Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/skesa-2.4.0/DBGraph.hpp
Examining data/skesa-2.4.0/Integer.hpp
Examining data/skesa-2.4.0/KmerInit.hpp
Examining data/skesa-2.4.0/LargeInt.hpp
Examining data/skesa-2.4.0/LargeInt1.hpp
Examining data/skesa-2.4.0/LargeInt2.hpp
Examining data/skesa-2.4.0/Model.hpp
Examining data/skesa-2.4.0/assembler.hpp
Examining data/skesa-2.4.0/common_util.hpp
Examining data/skesa-2.4.0/concurrenthash.hpp
Examining data/skesa-2.4.0/config.hpp
Examining data/skesa-2.4.0/counter.hpp
Examining data/skesa-2.4.0/gfa.hpp
Parsing failed to find end of parameter list; semicolon terminated it in (is->m_seq.rbegin()+1, is->m_seq.rend(), js->m_seq.rbegin()+1, [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; })) {
ambig.push_back(js->m_seq.back().
Parsing failed to find end of parameter list; semicolon terminated it in (is->m_seq.begin()+1, is->m_seq.end(), js->m_seq.begin()+1, [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; })) {
ambig.push_back(js->m_seq.front().m_
Parsing failed to find end of parameter list; semicolon terminated it in (is->m_seq.rbegin(), is->m_seq.rend(), js->m_seq.rbegin(), [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; })) {
RemoveSegment(is);
Parsing failed to find end of parameter list; semicolon terminated it in (is->m_seq.rbegin(), is->m_seq.rbegin()+len, js->m_seq.rbegin(), [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; });
int matches = rslt.first-is->m_se
Parsing failed to find end of parameter list; semicolon terminated it in (is->m_seq.begin(), is->m_seq.end(), js->m_seq.begin(), [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; })) {
RemoveSegment(is);
Parsing failed to find end of parameter list; semicolon terminated it in (is->m_seq.begin(), is->m_seq.begin()+len, js->m_seq.begin(), [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; });
int matches = rslt.first-is->m_seq.b
Examining data/skesa-2.4.0/gfa_connector.cpp
Examining data/skesa-2.4.0/glb_align.cpp
Examining data/skesa-2.4.0/glb_align.hpp
Examining data/skesa-2.4.0/graphdigger.hpp
Examining data/skesa-2.4.0/kmercounter.cpp
Examining data/skesa-2.4.0/readsgetter.hpp
Examining data/skesa-2.4.0/skesa.cpp
Examining data/skesa-2.4.0/ngs_includes.hpp
FINAL RESULTS:
data/skesa-2.4.0/LargeInt.hpp:126:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[256];
data/skesa-2.4.0/concurrenthash.hpp:1023:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kmer.getPointer(), (uint8_t*)read_buf+k/4, kmer_bytes);
data/skesa-2.4.0/concurrenthash.hpp:1395:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kmer.getPointer(), (uint8_t*)read_buf+k/4, kmer_bytes);
data/skesa-2.4.0/gfa_connector.cpp:141:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gfa_out.open(argm["gfa"].as<string>());
data/skesa-2.4.0/gfa_connector.cpp:150:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
csv_out.open(argm["csv"].as<string>());
data/skesa-2.4.0/glb_align.cpp:238:93: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int CCigar::Score(const char* query, const char* subject, int gopen, int gapextend, const char delta[256][256]) const {
data/skesa-2.4.0/glb_align.cpp:376:92: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CCigar GlbAlign(const char* a, int na, const char* b, int nb, int rho, int sigma, const char delta[256][256]) {
data/skesa-2.4.0/glb_align.cpp:456:92: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CCigar LclAlign(const char* a, int na, const char* b, int nb, int rho, int sigma, const char delta[256][256]) {
data/skesa-2.4.0/glb_align.cpp:541:121: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CCigar LclAlign(const char* a, int na, const char* b, int nb, int rho, int sigma, bool pinleft, bool pinright, const char delta[256][256]) {
data/skesa-2.4.0/glb_align.cpp:655:97: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CCigar VariBandAlign(const char* a, int na, const char* b, int nb, int rho, int sigma, const char delta[256][256], const TRange* blimits) {
data/skesa-2.4.0/glb_align.cpp:770:93: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CCigar BandAlign(const char* a, int na, const char* b, int nb, int rho, int sigma, const char delta[256][256], int band) {
