Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/probabel-0.5.0+dfsg/src/chinv2.c
Examining data/probabel-0.5.0+dfsg/src/cholesky2.c
Examining data/probabel-0.5.0+dfsg/src/chsolve2.c
Examining data/probabel-0.5.0+dfsg/src/command_line_settings.cpp
Examining data/probabel-0.5.0+dfsg/src/command_line_settings.h
Examining data/probabel-0.5.0+dfsg/src/coxfit2.c
Examining data/probabel-0.5.0+dfsg/src/coxph_data.cpp
Examining data/probabel-0.5.0+dfsg/src/dmatrix.c
Examining data/probabel-0.5.0+dfsg/src/eigen_mematrix.cpp
Examining data/probabel-0.5.0+dfsg/src/eigen_mematrix.h
Examining data/probabel-0.5.0+dfsg/src/extract-snp.cpp
Examining data/probabel-0.5.0+dfsg/src/fvlib/AbstractMatrix.cpp
Examining data/probabel-0.5.0+dfsg/src/fvlib/AbstractMatrix.h
Examining data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp
Examining data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.h
Examining data/probabel-0.5.0+dfsg/src/fvlib/FileVector.cpp
Examining data/probabel-0.5.0+dfsg/src/fvlib/FileVector.h
Examining data/probabel-0.5.0+dfsg/src/fvlib/FilteredMatrix.cpp
Examining data/probabel-0.5.0+dfsg/src/fvlib/FilteredMatrix.h
Examining data/probabel-0.5.0+dfsg/src/fvlib/Logger.cpp
Examining data/probabel-0.5.0+dfsg/src/fvlib/Logger.h
Examining data/probabel-0.5.0+dfsg/src/fvlib/RealHandlerWrapper.cpp
Examining data/probabel-0.5.0+dfsg/src/fvlib/RealHandlerWrapper.h
Examining data/probabel-0.5.0+dfsg/src/fvlib/ReusableFileHandle.cpp
Examining data/probabel-0.5.0+dfsg/src/fvlib/ReusableFileHandle.h
Examining data/probabel-0.5.0+dfsg/src/fvlib/Transposer.cpp
Examining data/probabel-0.5.0+dfsg/src/fvlib/Transposer.h
Examining data/probabel-0.5.0+dfsg/src/fvlib/const.h
Examining data/probabel-0.5.0+dfsg/src/fvlib/convert_util.cpp
Examining data/probabel-0.5.0+dfsg/src/fvlib/convert_util.h
Examining data/probabel-0.5.0+dfsg/src/fvlib/frutil.cpp
Examining data/probabel-0.5.0+dfsg/src/fvlib/frutil.h
Examining data/probabel-0.5.0+dfsg/src/fvlib/frversion.h
Examining data/probabel-0.5.0+dfsg/src/gendata.cpp
Examining data/probabel-0.5.0+dfsg/src/gendata.h
Examining data/probabel-0.5.0+dfsg/src/include/R.h
Examining data/probabel-0.5.0+dfsg/src/include/R_ext/Arith.h
Examining data/probabel-0.5.0+dfsg/src/include/R_ext/Boolean.h
Examining data/probabel-0.5.0+dfsg/src/include/R_ext/Complex.h
Examining data/probabel-0.5.0+dfsg/src/include/R_ext/Constants.h
Examining data/probabel-0.5.0+dfsg/src/include/R_ext/Error.h
Examining data/probabel-0.5.0+dfsg/src/include/R_ext/Memory.h
Examining data/probabel-0.5.0+dfsg/src/include/R_ext/Print.h
Examining data/probabel-0.5.0+dfsg/src/include/R_ext/RS.h
Examining data/probabel-0.5.0+dfsg/src/include/R_ext/Random.h
Examining data/probabel-0.5.0+dfsg/src/include/R_ext/Utils.h
Examining data/probabel-0.5.0+dfsg/src/include/R_ext/libextern.h
Examining data/probabel-0.5.0+dfsg/src/include/Rconfig.h
Examining data/probabel-0.5.0+dfsg/src/include/Rmath.h
Examining data/probabel-0.5.0+dfsg/src/invsigma.cpp
Examining data/probabel-0.5.0+dfsg/src/invsigma.h
Examining data/probabel-0.5.0+dfsg/src/main.cpp
Examining data/probabel-0.5.0+dfsg/src/main_functions_dump.cpp
Examining data/probabel-0.5.0+dfsg/src/main_functions_dump.h
Examining data/probabel-0.5.0+dfsg/src/maskedmatrix.cpp
Examining data/probabel-0.5.0+dfsg/src/maskedmatrix.h
Examining data/probabel-0.5.0+dfsg/src/mlinfo.cpp
Examining data/probabel-0.5.0+dfsg/src/mlinfo.h
Examining data/probabel-0.5.0+dfsg/src/phedata.cpp
Examining data/probabel-0.5.0+dfsg/src/phedata.h
Examining data/probabel-0.5.0+dfsg/src/reg1.cpp
Examining data/probabel-0.5.0+dfsg/src/regdata.cpp
Examining data/probabel-0.5.0+dfsg/src/regdata.h
Examining data/probabel-0.5.0+dfsg/src/survS.h
Examining data/probabel-0.5.0+dfsg/src/survproto.h
Examining data/probabel-0.5.0+dfsg/src/testchol.cpp
Examining data/probabel-0.5.0+dfsg/src/usage.cpp
Examining data/probabel-0.5.0+dfsg/src/usage.h
Examining data/probabel-0.5.0+dfsg/src/utilities.cpp
Examining data/probabel-0.5.0+dfsg/src/utilities.h
Examining data/probabel-0.5.0+dfsg/src/coxph_data.h
Examining data/probabel-0.5.0+dfsg/src/reg1.h
FINAL RESULTS:
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:57:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
result = sscanf(s.c_str(), format, &i);
