Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ngs-sdk-2.10.5/ngs-bam/bam.cpp
Examining data/ngs-sdk-2.10.5/ngs-bam/bam.hpp
Examining data/ngs-sdk-2.10.5/ngs-bam/examples/AlignTest.cpp
Examining data/ngs-sdk-2.10.5/ngs-bam/ngs-bam.cpp
Examining data/ngs-sdk-2.10.5/ngs-bam/ngs-bam/ngs-bam.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/AlignmentItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/ErrBlock.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/ErrBlock.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/ErrorMsg.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/FragmentItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/PileupEventItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/PileupItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/ReadCollectionItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/ReadGroupItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/ReadItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/Refcount.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/ReferenceItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/ReferenceSequenceItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/StatisticsItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/StringItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/adapter/unix/fat86/atomic32.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/AlignmentItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/ErrBlock.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/ErrorMsg.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/FragmentItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/PackageItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/PileupEventItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/PileupItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/ReadCollectionItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/ReadGroupItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/ReadItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/Refcount.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/ReferenceItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/ReferenceSequenceItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/StatisticsItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/StringItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/VTable.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/dispatch/version.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/examples/AlignSliceTest.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/examples/AlignTest.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/examples/DumpReferenceFASTA.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/examples/FastqTableDump.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/examples/FragTest.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/examples/PileupTest.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/examples/RefTest.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/Alignment.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/AlignmentIterator.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/Fragment.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/FragmentIterator.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/Pileup.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/PileupEvent.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/PileupEventIterator.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/PileupIterator.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/Read.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/ReadCollection.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/ReadGroup.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/ReadGroupIterator.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/ReadIterator.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/Refcount.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/Reference.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/ReferenceIterator.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/ReferenceSequence.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/Statistics.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/c++/StringRef.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_AlignmentIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_AlignmentIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_AlignmentItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_AlignmentItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ErrorMsg.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_FragmentItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_FragmentItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_Package.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_Package.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_PileupEventIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_PileupEventIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_PileupEventItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_PileupEventItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_PileupIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_PileupIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_PileupItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_PileupItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReadCollectionItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReadCollectionItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReadGroupIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReadGroupIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReadGroupItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReadGroupItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReadIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReadIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReadItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReadItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_Refcount.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_Refcount.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReferenceIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReferenceIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReferenceItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReferenceItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReferenceSequenceItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ReferenceSequenceItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_StatisticsItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_StatisticsItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_String.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_md.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ErrorMsg.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_String.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_AlignmentIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_AlignmentIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_AlignmentItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_AlignmentItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ErrorMsg.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_FragmentIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_FragmentIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_FragmentItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_FragmentItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_PackageItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_PackageItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_PileupEventIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_PileupEventIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_PileupEventItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_PileupEventItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_PileupIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_PileupIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_PileupItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_PileupItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReadCollectionItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReadCollectionItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReadGroupIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReadGroupIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReadGroupItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReadGroupItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReadIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReadIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReadItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReadItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_Refcount.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_Refcount.