Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bitseq-0.7.5+dfsg/ArgumentParser.cpp
Examining data/bitseq-0.7.5+dfsg/ArgumentParser.h
Examining data/bitseq-0.7.5+dfsg/CollapsedSampler.cpp
Examining data/bitseq-0.7.5+dfsg/CollapsedSampler.h
Examining data/bitseq-0.7.5+dfsg/FileHeader.cpp
Examining data/bitseq-0.7.5+dfsg/FileHeader.h
Examining data/bitseq-0.7.5+dfsg/GibbsParameters.cpp
Examining data/bitseq-0.7.5+dfsg/GibbsParameters.h
Examining data/bitseq-0.7.5+dfsg/GibbsSampler.cpp
Examining data/bitseq-0.7.5+dfsg/GibbsSampler.h
Examining data/bitseq-0.7.5+dfsg/MyTimer.cpp
Examining data/bitseq-0.7.5+dfsg/MyTimer.h
Examining data/bitseq-0.7.5+dfsg/PosteriorSamples.cpp
Examining data/bitseq-0.7.5+dfsg/PosteriorSamples.h
Examining data/bitseq-0.7.5+dfsg/ReadDistribution.cpp
Examining data/bitseq-0.7.5+dfsg/ReadDistribution.h
Examining data/bitseq-0.7.5+dfsg/Sampler.cpp
Examining data/bitseq-0.7.5+dfsg/Sampler.h
Examining data/bitseq-0.7.5+dfsg/SimpleSparse.cpp
Examining data/bitseq-0.7.5+dfsg/SimpleSparse.h
Examining data/bitseq-0.7.5+dfsg/TagAlignments.cpp
Examining data/bitseq-0.7.5+dfsg/TagAlignments.h
Examining data/bitseq-0.7.5+dfsg/TranscriptExpression.cpp
Examining data/bitseq-0.7.5+dfsg/TranscriptExpression.h
Examining data/bitseq-0.7.5+dfsg/TranscriptInfo.cpp
Examining data/bitseq-0.7.5+dfsg/TranscriptInfo.h
Examining data/bitseq-0.7.5+dfsg/TranscriptSequence.cpp
Examining data/bitseq-0.7.5+dfsg/TranscriptSequence.h
Examining data/bitseq-0.7.5+dfsg/VariationalBayes.cpp
Examining data/bitseq-0.7.5+dfsg/VariationalBayes.h
Examining data/bitseq-0.7.5+dfsg/asa103/asa103.hpp
Examining data/bitseq-0.7.5+dfsg/common.cpp
Examining data/bitseq-0.7.5+dfsg/common.h
Examining data/bitseq-0.7.5+dfsg/convertSamples.cpp
Examining data/bitseq-0.7.5+dfsg/estimateDE.cpp
Examining data/bitseq-0.7.5+dfsg/estimateExpression.cpp
Examining data/bitseq-0.7.5+dfsg/estimateHyperPar.cpp
Examining data/bitseq-0.7.5+dfsg/estimateVBExpression.cpp
Examining data/bitseq-0.7.5+dfsg/extractSamples.cpp
Examining data/bitseq-0.7.5+dfsg/getGeneExpression.cpp
Examining data/bitseq-0.7.5+dfsg/getPPLR.cpp
Examining data/bitseq-0.7.5+dfsg/getVariance.cpp
Examining data/bitseq-0.7.5+dfsg/getWithinGeneExpression.cpp
Examining data/bitseq-0.7.5+dfsg/lowess.cpp
Examining data/bitseq-0.7.5+dfsg/lowess.h
Examining data/bitseq-0.7.5+dfsg/misc.cpp
Examining data/bitseq-0.7.5+dfsg/misc.h
Examining data/bitseq-0.7.5+dfsg/parseAlignment.cpp
Examining data/bitseq-0.7.5+dfsg/tagAlignment.h
Examining data/bitseq-0.7.5+dfsg/transposeFiles.cpp
Examining data/bitseq-0.7.5+dfsg/transposeFiles.h
Examining data/bitseq-0.7.5+dfsg/transposeLargeFile.cpp
Examining data/bitseq-0.7.5+dfsg/getFoldChange.cpp
FINAL RESULTS:
data/bitseq-0.7.5+dfsg/common.h:29:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define message(...) printf(__VA_ARGS__)
data/bitseq-0.7.5+dfsg/common.h:30:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define messageF(...) {printf(__VA_ARGS__);fflush(stdout);}
data/bitseq-0.7.5+dfsg/common.h:32:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define warning(...) {fprintf(stderr,"WARNING: ");fprintf(stderr, __VA_ARGS__);}
data/bitseq-0.7.5+dfsg/common.h:33:47: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define error(...) {fprintf(stderr,"ERROR: ");fprintf(stderr, __VA_ARGS__);}
data/bitseq-0.7.5+dfsg/Sampler.h:27:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::mt11213b rng_mt;
data/bitseq-0.7.5+dfsg/Sampler.h:28:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::gamma_distribution<double> gammaDistribution;
data/bitseq-0.7.5+dfsg/Sampler.h:29:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::gamma_distribution<double>::param_type gDP;
data/bitseq-0.7.5+dfsg/Sampler.h:31:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::uniform_01<double> uniformDistribution;
data/bitseq-0.7.5+dfsg/VariationalBayes.cpp:19:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::gamma_distribution<double>::param_type gDP;
data/bitseq-0.7.5+dfsg/VariationalBayes.cpp:56:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::normal_distribution<long double> normalD;
data/bitseq-0.7.5+dfsg/VariationalBayes.cpp:346:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::gamma_distribution<double> gammaDistribution;
