Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/progressivemauve-1.2.0+4713+dfsg/src/getOrthologList.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.h
Examining data/progressivemauve-1.2.0+4713+dfsg/src/UniqueMatchFinder.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/projectAndStrip.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/RepeatHashCat.h
Examining data/progressivemauve-1.2.0+4713+dfsg/src/SeedMatchEnumerator.h
Examining data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/extractBackbone2.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/xmfa2maf.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/gappiness.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/bbBreakOnGenes.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/toGBKsequence.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/UniqueMatchFinder.h
Examining data/progressivemauve-1.2.0+4713+dfsg/src/rootTrees.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/countInPlaceInversions.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/toEvoHighwayFormat.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/extractSubalignments.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/extractBCITrees.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/calculateBackboneCoverage.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/checkForLGT.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/multiToRawSequence.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/scoreAlignment.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/AlignmentTree.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/calculateBackboneCoverage2.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/pairCompare.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/toRawSequence.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/makeBadgerMatrix.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/makeMc4Matrix.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/calculateCoverage.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/joinAlignmentFiles.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/coordinateTranslate.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/getAlignmentWindows.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/transposeCoordinates.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/mfa2xmfa.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/scoreALU.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/bbAnalyze.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/backbone_global_to_local.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/randomGeneSample.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/extractBackbone.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/toGrimmFormat.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/uniqueMerCount.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/alignmentProjector.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/uniquifyTrees.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/toMultiFastA.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/mauveToXMFA.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/AlignmentTree.h
Examining data/progressivemauve-1.2.0+4713+dfsg/src/stripSubsetLCBs.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/sortContigs.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/scoreProcrastAlignment.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/multiEVD.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/addUnalignedIntervals.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/RepeatHashCat.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/MatchRecord.h
Examining data/progressivemauve-1.2.0+4713+dfsg/src/createBackboneMFA.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/evd.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/bbFilter.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/stripGapColumns.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/unalign.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp
Examining data/progressivemauve-1.2.0+4713+dfsg/src/repeatoire.cpp
FINAL RESULTS:
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:248:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while( (opt = getopt_long( ac, av, short_args, long_opts, &indexptr )) != EOF ){
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:337:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while( (opt = getopt_long( ac, av, "", mauve_options.getOptions(), &indexptr )) != EOF ){
data/progressivemauve-1.2.0+4713+dfsg/src/randomGeneSample.cpp:50:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(atoi(argv[6]));
data/progressivemauve-1.2.0+4713+dfsg/src/randomGeneSample.cpp:52:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/progressivemauve-1.2.0+4713+dfsg/src/alignmentProjector.cpp:34:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aln_in.open( argv[1] );
data/progressivemauve-1.2.0+4713+dfsg/src/alignmentProjector.cpp:40:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aln_out.open( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/alignmentProjector.cpp:63:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
projection.push_back( atoi( argv[i] ) );
data/progressivemauve-1.2.0+4713+dfsg/src/backbone_global_to_local.cpp:16:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
align_file.open(ARGV[1]);
data/progressivemauve-1.2.0+4713+dfsg/src/backbone_global_to_local.cpp:23:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
backbone_file.open(ARGV[2]);
data/progressivemauve-1.2.0+4713+dfsg/src/bbAnalyze.cpp:958:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int gff_seq_index = atoi( argv[5] );
data/progressivemauve-1.2.0+4713+dfsg/src/bbBreakOnGenes.cpp:238:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int min_bb_gap = atoi( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/bbBreakOnGenes.cpp:275:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 lend = atoi(buf.c_str());
data/progressivemauve-1.2.0+4713+dfsg/src/bbBreakOnGenes.cpp:278:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 rend = atoi(buf.c_str());
data/progressivemauve-1.2.0+4713+dfsg/src/bbBreakOnGenes.cpp:353:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bb_output.open(output_fname.c_str());
data/progressivemauve-1.2.0+4713+dfsg/src/bbFilter.cpp:57:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int indie_dist = atoi( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/bbFilter.cpp:81:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seqs.push_back(atoi(argv[i]));
