Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/transtermhp-2.09/ermolaeva-score.h Examining data/transtermhp-2.09/2ndscore.cc Examining data/transtermhp-2.09/ermolaeva-score.cc Examining data/transtermhp-2.09/search.cc Examining data/transtermhp-2.09/analysis.cc Examining data/transtermhp-2.09/transterm.h Examining data/transtermhp-2.09/transterm.cc Examining data/transtermhp-2.09/util.cc Examining data/transtermhp-2.09/conf.cc Examining data/transtermhp-2.09/distr.h Examining data/transtermhp-2.09/search.h Examining data/transtermhp-2.09/anti.cc Examining data/transtermhp-2.09/distr.cc Examining data/transtermhp-2.09/gene-reader.cc Examining data/transtermhp-2.09/map-output.h Examining data/transtermhp-2.09/gene-reader.h Examining data/transtermhp-2.09/util.h Examining data/transtermhp-2.09/analysis.h Examining data/transtermhp-2.09/map-output.cc Examining data/transtermhp-2.09/conf.h Examining data/transtermhp-2.09/seq.h Examining data/transtermhp-2.09/ermolaeva-oldconf.cc Examining data/transtermhp-2.09/seq.cc FINAL RESULTS: data/transtermhp-2.09/2ndscore.cc:94:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((a=getopt_long(argc, argv, OPTIONS, long_options, 0)) != -1) data/transtermhp-2.09/transterm.cc:141:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while((a=getopt_long(argc, argv, OPTIONS, long_options, 0)) != -1) data/transtermhp-2.09/2ndscore.cc:109:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case MINSTEM_OPT: MIN_STEM = atoi(optarg); break; data/transtermhp-2.09/2ndscore.cc:110:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case MINLOOP_OPT: MIN_LOOP = atoi(optarg); break; data/transtermhp-2.09/2ndscore.cc:111:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case MAXLEN_OPT: len = atoi(optarg); break; data/transtermhp-2.09/2ndscore.cc:112:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case MAXLOOP_OPT: loop = atoi(optarg); break; data/transtermhp-2.09/gene-reader.cc:72:17: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start = atol(locvec[0].c_str()); data/transtermhp-2.09/gene-reader.cc:73:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end = atol(locvec[2].c_str()); data/transtermhp-2.09/seq.cc:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newseq + padding, dna.dna, dna.length); data/transtermhp-2.09/transterm.cc:156:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case MINSTEM_OPT: MIN_STEM = atoi(optarg); break; data/transtermhp-2.09/transterm.cc:157:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case MINLOOP_OPT: MIN_LOOP = atoi(optarg); break; data/transtermhp-2.09/transterm.cc:158:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case UWINLEN_OPT: UWINDOW_SIZE = atoi(optarg); break; data/transtermhp-2.09/transterm.cc:159:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case UWINREQ_OPT: UWINDOW_REQUIRE = atoi(optarg); break; data/transtermhp-2.09/transterm.cc:162:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case MAXLEN_OPT: len = atoi(optarg); break; data/transtermhp-2.09/transterm.cc:163:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case MAXLOOP_OPT: loop = atoi(optarg); break; data/transtermhp-2.09/transterm.cc:169:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case STARTCUT_OPT: gene_start_cut = atoi(optarg); break; data/transtermhp-2.09/transterm.cc:170:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case ENDCUT_OPT: gene_end_cut = atoi(optarg); break; data/transtermhp-2.09/transterm.cc:198:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'c': conf_cutoff = atoi(optarg); break; ANALYSIS SUMMARY: Hits = 18 Lines analyzed = 5651 in approximately 0.12 seconds (47815 lines/second) Physical Source Lines of Code (SLOC) = 4041 Hits@level = [0] 0 [1] 0 [2] 16 [3] 2 [4] 0 [5] 0 Hits@level+ = [0+] 18 [1+] 18 [2+] 18 [3+] 2 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 4.45434 [1+] 4.45434 [2+] 4.45434 [3+] 0.494927 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.