Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/htsengine-1.10/include/HTS_engine.h
Examining data/htsengine-1.10/lib/HTS_audio.c
Examining data/htsengine-1.10/lib/HTS_engine.c
Examining data/htsengine-1.10/lib/HTS_hidden.h
Examining data/htsengine-1.10/lib/HTS_misc.c
Examining data/htsengine-1.10/lib/HTS_pstream.c
Examining data/htsengine-1.10/lib/HTS_sstream.c
Examining data/htsengine-1.10/lib/HTS_model.c
Examining data/htsengine-1.10/lib/HTS_vocoder.c
Examining data/htsengine-1.10/lib/HTS_gstream.c
Examining data/htsengine-1.10/lib/HTS_label.c
Examining data/htsengine-1.10/bin/hts_engine.c
FINAL RESULTS:
data/htsengine-1.10/lib/HTS_misc.c:557:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buff, string);
data/htsengine-1.10/lib/HTS_misc.c:602:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, message, arg);
data/htsengine-1.10/lib/HTS_model.c:1471:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff1, "GV-Off { %s }", gv_off_context);
data/htsengine-1.10/bin/hts_engine.c:172:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wavfp = fopen(*++argv, "wb");
data/htsengine-1.10/bin/hts_engine.c:175:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rawfp = fopen(*++argv, "wb");
data/htsengine-1.10/bin/hts_engine.c:178:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
durfp = fopen(*++argv, "wt");
data/htsengine-1.10/bin/hts_engine.c:181:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mgcfp = fopen(*++argv, "wb");
data/htsengine-1.10/bin/hts_engine.c:185:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lf0fp = fopen(*++argv, "wb");
data/htsengine-1.10/bin/hts_engine.c:188:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lpffp = fopen(*++argv, "wb");
data/htsengine-1.10/bin/hts_engine.c:191:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracefp = fopen(*++argv, "wt");
data/htsengine-1.10/bin/hts_engine.c:208:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
HTS_Engine_set_sampling_frequency(&engine, (size_t) atoi(*++argv));
data/htsengine-1.10/bin/hts_engine.c:212:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
HTS_Engine_set_fperiod(&engine, (size_t) atoi(*++argv));
data/htsengine-1.10/bin/hts_engine.c:244:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_interpolation_weights = atoi(*++argv);
data/htsengine-1.10/bin/hts_engine.c:281:62: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
HTS_Engine_set_audio_buff_size(&engine, (size_t) atoi(*++argv));
data/htsengine-1.10/lib/HTS_audio.c:117:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(audio_interface->buff_1.lpData, buff, buff_size * sizeof(short));
data/htsengine-1.10/lib/HTS_audio.c:125:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(audio_interface->buff_2.lpData, buff, buff_size * sizeof(short));
data/htsengine-1.10/lib/HTS_engine.c:142:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
engine->condition.stage = (size_t) atoi(&find[strlen("GAMMA=")]);
data/htsengine-1.10/lib/HTS_engine.c:145:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
engine->condition.use_log_gain = atoi(&find[strlen("LN_GAIN=")]) == 1 ? TRUE : FALSE;
data/htsengine-1.10/lib/HTS_label.c:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[HTS_MAXBUFLEN];
data/htsengine-1.10/lib/HTS_label.c:159:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[HTS_MAXBUFLEN];
data/htsengine-1.10/lib/HTS_misc.c:84:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp->pointer = (void *) fopen(name, opt);
data/htsengine-1.10/lib/HTS_misc.c:126:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp2->data, &tmp1->data[tmp1->index], size);
data/htsengine-1.10/lib/HTS_misc.c:152:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->data, data, size);
data/htsengine-1.10/lib/HTS_model.c:97:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[HTS_MAXBUFLEN];
data/htsengine-1.10/lib/HTS_model.c:148:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (size_t) atoi(&buff[i]);
data/htsengine-1.10/lib/HTS_model.c:165:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (size_t) atoi(left);
data/htsengine-1.10/lib/HTS_model.c:194:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[HTS_MAXBUFLEN];
data/htsengine-1.10/lib/HTS_model.c:361:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[HTS_MAXBUFLEN];
data/htsengine-1.10/lib/HTS_model.c:377:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
node = HTS_Node_find(last_node, atoi(buff));
data/htsengine-1.10/lib/HTS_model.c:379:67: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
HTS_error(0, "HTS_Tree_load: Cannot find node %d.\n", atoi(buff));
data/htsengine-1.10/lib/HTS_model.c:406:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
node->no->index = atoi(buff);
data/htsengine-1.10/lib/HTS_model.c:420:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
node->yes->index = atoi(buff);
data/htsengine-1.10/lib/HTS_model.c:491:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[HTS_MAXBUFLEN];
data/htsengine-1.10/lib/HTS_model.c:508:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fsize = atoi(buff);
data/htsengine-1.10/lib/HTS_model.c:599:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[HTS_MAXBUFLEN];