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:67:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
result = sscanf(s.c_str(), format, destData);
data/probabel-0.5.0+dfsg/src/include/R_ext/RS.h:41:59: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define PROBLEM {char R_problem_buf[R_PROBLEM_BUFSIZE];(sprintf)(R_problem_buf,
data/probabel-0.5.0+dfsg/src/include/R_ext/RS.h:42:73: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define MESSAGE {char R_problem_buf[R_PROBLEM_BUFSIZE];(sprintf)(R_problem_buf,
data/probabel-0.5.0+dfsg/src/utilities.cpp:40:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, format, args);
data/probabel-0.5.0+dfsg/src/command_line_settings.cpp:197:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
next_option = getopt_long(argc, argv, short_options, long_options,
data/probabel-0.5.0+dfsg/src/extract-snp.cpp:102:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
next_option = getopt_long(argc, argv,
data/probabel-0.5.0+dfsg/src/command_line_settings.cpp:224:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
npeople = atoi(optarg);
data/probabel-0.5.0+dfsg/src/command_line_settings.cpp:233:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
skipd = atoi(optarg);
data/probabel-0.5.0+dfsg/src/command_line_settings.cpp:236:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
noutcomes = atoi(optarg);
data/probabel-0.5.0+dfsg/src/command_line_settings.cpp:239:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ngpreds = atoi(optarg);
data/probabel-0.5.0+dfsg/src/command_line_settings.cpp:261:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
interaction = atoi(optarg);
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:20:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const* parseFormats[9];
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ret[500];
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:106:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%hu", *(unsigned short int*)data);
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:109:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%hd", *(short int*)data);
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:112:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%u", *(unsigned int*)data);
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:115:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%d", *(int*)data);
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:118:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%f", *(float*)data);
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:121:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%f", *(double*)data);
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:124:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%d", (int)*(char*)data);
data/probabel-0.5.0+dfsg/src/fvlib/CastUtils.cpp:127:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%d", (int)*(unsigned char*)data);
data/probabel-0.5.0+dfsg/src/fvlib/FileVector.cpp:441:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outvec, cacheBuffer+offset,
data/probabel-0.5.0+dfsg/src/fvlib/FileVector.cpp:454:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)outvec + i * getElementSize(),
data/probabel-0.5.0+dfsg/src/fvlib/FileVector.cpp:490:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cacheBuffer + offset,
data/probabel-0.5.0+dfsg/src/fvlib/FileVector.cpp:541:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cacheBuffer+offset, data, getElementSize() );
data/probabel-0.5.0+dfsg/src/fvlib/FileVector.cpp:681:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to + j*getElementSize(),from + read_offset,getElementSize());
data/probabel-0.5.0+dfsg/src/fvlib/FileVector.cpp:808:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newVariablesNames, variableNames,
data/probabel-0.5.0+dfsg/src/fvlib/FilteredMatrix.cpp:58:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((char*)outvec)[i * getElementSize()],
data/probabel-0.5.0+dfsg/src/fvlib/FilteredMatrix.cpp:96:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ptr[getElementSize() * this->filteredToRealColIdx[i]],
data/probabel-0.5.0+dfsg/src/fvlib/RealHandlerWrapper.cpp:5:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool RealHandlerWrapper::open(const string &iFileName, bool iReadOnly) {
