Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/ArgumentParser.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/ArgumentParser.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/CollapsedSampler.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/CollapsedSampler.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/FileHeader.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/FileHeader.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/GibbsParameters.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/GibbsParameters.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/GibbsSampler.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/GibbsSampler.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/MyTimer.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/MyTimer.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/PosteriorSamples.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/PosteriorSamples.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/R_init_BitSeq.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/Rhtslib_bam_plbuf.c
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/Rhtslib_sam.c
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/Sampler.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/Sampler.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/SimpleSparse.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/SimpleSparse.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/TagAlignments.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/TagAlignments.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/TranscriptExpression.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/TranscriptExpression.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/TranscriptInfo.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/TranscriptInfo.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/TranscriptSequence.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/TranscriptSequence.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/VariationalBayes.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/VariationalBayes.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/asa103/asa103.hpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/common.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/common.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/estimateDE.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/estimateExpression.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/estimateHyperPar.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/estimateVBExpression.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/getGeneExpression.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/getVariance.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/getWithinGeneExpression.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/lowess.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/lowess.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/misc.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/misc.h
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/parseAlignment.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/transposeFiles.cpp
Examining data/r-bioc-bitseq-1.34.0+dfsg/src/transposeFiles.h
FINAL RESULTS:
data/r-bioc-bitseq-1.34.0+dfsg/src/common.h:29:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define message(...) printf(__VA_ARGS__)
data/r-bioc-bitseq-1.34.0+dfsg/src/common.h:30:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define messageF(...) {printf(__VA_ARGS__);fflush(stdout);}
data/r-bioc-bitseq-1.34.0+dfsg/src/common.h:32:51: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define warning(...) {fprintf(stderr,"WARNING: ");fprintf(stderr, __VA_ARGS__);}
data/r-bioc-bitseq-1.34.0+dfsg/src/common.h:33:47: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define error(...) {fprintf(stderr,"ERROR: ");fprintf(stderr, __VA_ARGS__);}
data/r-bioc-bitseq-1.34.0+dfsg/src/Sampler.h:27:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::mt11213b rng_mt;
data/r-bioc-bitseq-1.34.0+dfsg/src/Sampler.h:28:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::gamma_distribution<double> gammaDistribution;
data/r-bioc-bitseq-1.34.0+dfsg/src/Sampler.h:29:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::gamma_distribution<double>::param_type gDP;
data/r-bioc-bitseq-1.34.0+dfsg/src/Sampler.h:31:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::uniform_01<double> uniformDistribution;
data/r-bioc-bitseq-1.34.0+dfsg/src/VariationalBayes.cpp:19:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::gamma_distribution<double>::param_type gDP;
data/r-bioc-bitseq-1.34.0+dfsg/src/VariationalBayes.cpp:56:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::normal_distribution<long double> normalD;
data/r-bioc-bitseq-1.34.0+dfsg/src/VariationalBayes.cpp:346:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::gamma_distribution<double> gammaDistribution;
data/r-bioc-bitseq-1.34.0+dfsg/src/VariationalBayes.h:27:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::mt11213b rng_mt;
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateDE.cpp:91:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::mt11213b rng_mt(ns_misc::getSeed(args));
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateDE.cpp:92:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::gamma_distribution<long double> gammaDistribution;
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateDE.cpp:93:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::gamma_distribution<long double>::param_type gDP;
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateDE.cpp:94:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::normal_distribution<long double> normalDistribution;
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateDE.cpp:95:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::normal_distribution<long double>::param_type nDP;
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateHyperPar.cpp:115:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::mt11213b rng_mt(ns_misc::getSeed(args));
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateHyperPar.cpp:116:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::uniform_01<long double> uniformDistribution;
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateHyperPar.cpp:117:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
boost::random::normal_distribution<long double> normalDistributionA,normalDistributionB;
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateHyperPar.cpp:118:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
typedef boost::random::normal_distribution<long double>::param_type nDP;
