Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libedlib-1.2.4/apps/aligner/aligner.cpp
Examining data/libedlib-1.2.4/apps/hello-world/helloWorld.c
Examining data/libedlib-1.2.4/edlib/include/edlib.h
Examining data/libedlib-1.2.4/edlib/src/edlib.cpp
Examining data/libedlib-1.2.4/test/SimpleEditDistance.h
Examining data/libedlib-1.2.4/test/runTests.cpp
FINAL RESULTS:
data/libedlib-1.2.4/apps/aligner/aligner.cpp:51:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case 'm': strcpy(mode, optarg); break;
data/libedlib-1.2.4/apps/aligner/aligner.cpp:54:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
case 'f': strcpy(alignmentFormat, optarg); break;
data/libedlib-1.2.4/apps/aligner/aligner.cpp:360:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(alignment[j] == EDLIB_EDOP_MATCH ? "|" : " ");
data/libedlib-1.2.4/test/runTests.cpp:202:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mode == EDLIB_MODE_HW ? "HW: " : mode == EDLIB_MODE_SHW ? "SHW: " : "NW: ");
data/libedlib-1.2.4/test/runTests.cpp:203:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(numTestsFailed == 0 ? "\x1B[32m" : "\x1B[31m");
data/libedlib-1.2.4/test/runTests.cpp:219:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(mode == EDLIB_MODE_HW ? "HW: " : mode == EDLIB_MODE_SHW ? "SHW: " : "NW: ");
data/libedlib-1.2.4/test/runTests.cpp:262:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(pass ? "\x1B[32m OK \x1B[0m\n" : "\x1B[31m FAIL \x1B[0m\n");
data/libedlib-1.2.4/test/runTests.cpp:439:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(pass ? "\x1B[32m""OK""\x1B[0m\n" : "\x1B[31m""FAIL""\x1B[0m\n");
data/libedlib-1.2.4/test/runTests.cpp:456:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(pass ? "\x1B[32m""OK""\x1B[0m\n" : "\x1B[31m""FAIL""\x1B[0m\n");
data/libedlib-1.2.4/test/runTests.cpp:473:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(pass ? "\x1B[32m""OK""\x1B[0m\n" : "\x1B[31m""FAIL""\x1B[0m\n");
data/libedlib-1.2.4/test/runTests.cpp:487:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(pass ? "\x1B[32m""OK""\x1B[0m\n" : "\x1B[31m""FAIL""\x1B[0m\n");
data/libedlib-1.2.4/test/runTests.cpp:501:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(pass ? "\x1B[32m""OK""\x1B[0m\n" : "\x1B[31m""FAIL""\x1B[0m\n");
data/libedlib-1.2.4/test/runTests.cpp:518:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(pass ? "\x1B[32m""OK""\x1B[0m\n" : "\x1B[31m""FAIL""\x1B[0m\n");
data/libedlib-1.2.4/test/runTests.cpp:529:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(pass ? "\x1B[32m""OK""\x1B[0m\n" : "\x1B[31m""FAIL""\x1B[0m\n");
data/libedlib-1.2.4/test/runTests.cpp:549:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(pass ? "\x1B[32m""OK""\x1B[0m\n" : "\x1B[31m""FAIL""\x1B[0m\n");
data/libedlib-1.2.4/apps/aligner/aligner.cpp:49:22: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((option = getopt(argc, argv, "m:n:k:f:r:spl")) >= 0) {
data/libedlib-1.2.4/test/runTests.cpp:41:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(42);
data/libedlib-1.2.4/apps/aligner/aligner.cpp:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[16] = "NW";
data/libedlib-1.2.4/apps/aligner/aligner.cpp:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alignmentFormat[16] = "NICE";
data/libedlib-1.2.4/apps/aligner/aligner.cpp:52:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'n': numBestSeqs = atoi(optarg); break;
data/libedlib-1.2.4/apps/aligner/aligner.cpp:53:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'k': kArg = atoi(optarg); break;
data/libedlib-1.2.4/apps/aligner/aligner.cpp:58:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'r': numRepeats = atoi(optarg); break;
data/libedlib-1.2.4/apps/aligner/aligner.cpp:293:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen(path, "r");
data/libedlib-1.2.4/apps/aligner/aligner.cpp:300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[buffSize];
data/libedlib-1.2.4/edlib/src/edlib.cpp:322:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cigar_, &(*cigar)[0], cigar->size() * sizeof(char));
data/libedlib-1.2.4/edlib/src/edlib.cpp:1372:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*alignment, ulAlignment, ulAlignmentLength);
data/libedlib-1.2.4/edlib/src/edlib.cpp:1373:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*alignment + ulAlignmentLength, lrAlignment, lrAlignmentLength);
data/libedlib-1.2.4/edlib/src/edlib.cpp:1414:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char letterIdx[MAX_UCHAR + 1];
data/libedlib-1.2.4/test/runTests.cpp:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[4] = {0,1,2,3};
data/libedlib-1.2.4/test/runTests.cpp:273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[4] = {0,1,2,3};
