ht)->cchKey); \
data/discosnp-4.4.4/tools/kissreads2/src/libchash.cpp:1399:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMagicKey[4], *rgchKeys;
data/discosnp-4.4.4/tools/kissreads2/src/libchash.cpp:1445:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bck->key, rgchKeys, ht->cchKey);
data/discosnp-4.4.4/tools/phaser/src/phaser.cpp:125:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
coherent_out.open( props->getStr(STR_URI_OUTPUT_COHERENT).c_str(), std::ofstream::out);
data/discosnp-4.4.4/tools/phaser/src/phaser.cpp:128:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uncoherent_out.open(props->getStr(STR_URI_OUTPUT_UNCOHERENT).c_str(), std::ofstream::out);
data/discosnp-4.4.4/tools/read_file_names/src/get_read_file_names.cpp:66:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
printCis (Bank::open (options->getStr(STR_URI_INPUT)), &value_i);
data/discosnp-4.4.4/tools/kissreads2/src/commons.cpp:54:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(s);
data/discosnp-4.4.4/tools/kissreads2/src/commons.cpp:70:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(s);
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:148:83: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool constrained_read_mappable(const int pwi, const char * fragment, const char * read, const int subst_allowed, const unsigned int * SNP_positions, const int seed_position_on_read, const int size_seed){
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:191:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(fragment[pos_on_fragment]!='\0' && read[pos_on_read]!='\0'){
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:206:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (fragment[pos_on_fragment]!=toupper(read[pos_on_read]) &&
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:273:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
map<int,pair<char,int64_t>> core_mapping(char *read, char * quality){
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:277:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const uint64_t read_len = strlen(read);
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:277:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const uint64_t read_len = strlen(read);
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:352:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int maximal_pwi = strlen(prediction)-gv.minimal_read_overlap;
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:369:96: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const bool is_read_mapped = constrained_read_mappable(pwi, prediction, read, gv.subst_allowed, index.all_predictions[value->a-value->a%2]->SNP_positions, seed_position, gv.size_seeds);
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:374:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cout<<endl<<read<<" mapped on "<<prediction<<" "<<value->a<<" pos "<<pwi<<" direction "<<direction<<endl;
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:414:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int rc_pwi = strlen(prediction) - pwi - read_len;
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:428:97: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
feed_coherent_positions(index.all_predictions, value->a , pwi, (int)strlen(read), quality, read_set_id, gv);
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:428:104: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
feed_coherent_positions(index.all_predictions, value->a , pwi, (int)strlen(read), quality, read_set_id, gv);
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:444:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gv.revcomp(read);
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:459:84: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
map<int,std::pair<char,int64_t>> pwi_and_mapped_predictions = core_mapping(read, quality);
data/discosnp-4.4.4/tools/kissreads2/src/extension_algorithm.cpp:539:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
free(read);
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:38:13: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(f)) != EOF) if(c == '\n') lines++;
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:50:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(in);i++) if(in[i]>='A' && in[i]<='Z') count++;
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:53:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(in);i++) if(in[i]>='A' && in[i]<='Z') temp[j++]=in[i];
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:63:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(in);i++)
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:68:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(in);i++)
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:79:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(in)-1;i>=0;i--)
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:87:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(in)-1;i>=0;i--)
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:135:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stop=strlen(w)-gv.size_seeds+1;
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:165:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stop=strlen(w)-gv.size_seeds+1;
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:182:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stop=strlen(w)-gv.size_seeds+1;
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:214:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int size_seq1 = strlen(seq1);
data/discosnp-4.4.4/tools/kissreads2/src/fragment_index.cpp:215:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int size_seq2 = strlen(seq2);
data/discosnp-4.4.4/tools/kissreads2/src/fragment_info.cpp:53:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int stop=strlen(upperCaseSequence);
data/discosnp-4.4.4/tools/kissreads2/src/fragment_info.h:78:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp("SNP", sequence.getComment().c_str(), strlen("SNP")) == 0)
data/discosnp-4.4.4/tools/kissreads2/src/libchash.cpp:149:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(keyTo) = (ulong)HTsmalloc( WORD_ROUND(strlen((char *)(keyFrom))+1) ); \
data/discosnp-4.4.4/tools/kissreads2/src/libchash.cpp:162:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HTfree((char *)(key), WORD_ROUND(strlen((char *)(key))+1)); \
data/discosnp-4.4.4/tools/kissreads2/src/libchash.cpp:883:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchKeyOrig = ht->cchKey == NULL_TERMINATED ? strlen(key) : ht->cchKey;
data/discosnp-4.4.4/tools/kissreads2/src/libchash.cpp:1377:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(KEY_PTR(ht, bck->key))+1 : ht->cchKey), fp);
data/discosnp-4.4.4/tools/kissreads2/src/libchash.cpp:1505:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WORD_ROUND(strlen((char *)item->key)+1) : ht->cchKey;
data/discosnp-4.4.4/tools/kissreads2/src/libchash.h:257:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct HashTable *HashLoad(FILE *fp, char * (*read)(FILE *, int));
data/discosnp-4.4.4/tools/kissreads2/src/libchash.h:258:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct HashTable *HashLoadKeys(FILE *fp, char * (*read)(FILE *, int));
ANALYSIS SUMMARY:
Hits = 50
Lines analyzed = 7523 in approximately 0.34 seconds (22070 lines/second)
Physical Source Lines of Code (SLOC) = 3717
Hits@level = [0] 31 [1] 38 [2] 9 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 81 [1+] 50 [2+] 12 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 21.7918 [1+] 13.4517 [2+] 3.22841 [3+] 0.807103 [4+] 0.807103 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.