data/progressivemauve-1.2.0+4713+dfsg/src/calculateBackboneCoverage.cpp:63:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 min_bb_length = atol( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/calculateBackboneCoverage.cpp:64:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 max_gap_length = atol( argv[3] );
data/progressivemauve-1.2.0+4713+dfsg/src/calculateBackboneCoverage.cpp:81:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
alignment_in.open( alignment_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/calculateBackboneCoverage2.cpp:39:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 min_bb_length = atol( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/calculateBackboneCoverage2.cpp:40:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 max_gap_length = atol( argv[3] );
data/progressivemauve-1.2.0+4713+dfsg/src/calculateBackboneCoverage2.cpp:45:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
alignment_in.open( alignment_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/calculateCoverage.cpp:61:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
alignment_in.open( alignment_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/evd.cpp:79:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int run_count = atoi( argv[1] );
data/progressivemauve-1.2.0+4713+dfsg/src/extractBCITrees.cpp:206:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
boost::uint32_t prng_seed = atoi( argv[1] );
data/progressivemauve-1.2.0+4713+dfsg/src/extractBCITrees.cpp:208:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint max_output_trees = atoi( argv[3] );
data/progressivemauve-1.2.0+4713+dfsg/src/extractBackbone.cpp:36:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 min_bb_length = atol( argv[3] );
data/progressivemauve-1.2.0+4713+dfsg/src/extractBackbone.cpp:37:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 max_gap_length = atol( argv[4] );
data/progressivemauve-1.2.0+4713+dfsg/src/extractBackbone.cpp:49:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
alignment_in.open( alignment_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/extractBackbone2.cpp:35:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 min_bb_length = atol( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/extractBackbone2.cpp:36:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 max_gap_length = atol( argv[3] );
data/progressivemauve-1.2.0+4713+dfsg/src/extractBackbone2.cpp:40:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
alignment_in.open( alignment_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/getAlignmentWindows.cpp:40:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 window_length = atol( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/getAlignmentWindows.cpp:41:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 shift_length = atol( argv[3] );
data/progressivemauve-1.2.0+4713+dfsg/src/getAlignmentWindows.cpp:45:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
alignment_in.open( alignment_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/getOrthologList.cpp:81:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aln_in.open( argv[1] );
data/progressivemauve-1.2.0+4713+dfsg/src/getOrthologList.cpp:86:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint sgI = atoi( argv[3] );
data/progressivemauve-1.2.0+4713+dfsg/src/getOrthologList.cpp:99:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bb_in.open( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/makeBadgerMatrix.cpp:37:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aln_in.open( argv[1] );
data/progressivemauve-1.2.0+4713+dfsg/src/makeBadgerMatrix.cpp:43:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
badger_out.open( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/makeBadgerMatrix.cpp:50:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
coord_out.open( argv[3] );
data/progressivemauve-1.2.0+4713+dfsg/src/makeMc4Matrix.cpp:35:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aln_in.open( argv[1] );
data/progressivemauve-1.2.0+4713+dfsg/src/makeMc4Matrix.cpp:41:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
badger_out.open( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:265:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seed_size = atoi( optarg );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:282:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
LCB_size = atol( optarg );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:309:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
island_size = atoi( optarg );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:315:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
island_break_min = atoi( optarg );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:318:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
backbone_size = atoi( optarg );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:321:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_backbone_gap = atoi( optarg );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:339:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_gapped_alignment_length = atoi( optarg );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:342:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_r_gap_length = atol( optarg );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:369:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
realign_lcbs.push_back( atoi( optarg ) );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:383:28: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
permutation_weight = atol(optarg);
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:389:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_max_extension_iters = atoi(optarg);
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:536:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
match_log_out.open( match_log.c_str(), ios::in | ios::out );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:551:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
offset_log_out.open( offset_log.c_str(), ios::in | ios::out );
data/progressivemauve-1.2.0+4713+dfsg/src/mauveAligner.cpp:571:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
merge_log_in.open( merge_log.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/mfa2xmfa.cpp:46:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mfa_out.open( mfa_output_name.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/multiEVD.cpp:108:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int run_count = atoi( argv[1] );