data/bitseq-0.7.5+dfsg/VariationalBayes.h:27:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::mt11213b rng_mt;
data/bitseq-0.7.5+dfsg/estimateDE.cpp:91:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::mt11213b rng_mt(ns_misc::getSeed(args));
data/bitseq-0.7.5+dfsg/estimateDE.cpp:92:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::gamma_distribution<long double> gammaDistribution;
data/bitseq-0.7.5+dfsg/estimateDE.cpp:93:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::gamma_distribution<long double>::param_type gDP;
data/bitseq-0.7.5+dfsg/estimateDE.cpp:94:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::normal_distribution<long double> normalDistribution;
data/bitseq-0.7.5+dfsg/estimateDE.cpp:95:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::normal_distribution<long double>::param_type nDP;
data/bitseq-0.7.5+dfsg/estimateHyperPar.cpp:115:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::mt11213b rng_mt(ns_misc::getSeed(args));
data/bitseq-0.7.5+dfsg/estimateHyperPar.cpp:116:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::uniform_01<long double> uniformDistribution;
data/bitseq-0.7.5+dfsg/estimateHyperPar.cpp:117:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::normal_distribution<long double> normalDistributionA,normalDistributionB;
data/bitseq-0.7.5+dfsg/estimateHyperPar.cpp:118:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::normal_distribution<long double>::param_type nDP;
data/bitseq-0.7.5+dfsg/extractSamples.cpp:37:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/bitseq-0.7.5+dfsg/ArgumentParser.cpp:120:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapL[names[opt]]=atoi(val.c_str());
data/bitseq-0.7.5+dfsg/GibbsParameters.cpp:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/bitseq-0.7.5+dfsg/GibbsParameters.cpp:43:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pFile.open(paramFileName.c_str());
data/bitseq-0.7.5+dfsg/PosteriorSamples.cpp:29:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool PosteriorSamples::open(string fileName){//{{{
data/bitseq-0.7.5+dfsg/PosteriorSamples.cpp:31:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
samplesF.open(fileName.c_str());
data/bitseq-0.7.5+dfsg/PosteriorSamples.cpp:41:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(! open(fileName))return false;
data/bitseq-0.7.5+dfsg/PosteriorSamples.h:21:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(string fileName);
data/bitseq-0.7.5+dfsg/ReadDistribution.cpp:426:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outF.open(logFileName.c_str());
data/bitseq-0.7.5+dfsg/TranscriptInfo.cpp:19:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
trF.open(fileName.c_str(),ios::out | ios::trunc);
data/bitseq-0.7.5+dfsg/TranscriptInfo.cpp:29:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
geF.open(fileName.c_str(),ios::out | ios::trunc);
data/bitseq-0.7.5+dfsg/TranscriptSequence.cpp:27:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fastaF.open(fileName.c_str());
data/bitseq-0.7.5+dfsg/VariationalBayes.cpp:83:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(vals!=phi_sm->val)memcpy(phi_sm->val,vals,T*sizeof(double));
data/bitseq-0.7.5+dfsg/VariationalBayes.cpp:231:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(phiOld,phi_sm->val,T*sizeof(double)); // memcpy(phiOld,pack(),T*sizeof(double));
data/bitseq-0.7.5+dfsg/convertSamples.cpp:108:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(args.args()[0].c_str());
data/bitseq-0.7.5+dfsg/estimateDE.cpp:215:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFiles[c].open(fileName.c_str());
data/bitseq-0.7.5+dfsg/estimateDE.cpp:231:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFiles[C].open(varFileName.c_str());
data/bitseq-0.7.5+dfsg/estimateDE.cpp:244:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outF->open(outFileName.c_str());
data/bitseq-0.7.5+dfsg/estimateExpression.cpp:51:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(args.args()[0].c_str());
data/bitseq-0.7.5+dfsg/estimateExpression.cpp:426:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
samplesFile[j].open(samplesFileNames[j].c_str());