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReferenceIteratorItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReferenceIteratorItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReferenceItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReferenceItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReferenceSequenceItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ReferenceSequenceItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_StatisticsItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_StatisticsItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_StringItf.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_StringItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ngs_defs.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/Alignment.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/AlignmentIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/ErrorMsg.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/Fragment.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/FragmentIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/Package.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/Pileup.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/PileupEvent.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/PileupEventIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/PileupIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/Read.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/ReadCollection.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/ReadGroup.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/ReadGroupIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/ReadIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/Reference.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/ReferenceIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/ReferenceSequence.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/Statistics.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/StringRef.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/AlignmentItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/ErrorMsg.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/FragmentItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/PileupEventItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/PileupItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/ReadCollectionItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/ReadGroupItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/ReadItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/Refcount.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/ReferenceItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/ReferenceSequenceItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/StatisticsItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/StringItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/adapter/defs.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/Alignment.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/AlignmentIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/Fragment.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/FragmentIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/Package.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/Pileup.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/PileupEvent.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/PileupEventIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/PileupIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/Read.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/ReadCollection.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/ReadGroup.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/ReadGroupIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/ReadIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/Reference.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/ReferenceIterator.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/ReferenceSequence.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/Statistics.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/inl/StringRef.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/AlignmentItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/AlignmentItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ErrBlock.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ErrBlock.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ErrorMsg.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/FragmentItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/FragmentItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/PackageItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/PileupEventItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/PileupEventItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/PileupItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/PileupItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ReadCollectionItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ReadCollectionItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ReadGroupItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ReadGroupItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ReadItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ReadItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/Refcount.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/Refcount.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ReferenceItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ReferenceItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ReferenceSequenceItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ReferenceSequenceItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/StatisticsItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/StatisticsItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/StringItf.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/StringItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/VTable.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/VTable.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/defs.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/unix/fat86/atomic32.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/unix/i386/atomic32.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/unix/x86_64/atomic32.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/win/atomic32.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/ngs/win/stdbool.h
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/test_engine/AlignmentItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/test_engine/PileupEventItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/test_engine/PileupItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/test_engine/ReadCollectionItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/test_engine/ReadGroupItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/test_engine/ReadItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/test_engine/ReferenceItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/test_engine/ReferenceSequenceItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/test_engine/StatisticsItf.hpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/test_engine/test_engine.cpp
Examining data/ngs-sdk-2.10.5/ngs-sdk/test/test_engine/test_engine.hpp
Examining data/ngs-sdk-2.10.5/debian/atomic32.h
FINAL RESULTS:
data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ErrorMsg.cpp:46:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int size = vsnprintf ( msg, sizeof msg, fmt, args );
data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ErrorMsg.cpp:117:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int size = vsnprintf ( & msg [ psize ], sizeof msg - psize, fmt, args );
data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_String.cpp:74:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int size = vsnprintf ( buffer, sizeof buffer, fmt, args );
data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_md.h:21:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
inline int vsnprintf(char* str, size_t size, const char* format, va_list ap)
data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_md.h:32:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
inline int snprintf(char* str, size_t size, const char* format, ...)
data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_md.h:38:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
count = vsnprintf(str, size, format, ap);
data/ngs-sdk-2.10.5/ngs-bam/bam.cpp:213:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/ngs-sdk-2.10.5/ngs-bam/bam.cpp:516:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actual[4];