data/progressivemauve-1.2.0+4713+dfsg/src/pairCompare.cpp:17:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int seq_count = atoi( argv[1] );
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:197:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void getPatternText( int64 seed_pattern, char pattern[65] )
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pat[65] = {
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:212:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pattern, pat + lastone, 65 - lastone );
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:219:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[65];
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:254:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bb_out.open(bb_fname.c_str());
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:365:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
island_gap_size = atoi( opt_island_gap_size.arg_value.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:435:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mer_size = atoi( opt_seed_weight.arg_value.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:526:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[65];
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:601:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64 mgal = atol( opt_max_gapped_aligner_length.arg_value.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:670:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pss.gap_open = atoi(opt_gap_open.arg_value.c_str());
data/progressivemauve-1.2.0+4713+dfsg/src/progressiveMauve.cpp:674:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pss.gap_extend = atoi(opt_gap_open.arg_value.c_str());
data/progressivemauve-1.2.0+4713+dfsg/src/projectAndStrip.cpp:38:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aln_in.open( argv[1] );
data/progressivemauve-1.2.0+4713+dfsg/src/projectAndStrip.cpp:44:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aln_out.open( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/projectAndStrip.cpp:52:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seq_ids[i - 3] = atoi(argv[i]);
data/progressivemauve-1.2.0+4713+dfsg/src/randomGeneSample.cpp:40:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aln_in.open( argv[1] );
data/progressivemauve-1.2.0+4713+dfsg/src/randomGeneSample.cpp:45:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint gene_count = atoi( argv[4] );
data/progressivemauve-1.2.0+4713+dfsg/src/randomGeneSample.cpp:46:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint sgI = atoi( argv[3] );
data/progressivemauve-1.2.0+4713+dfsg/src/randomGeneSample.cpp:50:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srand(atoi(argv[6]));
data/progressivemauve-1.2.0+4713+dfsg/src/randomGeneSample.cpp:61:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bb_in.open( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/repeatoire.cpp:1943:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
seed_out.open(seed_file.c_str());
data/progressivemauve-1.2.0+4713+dfsg/src/repeatoire.cpp:2487:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stats_out_file.open( stat_file.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/repeatoire.cpp:2493:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aln_out_file.open( outputfile.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/repeatoire.cpp:2500:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
score_out_file.open( output2file.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/scoreALU.cpp:200:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
align_in.open( alignment_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/scoreALU.cpp:206:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
alu_in.open( alu_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/scoreALU.cpp:629:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
boundary_file.open(alignment_fname.c_str());
data/progressivemauve-1.2.0+4713+dfsg/src/scoreAlignment.cpp:121:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
correct_in.open( correct_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/scoreAlignment.cpp:127:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
calculated_in.open( calculated_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/scoreProcrastAlignment.cpp:419:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
correct_in.open( correct_aln_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/scoreProcrastAlignment.cpp:425:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
procrast_in.open( procrast_aln_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/sortContigs.cpp:32:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint ref_seqI = atoi( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/stripSubsetLCBs.cpp:35:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aln_in.open( argv[1] );
data/progressivemauve-1.2.0+4713+dfsg/src/stripSubsetLCBs.cpp:41:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bbcols_in.open( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/stripSubsetLCBs.cpp:48:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
aln_out.open( argv[3] );
data/progressivemauve-1.2.0+4713+dfsg/src/stripSubsetLCBs.cpp:56:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_block_length = atol(argv[4]);
data/progressivemauve-1.2.0+4713+dfsg/src/stripSubsetLCBs.cpp:60:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_genome_count = atol(argv[5]);
data/progressivemauve-1.2.0+4713+dfsg/src/stripSubsetLCBs.cpp:64:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
subsample_kb = atol(argv[6]);
data/progressivemauve-1.2.0+4713+dfsg/src/toEvoHighwayFormat.cpp:49:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint ref_id = atoi( argv[2] );
data/progressivemauve-1.2.0+4713+dfsg/src/transposeCoordinates.cpp:44:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int trans_seq = atoi( argv[3] );
data/progressivemauve-1.2.0+4713+dfsg/src/unalign.cpp:25:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
alignment_in.open( input_fname.c_str() );
data/progressivemauve-1.2.0+4713+dfsg/src/unalign.cpp:32:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mfa_out.open( output_fname.c_str() );
ANALYSIS SUMMARY:
Hits = 101
Lines analyzed = 13775 in approximately 0.38 seconds (36657 lines/second)
Physical Source Lines of Code (SLOC) = 11045
Hits@level = [0] 0 [1] 0 [2] 97 [3] 4 [4] 0 [5] 0
Hits@level+ = [0+] 101 [1+] 101 [2+] 101 [3+] 4 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 9.14441 [1+] 9.14441 [2+] 9.14441 [3+] 0.362155 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.