data/bitseq-0.7.5+dfsg/estimateExpression.cpp:442:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
meansFile.open((args.getS("outFilePrefix")+".thetaMeans").c_str());
data/bitseq-0.7.5+dfsg/estimateVBExpression.cpp:28:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(args.args()[0].c_str());
data/bitseq-0.7.5+dfsg/extractSamples.cpp:27:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret.push_back(atoi(input.substr(pos,f-pos).c_str()));
data/bitseq-0.7.5+dfsg/extractSamples.cpp:32:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(pos<n)ret.push_back(atoi(input.substr(pos,n-pos).c_str()));
data/bitseq-0.7.5+dfsg/misc.cpp:51:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outF->open(args.getS("outFileName").c_str());
data/bitseq-0.7.5+dfsg/misc.cpp:59:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outF->open(name.c_str());
data/bitseq-0.7.5+dfsg/misc.cpp:153:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapFile.open(args.getS("trMapFile").c_str());
data/bitseq-0.7.5+dfsg/misc.cpp:156:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapFile.open(args.getS("geneListFile").c_str());
data/bitseq-0.7.5+dfsg/parseAlignment.cpp:443:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outF.open(args.getS("failed").c_str());
data/bitseq-0.7.5+dfsg/transposeFiles.cpp:30:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile[i].open(inFileNames[i].c_str());
data/bitseq-0.7.5+dfsg/PosteriorSamples.cpp:51:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read();
data/bitseq-0.7.5+dfsg/PosteriorSamples.cpp:53:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PosteriorSamples::read(){//{{{
data/bitseq-0.7.5+dfsg/PosteriorSamples.h:22:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read();
data/bitseq-0.7.5+dfsg/ReadDistribution.cpp:750:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double ReadDistribution::getPosBias(long start, long end, readT read, long trLen) const { //{{{
data/bitseq-0.7.5+dfsg/ReadDistribution.cpp:771:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double ReadDistribution::getSeqBias(long pos, readT read, long tid) const{ //{{{
data/bitseq-0.7.5+dfsg/ReadDistribution.cpp:802:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double ReadDistribution::getSeqBias(long start, long end, readT read, const string &fSeq) const{ //{{{
data/bitseq-0.7.5+dfsg/ReadDistribution.cpp:830:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double ReadDistribution::getWeightNorm(long len, readT read, long tid){ //{{{
data/bitseq-0.7.5+dfsg/ReadDistribution.cpp:832:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(weightNorms[read][tid].count(len) == 0){
data/bitseq-0.7.5+dfsg/ReadDistribution.cpp:842:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
w = getPosBias(pos, pos + len, read, trLen) *
data/bitseq-0.7.5+dfsg/ReadDistribution.cpp:843:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getSeqBias(pos, pos + len, read, trS);
data/bitseq-0.7.5+dfsg/ReadDistribution.cpp:846:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
weightNorms[read][tid][len] = norm;
data/bitseq-0.7.5+dfsg/ReadDistribution.cpp:850:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return weightNorms[read][tid][len];
data/bitseq-0.7.5+dfsg/ReadDistribution.h:108:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getPosBias(long start, long end, ns_rD::readT read,
data/bitseq-0.7.5+dfsg/ReadDistribution.h:110:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getSeqBias(long pos, ns_rD::readT read, long tid) const;
data/bitseq-0.7.5+dfsg/ReadDistribution.h:112:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getSeqBias(long start, long end, ns_rD::readT read,
data/bitseq-0.7.5+dfsg/ReadDistribution.h:115:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getWeightNorm(long len, ns_rD::readT read, long tid);
ANALYSIS SUMMARY:
Hits = 67
Lines analyzed = 8955 in approximately 0.30 seconds (30355 lines/second)
Physical Source Lines of Code (SLOC) = 7027
Hits@level = [0] 2 [1] 16 [2] 29 [3] 18 [4] 4 [5] 0
Hits@level+ = [0+] 69 [1+] 67 [2+] 51 [3+] 22 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 9.81927 [1+] 9.53465 [2+] 7.25772 [3+] 3.13078 [4+] 0.569233 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.