data/libedlib-1.2.4/test/runTests.cpp:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[5] = {0,1,2,3,4}; // "match"
data/libedlib-1.2.4/test/runTests.cpp:285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[9] = {8,5,0,1,3,4,6,7,5}; // "remachine"
data/libedlib-1.2.4/test/runTests.cpp:296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[5] = {0,1,2,3,4};
data/libedlib-1.2.4/test/runTests.cpp:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[9] = {1,2,0,1,2,3,4,5,4};
data/libedlib-1.2.4/test/runTests.cpp:308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[200] = {0};
data/libedlib-1.2.4/test/runTests.cpp:309:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[200] = {1};
data/libedlib-1.2.4/test/runTests.cpp:320:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[64] = {0};
data/libedlib-1.2.4/test/runTests.cpp:321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[64] = {1};
data/libedlib-1.2.4/test/runTests.cpp:332:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[13] = {1,3,0,1,1,1,3,0,1,3,1,3,3};
data/libedlib-1.2.4/test/runTests.cpp:333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[420] = {0,1,1,1,0,1,3,0,1,3,3,3,1,3,2,2,3,2,3,3,1,0,1,1,1,0,1,3,0,1,3,
data/libedlib-1.2.4/test/runTests.cpp:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[3] = {2,3,0};
data/libedlib-1.2.4/test/runTests.cpp:358:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[5] = {0,1,2,2,0};
data/libedlib-1.2.4/test/runTests.cpp:369:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[3] = {2,3,0};
data/libedlib-1.2.4/test/runTests.cpp:370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[3] = {2,2,0};
data/libedlib-1.2.4/test/runTests.cpp:381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[64] = {9,5,5,9,9,4,6,0,1,1,5,4,6,0,6,5,5,6,5,2,2,0,6,0,8,3,7,0,6,6,4,8,3,1,9,4,5,5,5,7,8,2,
data/libedlib-1.2.4/test/runTests.cpp:383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[393] = {7,1,6,2,9,1,1,7,5,5,4,9,6,7,3,4,6,9,4,5,2,6,6,0,7,8,4,3,3,9,5,2,0,1,7,1,4,0,9,9,7,
data/libedlib-1.2.4/test/runTests.cpp:403:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[3] = {0,1,2};
data/libedlib-1.2.4/test/runTests.cpp:404:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[3] = {1,1,1};
data/libedlib-1.2.4/test/runTests.cpp:418:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[8] = {CHAR_MIN, CHAR_MIN + (CHAR_MAX - CHAR_MIN) / 2, CHAR_MAX};
data/libedlib-1.2.4/test/runTests.cpp:419:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target[8] = {CHAR_MIN, CHAR_MIN + (CHAR_MAX - CHAR_MIN) / 2 + 1, CHAR_MAX};
data/libedlib-1.2.4/apps/aligner/aligner.cpp:303:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (int i = 0; i < read; ++i) {
data/libedlib-1.2.4/test/runTests.cpp:435:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EdlibAlignResult result = edlibAlign(query, (int) std::strlen(query),
data/libedlib-1.2.4/test/runTests.cpp:436:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target, (int) std::strlen(target),
data/libedlib-1.2.4/test/runTests.cpp:452:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EdlibAlignResult result = edlibAlign(query, (int) std::strlen(query),
data/libedlib-1.2.4/test/runTests.cpp:453:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target, (int) std::strlen(target),
data/libedlib-1.2.4/test/runTests.cpp:469:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EdlibAlignResult result = edlibAlign(query, (int) std::strlen(query),
data/libedlib-1.2.4/test/runTests.cpp:470:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target, (int) std::strlen(target),
data/libedlib-1.2.4/test/runTests.cpp:483:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EdlibAlignResult result = edlibAlign(query, (int) std::strlen(query),
data/libedlib-1.2.4/test/runTests.cpp:484:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target, (int) std::strlen(target),
data/libedlib-1.2.4/test/runTests.cpp:497:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EdlibAlignResult result = edlibAlign(query, (int) std::strlen(query),
data/libedlib-1.2.4/test/runTests.cpp:498:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target, (int) std::strlen(target),
ANALYSIS SUMMARY:
Hits = 61
Lines analyzed = 2846 in approximately 0.13 seconds (21713 lines/second)
Physical Source Lines of Code (SLOC) = 1944
Hits@level = [0] 102 [1] 11 [2] 33 [3] 2 [4] 15 [5] 0
Hits@level+ = [0+] 163 [1+] 61 [2+] 50 [3+] 17 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 83.8477 [1+] 31.3786 [2+] 25.7202 [3+] 8.74486 [4+] 7.71605 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.