data/skesa-2.4.0/glb_align.hpp:61:89: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int Score(const char* query, const char* subject, int gopen, int gapextend, const char delta[256][256]) const;
data/skesa-2.4.0/glb_align.hpp:69:121: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CCigar GlbAlign(const char* query, int querylen, const char* subject, int subjectlen, int gopen, int gapextend, const char delta[256][256]);
data/skesa-2.4.0/glb_align.hpp:72:121: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CCigar LclAlign(const char* query, int querylen, const char* subject, int subjectlen, int gopen, int gapextend, const char delta[256][256]);
data/skesa-2.4.0/glb_align.hpp:75:150: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CCigar LclAlign(const char* query, int querylen, const char* subject, int subjectlen, int gopen, int gapextend, bool pinleft, bool pinright, const char delta[256][256]);
data/skesa-2.4.0/glb_align.hpp:78:126: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CCigar VariBandAlign(const char* query, int querylen, const char* subject, int subjectlen, int gopen, int gapextend, const char delta[256][256], const TRange* subject_limits);
data/skesa-2.4.0/glb_align.hpp:81:122: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CCigar BandAlign(const char* query, int querylen, const char* subject, int subjectlen, int gopen, int gapextend, const char delta[256][256], int band);
data/skesa-2.4.0/glb_align.hpp:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char matrix[256][256];
data/skesa-2.4.0/skesa.cpp:47:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
contigs_out.open(argm["contigs_out"].as<string>());
data/skesa-2.4.0/skesa.cpp:55:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
all_out.open(argm["all"].as<string>());
data/skesa-2.4.0/skesa.cpp:63:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hist_out.open(argm["hist"].as<string>());
data/skesa-2.4.0/skesa.cpp:71:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connected_reads_out.open(argm["connected_reads"].as<string>());
data/skesa-2.4.0/skesa.cpp:79:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbg_out.open(argm["dbg_out"].as<string>(), ios::binary | ios::out);
data/skesa-2.4.0/skesa.cpp:535:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
seeds_in.open(argm["seeds"].as<string>());
data/skesa-2.4.0/DBGraph.hpp:77:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!in.read(reinterpret_cast<char*>(&bin_num), sizeof bin_num))
data/skesa-2.4.0/DBGraph.hpp:81:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!in.read(reinterpret_cast<char*>(&bin), sizeof bin))
data/skesa-2.4.0/DBGraph.hpp:86:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!in.read(reinterpret_cast<char*>(&m_is_stranded), sizeof m_is_stranded))
data/skesa-2.4.0/DBGraph.hpp:329:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!in.read(reinterpret_cast<char*>(&bin_num), sizeof bin_num))
data/skesa-2.4.0/DBGraph.hpp:333:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!in.read(reinterpret_cast<char*>(&bin), sizeof bin))
data/skesa-2.4.0/DBGraph.hpp:340:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!in.read(reinterpret_cast<char*>(&m_is_stranded), sizeof m_is_stranded))
data/skesa-2.4.0/common_util.hpp:113:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void PushBack(const Container& read) {
data/skesa-2.4.0/common_util.hpp:116:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(auto it = read.rbegin(); it != read.rend(); ++it) { // put backward for kmer compatibility
data/skesa-2.4.0/common_util.hpp:116:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(auto it = read.rbegin(); it != read.rend(); ++it) { // put backward for kmer compatibility
data/skesa-2.4.0/common_util.hpp:266:170: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
kmer_iterator(int kmer_len, const CReadHolder& rholder, size_t position = 0, size_t position_in_read = 0, size_t read = 0) : m_readholderp(&rholder), m_read(read), m_position(position), m_kmer_len(kmer_len), m_position_in_read(position_in_read) {
data/skesa-2.4.0/common_util.hpp:292:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string read;
data/skesa-2.4.0/common_util.hpp:293:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.reserve(read_length);
data/skesa-2.4.0/common_util.hpp:296:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.push_back(bin2NT[(m_readholderp->m_storage[position/64] >> position%64) & 3]);