data/ngs-sdk-2.10.5/ngs-bam/bam.cpp:596:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifile.open(idxpath.c_str(), std::ifstream::in | std::ifstream::binary);
data/ngs-sdk-2.10.5/ngs-bam/bam.cpp:620:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filepath.c_str(), "rb");
data/ngs-sdk-2.10.5/ngs-bam/bam.cpp:624:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(filepath.c_str(), std::ifstream::in | std::ifstream::binary);
data/ngs-sdk-2.10.5/ngs-bam/bam.hpp:260:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/ngs-sdk-2.10.5/ngs-bam/bam.hpp:288:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[2];
data/ngs-sdk-2.10.5/ngs-bam/bam.hpp:291:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scalar[1];
data/ngs-sdk-2.10.5/ngs-bam/bam.hpp:294:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[4];
data/ngs-sdk-2.10.5/ngs-bam/bam.hpp:295:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[1];
data/ngs-sdk-2.10.5/ngs-bam/examples/AlignTest.cpp:102:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
AlignTest::run (argv[1], atoi ( argv[2] ), atoi ( argv[3] ) );
data/ngs-sdk-2.10.5/ngs-bam/examples/AlignTest.cpp:102:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
AlignTest::run (argv[1], atoi ( argv[2] ), atoi ( argv[3] ) );
data/ngs-sdk-2.10.5/ngs-sdk/examples/AlignSliceTest.cpp:113:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
AlignSliceTest::run ( argv[1], argv[2], atoi ( argv[3] ), atoi ( argv[4] ) );
data/ngs-sdk-2.10.5/ngs-sdk/examples/AlignSliceTest.cpp:113:67: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
AlignSliceTest::run ( argv[1], argv[2], atoi ( argv[3] ), atoi ( argv[4] ) );
data/ngs-sdk-2.10.5/ngs-sdk/examples/AlignTest.cpp:124:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
AlignTest::run (argv[1], atoi ( argv[2] ), atoi ( argv[3] ) );
data/ngs-sdk-2.10.5/ngs-sdk/examples/AlignTest.cpp:124:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
AlignTest::run (argv[1], atoi ( argv[2] ), atoi ( argv[3] ) );
data/ngs-sdk-2.10.5/ngs-sdk/examples/FragTest.cpp:108:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
FragTest::run ( argv[1], atoi ( argv[2] ), atoi ( argv[3] ) );
data/ngs-sdk-2.10.5/ngs-sdk/examples/FragTest.cpp:108:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
FragTest::run ( argv[1], atoi ( argv[2] ), atoi ( argv[3] ) );
data/ngs-sdk-2.10.5/ngs-sdk/examples/PileupTest.cpp:84:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ngs-sdk-2.10.5/ngs-sdk/examples/PileupTest.cpp:87:41: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
char *b = buf + sprintf(buf,"%d",c);
data/ngs-sdk-2.10.5/ngs-sdk/examples/PileupTest.cpp:96:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"%d%.*s",c,c,ibases.data());
data/ngs-sdk-2.10.5/ngs-sdk/examples/PileupTest.cpp:154:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
PileupTest::run ( argv[1], argv[2], atoi ( argv[3] ), atoi ( argv[4] ) );
data/ngs-sdk-2.10.5/ngs-sdk/examples/PileupTest.cpp:154:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
PileupTest::run ( argv[1], argv[2], atoi ( argv[3] ), atoi ( argv[4] ) );
data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ErrorMsg.cpp:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg [ 4096 ];
data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ErrorMsg.cpp:50:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ( & msg [ sizeof msg - 4 ], "..." );
data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ErrorMsg.cpp:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg [ 4096 ];
data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_ErrorMsg.cpp:119:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ( & msg [ sizeof msg - 4 ], "..." );
data/ngs-sdk-2.10.5/ngs-sdk/language/java/jni_String.cpp:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [ 4096 ];
data/ngs-sdk-2.10.5/ngs-sdk/ngs/itf/ErrBlock.h:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg [ 4096 ];
data/ngs-sdk-2.10.5/ngs-bam/bam.cpp:325:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t const nread = file.eof() ? 0 : file.read(dst, nwant).gcount();
data/ngs-sdk-2.10.5/ngs-bam/bam.hpp:370:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (int)strlen(value.scalar);
data/ngs-sdk-2.10.5/ngs-sdk/adapter/ErrBlock.cpp:46:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( self -> msg, what, sizeof self -> msg );
data/ngs-sdk-2.10.5/ngs-sdk/adapter/ErrBlock.cpp:58:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy ( self -> msg, what, sizeof self -> msg );
data/ngs-sdk-2.10.5/ngs-sdk/adapter/ErrBlock.cpp:73:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy ( self -> msg, "unknown error", sizeof self -> msg );
data/ngs-sdk-2.10.5/ngs-sdk/examples/PileupTest.cpp:109:39: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
case PileupEvent::mismatch:
data/ngs-sdk-2.10.5/ngs-sdk/examples/PileupTest.cpp:124:39: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
case PileupEvent::mismatch:
data/ngs-sdk-2.10.5/ngs-sdk/language/python/py_ErrorMsg.hpp:47:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen ( error_descr );
data/ngs-sdk-2.10.5/ngs-sdk/ngs/PileupEvent.hpp:121:53: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
insertion_before_mismatch = insertion | mismatch,
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:271:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String id = read.getFragmentId().toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:276:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String bases = read.getFragmentBases().toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:281:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String bases = read.getFragmentBases( 1 ).toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:286:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String bases = read.getFragmentBases( 1, 2 ).toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:291:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String quals = read.getFragmentQualities().toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:296:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String quals = read.getFragmentQualities( 1 ).toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:301:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String quals = read.getFragmentQualities( 1, 2 ).toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:307:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Assert ( read.nextFragment() );
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:308:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Assert ( read.nextFragment() );
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:309:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Assert ( ! read.nextFragment() );
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:313:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String id = read.getReadId().toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:318:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t count = read.getNumFragments();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:323:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::Read::ReadCategory cat = read.getReadCategory();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:328:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String name = read.getReadGroup();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:333:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String name = read.getReadName().toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:338:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String bases = read.getReadBases().toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:343:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String bases = read.getReadBases( 1 ).toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:348:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String bases = read.getReadBases( 1, 2 ).toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:353:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String quals = read.getReadQualities().toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:358:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String quals = read.getReadQualities( 1 ).toString();
data/ngs-sdk-2.10.5/ngs-sdk/test/ngs-test/main.cpp:363:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ngs::String quals = read.getReadQualities( 1, 2 ).toString();
ANALYSIS SUMMARY:
Hits = 65
Lines analyzed = 34985 in approximately 0.88 seconds (39928 lines/second)
Physical Source Lines of Code (SLOC) = 21008
Hits@level = [0] 2 [1] 30 [2] 29 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 67 [1+] 65 [2+] 35 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 3.18926 [1+] 3.09406 [2+] 1.66603 [3+] 0.285605 [4+] 0.285605 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.