data/htsengine-1.10/lib/HTS_model.c:898:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff1[HTS_MAXBUFLEN];
data/htsengine-1.10/lib/HTS_model.c:899:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff2[HTS_MAXBUFLEN];
data/htsengine-1.10/lib/HTS_model.c:988:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp_sampling_frequency = (size_t) atoi(&buff1[matched_size]);
data/htsengine-1.10/lib/HTS_model.c:990:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp_frame_period = (size_t) atoi(&buff1[matched_size]);
data/htsengine-1.10/lib/HTS_model.c:992:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp_num_states = (size_t) atoi(&buff1[matched_size]);
data/htsengine-1.10/lib/HTS_model.c:994:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp_num_streams = (size_t) atoi(&buff1[matched_size]);
data/htsengine-1.10/lib/HTS_model.c:1105:58: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp_vector_length[j] = (size_t) atoi(&buff1[matched_size]);
data/htsengine-1.10/lib/HTS_model.c:1125:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp_num_windows[j] = (size_t) atoi(&buff1[matched_size]);
data/htsengine-1.10/lib/HTS_model.c:1200:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
temp_stream_win[j] = (char **) HTS_calloc(num_windows[j], sizeof(char *));
data/htsengine-1.10/lib/HTS_model.c:1341:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = (size_t) atoi(buff2);
data/htsengine-1.10/lib/HTS_model.c:1342:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e = (size_t) atoi(&temp_duration_pdf[matched_size]);
data/htsengine-1.10/lib/HTS_model.c:1349:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = (size_t) atoi(buff2);
data/htsengine-1.10/lib/HTS_model.c:1350:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e = (size_t) atoi(&temp_duration_tree[matched_size]);
data/htsengine-1.10/lib/HTS_model.c:1367:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = (size_t) atoi(buff2);
data/htsengine-1.10/lib/HTS_model.c:1368:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e = (size_t) atoi(&temp_stream_win[j][k][matched_size]);
data/htsengine-1.10/lib/HTS_model.c:1387:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = (size_t) atoi(buff2);
data/htsengine-1.10/lib/HTS_model.c:1388:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e = (size_t) atoi(&temp_stream_pdf[j][matched_size]);
data/htsengine-1.10/lib/HTS_model.c:1395:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = (size_t) atoi(buff2);
data/htsengine-1.10/lib/HTS_model.c:1396:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e = (size_t) atoi(&temp_stream_tree[j][matched_size]);
data/htsengine-1.10/lib/HTS_model.c:1412:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = (size_t) atoi(buff2);
data/htsengine-1.10/lib/HTS_model.c:1413:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e = (size_t) atoi(&temp_gv_pdf[j][matched_size]);
data/htsengine-1.10/lib/HTS_model.c:1420:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = (size_t) atoi(buff2);
data/htsengine-1.10/lib/HTS_model.c:1421:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e = (size_t) atoi(&temp_gv_tree[j][matched_size]);
data/htsengine-1.10/lib/HTS_engine.c:142:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
engine->condition.stage = (size_t) atoi(&find[strlen("GAMMA=")]);
data/htsengine-1.10/lib/HTS_engine.c:145:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
engine->condition.use_log_gain = atoi(&find[strlen("LN_GAIN=")]) == 1 ? TRUE : FALSE;
data/htsengine-1.10/lib/HTS_engine.c:148:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
engine->condition.alpha = atof(&find[strlen("ALPHA=")]);
data/htsengine-1.10/lib/HTS_misc.c:190:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc((FILE *) fp->pointer);
data/htsengine-1.10/lib/HTS_misc.c:371:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buff, ",");
data/htsengine-1.10/lib/HTS_misc.c:556:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buff = (char *) HTS_calloc(strlen(string) + 1, sizeof(char));
data/htsengine-1.10/lib/HTS_model.c:98:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pattern_length = strlen(pattern);
data/htsengine-1.10/lib/HTS_model.c:124:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return HTS_dp_match(string, pattern, 0, strlen(string) - max);
data/htsengine-1.10/lib/HTS_model.c:131:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(buff);
data/htsengine-1.10/lib/HTS_model.c:145:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(buff) - 1; '0' <= buff[i] && buff[i] <= '9'; i--);
data/htsengine-1.10/lib/HTS_model.c:1472:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gv_off_context_fp = HTS_fopen_from_data((void *) buff1, strlen(buff1) + 1);
ANALYSIS SUMMARY:
Hits = 69
Lines analyzed = 7432 in approximately 0.28 seconds (26807 lines/second)
Physical Source Lines of Code (SLOC) = 5369
Hits@level = [0] 96 [1] 11 [2] 55 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 165 [1+] 69 [2+] 58 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 30.732 [1+] 12.8516 [2+] 10.8028 [3+] 0.558763 [4+] 0.558763 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.