data/probabel-0.5.0+dfsg/src/fvlib/RealHandlerWrapper.cpp:13:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream.open(fileName.c_str(), ios::in | ios::binary);
data/probabel-0.5.0+dfsg/src/fvlib/RealHandlerWrapper.cpp:15:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream.open(fileName.c_str(), ios::out | ios::in | ios::binary);
data/probabel-0.5.0+dfsg/src/fvlib/RealHandlerWrapper.h:27:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const string &fileName, bool readOnly);
data/probabel-0.5.0+dfsg/src/fvlib/ReusableFileHandle.cpp:21:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rhw->open(fileName, readOnly);
data/probabel-0.5.0+dfsg/src/fvlib/ReusableFileHandle.cpp:28:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = newHandleWrapper->open(fileName, readOnly);
data/probabel-0.5.0+dfsg/src/fvlib/Transposer.cpp:91:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
src_stream->open(src_data_file_name.c_str(),ios::in | ios::binary);
data/probabel-0.5.0+dfsg/src/fvlib/Transposer.cpp:94:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dest_stream->open(dest_data_file_name.c_str(),ios::out | ios::binary);
data/probabel-0.5.0+dfsg/src/fvlib/Transposer.cpp:193:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)data_part_transposed + to_pos,
data/probabel-0.5.0+dfsg/src/fvlib/convert_util.cpp:299:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%lu",i);
data/probabel-0.5.0+dfsg/src/fvlib/convert_util.cpp:307:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%lu",i);
data/probabel-0.5.0+dfsg/src/fvlib/frutil.cpp:119:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name.name, "%lu", i+1);
data/probabel-0.5.0+dfsg/src/fvlib/frutil.cpp:127:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name.name, "%lu", j+1);
data/probabel-0.5.0+dfsg/src/fvlib/frutil.h:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAMELENGTH];
data/probabel-0.5.0+dfsg/src/gendata.cpp:143:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[1048576];
data/probabel-0.5.0+dfsg/src/gendata.cpp:304:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile.open(fname);
data/probabel-0.5.0+dfsg/src/include/R_ext/RS.h:41:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define PROBLEM {char R_problem_buf[R_PROBLEM_BUFSIZE];(sprintf)(R_problem_buf,
data/probabel-0.5.0+dfsg/src/include/R_ext/RS.h:42:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define MESSAGE {char R_problem_buf[R_PROBLEM_BUFSIZE];(sprintf)(R_problem_buf,
data/probabel-0.5.0+dfsg/src/include/R_ext/RS.h:68:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define Memcpy(p,q,n) memcpy( p, q, (size_t)( (n) * sizeof(*p) ) )
data/probabel-0.5.0+dfsg/src/main_functions_dump.cpp:114:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile[i]->open((filenames[i]).c_str());
data/probabel-0.5.0+dfsg/src/mlinfo.cpp:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1048576];
data/probabel-0.5.0+dfsg/src/mlinfo.cpp:89:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile.open(filename);
data/probabel-0.5.0+dfsg/src/phedata.cpp:214:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile.open(fname);
data/probabel-0.5.0+dfsg/src/utilities.cpp:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/probabel-0.5.0+dfsg/src/fvlib/Transposer.cpp:156:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
src_stream->read(data_part + ( i * obs_length * data_size ),
data/probabel-0.5.0+dfsg/src/fvlib/frutil.cpp:15:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
myfile.read((char*)&out, sizeof(out));
data/probabel-0.5.0+dfsg/src/fvlib/frutil.cpp:192:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read(data+i*PART_SIZE, subLength);
data/probabel-0.5.0+dfsg/src/fvlib/frutil.h:29:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, s.c_str(), NAMELENGTH-1);
ANALYSIS SUMMARY:
Hits = 58
Lines analyzed = 13326 in approximately 0.35 seconds (37836 lines/second)
Physical Source Lines of Code (SLOC) = 8039
Hits@level = [0] 10 [1] 4 [2] 47 [3] 2 [4] 5 [5] 0
Hits@level+ = [0+] 68 [1+] 58 [2+] 54 [3+] 7 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 8.45876 [1+] 7.21483 [2+] 6.71725 [3+] 0.870755 [4+] 0.621968 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.