data/r-bioc-bitseq-1.34.0+dfsg/src/ArgumentParser.cpp:120:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapL[names[opt]]=atoi(val.c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/GibbsParameters.cpp:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/r-bioc-bitseq-1.34.0+dfsg/src/GibbsParameters.cpp:43:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pFile.open(paramFileName.c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/PosteriorSamples.cpp:29:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool PosteriorSamples::open(string fileName){//{{{
data/r-bioc-bitseq-1.34.0+dfsg/src/PosteriorSamples.cpp:31:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
samplesF.open(fileName.c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/PosteriorSamples.cpp:41:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(! open(fileName))return false;
data/r-bioc-bitseq-1.34.0+dfsg/src/PosteriorSamples.h:21:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(string fileName);
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.cpp:426:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outF.open(logFileName.c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/TranscriptInfo.cpp:19:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
trF.open(fileName.c_str(),ios::out | ios::trunc);
data/r-bioc-bitseq-1.34.0+dfsg/src/TranscriptInfo.cpp:29:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
geF.open(fileName.c_str(),ios::out | ios::trunc);
data/r-bioc-bitseq-1.34.0+dfsg/src/TranscriptSequence.cpp:27:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fastaF.open(fileName.c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/VariationalBayes.cpp:83:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(vals!=phi_sm->val)memcpy(phi_sm->val,vals,T*sizeof(double));
data/r-bioc-bitseq-1.34.0+dfsg/src/VariationalBayes.cpp:231:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(phiOld,phi_sm->val,T*sizeof(double)); // memcpy(phiOld,pack(),T*sizeof(double));
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateDE.cpp:215:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFiles[c].open(fileName.c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateDE.cpp:231:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFiles[C].open(varFileName.c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateDE.cpp:244:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outF->open(outFileName.c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateExpression.cpp:51:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(args.args()[0].c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateExpression.cpp:426:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
samplesFile[j].open(samplesFileNames[j].c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateExpression.cpp:442:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
meansFile.open((args.getS("outFilePrefix")+".thetaMeans").c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/estimateVBExpression.cpp:28:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(args.args()[0].c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/misc.cpp:51:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outF->open(args.getS("outFileName").c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/misc.cpp:59:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outF->open(name.c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/misc.cpp:153:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapFile.open(args.getS("trMapFile").c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/misc.cpp:156:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapFile.open(args.getS("geneListFile").c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/parseAlignment.cpp:443:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outF.open(args.getS("failed").c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/transposeFiles.cpp:30:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile[i].open(inFileNames[i].c_str());
data/r-bioc-bitseq-1.34.0+dfsg/src/PosteriorSamples.cpp:51:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read();
data/r-bioc-bitseq-1.34.0+dfsg/src/PosteriorSamples.cpp:53:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PosteriorSamples::read(){//{{{
data/r-bioc-bitseq-1.34.0+dfsg/src/PosteriorSamples.h:22:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read();
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.cpp:750:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double ReadDistribution::getPosBias(long start, long end, readT read, long trLen) const { //{{{
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.cpp:771:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double ReadDistribution::getSeqBias(long pos, readT read, long tid) const{ //{{{
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.cpp:802:65: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double ReadDistribution::getSeqBias(long start, long end, readT read, const string &fSeq) const{ //{{{
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.cpp:830:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double ReadDistribution::getWeightNorm(long len, readT read, long tid){ //{{{
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.cpp:832:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(weightNorms[read][tid].count(len) == 0){
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.cpp:842:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
w = getPosBias(pos, pos + len, read, trLen) *
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.cpp:843:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getSeqBias(pos, pos + len, read, trS);
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.cpp:846:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
weightNorms[read][tid][len] = norm;
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.cpp:850:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return weightNorms[read][tid][len];
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.h:108:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getPosBias(long start, long end, ns_rD::readT read,
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.h:110:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getSeqBias(long pos, ns_rD::readT read, long tid) const;
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.h:112:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getSeqBias(long start, long end, ns_rD::readT read,
data/r-bioc-bitseq-1.34.0+dfsg/src/ReadDistribution.h:115:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
double getWeightNorm(long len, ns_rD::readT read, long tid);
ANALYSIS SUMMARY:
Hits = 63
Lines analyzed = 8342 in approximately 0.26 seconds (32237 lines/second)
Physical Source Lines of Code (SLOC) = 6499
Hits@level = [0] 2 [1] 16 [2] 26 [3] 17 [4] 4 [5] 0
Hits@level+ = [0+] 65 [1+] 63 [2+] 47 [3+] 21 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 10.0015 [1+] 9.6938 [2+] 7.23188 [3+] 3.23127 [4+] 0.615479 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.