data/skesa-2.4.0/common_util.hpp:299:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/skesa-2.4.0/common_util.hpp:347:29: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
auto mism = mismatch(seq1p, last, seq2p);
data/skesa-2.4.0/common_util.hpp:395:151: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string_iterator(const CReadHolder& rholder, size_t position = 0, size_t read = 0) : m_readholderp(&rholder), m_position(position), m_read(read) {}
data/skesa-2.4.0/concurrenthash.hpp:243:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&vsize), sizeof vsize))
data/skesa-2.4.0/concurrenthash.hpp:248:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&elements), sizeof elements))
data/skesa-2.4.0/concurrenthash.hpp:252:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(p), sizeof *p))
data/skesa-2.4.0/concurrenthash.hpp:329:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&vsize), sizeof vsize))
data/skesa-2.4.0/concurrenthash.hpp:333:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&m_chunks), sizeof m_chunks))
data/skesa-2.4.0/concurrenthash.hpp:335:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&m_size), sizeof m_size))
data/skesa-2.4.0/concurrenthash.hpp:337:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&m_chunk_size), sizeof m_chunk_size))
data/skesa-2.4.0/concurrenthash.hpp:343:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&num), sizeof num))
data/skesa-2.4.0/concurrenthash.hpp:346:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(chunk.data()), num*vsize))
data/skesa-2.4.0/concurrenthash.hpp:709:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&m_table_size), sizeof m_table_size))
data/skesa-2.4.0/concurrenthash.hpp:711:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&m_kmer_len), sizeof m_kmer_len))
data/skesa-2.4.0/concurrenthash.hpp:749:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&list_num), sizeof list_num))
data/skesa-2.4.0/concurrenthash.hpp:753:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&i), sizeof i))
data/skesa-2.4.0/counter.hpp:102:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!in.read(reinterpret_cast<char*>(&m_kmer_len), sizeof(m_kmer_len)))
data/skesa-2.4.0/counter.hpp:256:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&num), sizeof num))
data/skesa-2.4.0/counter.hpp:260:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char*>(&v[0]), num*sizeof(v[0])))
data/skesa-2.4.0/gfa.hpp:1311:82: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(js->m_seq.size() == 1 || is->m_seq.size() == 1 || equal(is->m_seq.rbegin()+1, is->m_seq.rend(), js->m_seq.rbegin()+1, [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; })) {
data/skesa-2.4.0/gfa.hpp:1338:82: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(js->m_seq.size() == 1 || is->m_seq.size() == 1 || equal(is->m_seq.begin()+1, is->m_seq.end(), js->m_seq.begin()+1, [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; })) {
data/skesa-2.4.0/gfa.hpp:1581:36: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal(is->m_seq.rbegin(), is->m_seq.rend(), js->m_seq.rbegin(), [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; })) {
data/skesa-2.4.0/gfa.hpp:1610:45: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
auto rslt = mismatch(is->m_seq.rbegin(), is->m_seq.rbegin()+len, js->m_seq.rbegin(), [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; });
data/skesa-2.4.0/gfa.hpp:1666:36: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal(is->m_seq.begin(), is->m_seq.end(), js->m_seq.begin(), [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; })) {
data/skesa-2.4.0/gfa.hpp:1695:45: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
auto rslt = mismatch(is->m_seq.begin(), is->m_seq.begin()+len, js->m_seq.begin(), [](const SegBase& a, const SegBase& b) { return a.m_nt == b.m_nt; });
data/skesa-2.4.0/gfa.hpp:3077:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t color = m_graph_digger.CheckAndClipReadLite(read);
data/skesa-2.4.0/gfa.hpp:3079:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
clipped_reads[1].PushBack(read);
data/skesa-2.4.0/glb_align.cpp:863:33: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
SMatrix::SMatrix(int match, int mismatch) { // matrix for DNA
data/skesa-2.4.0/glb_align.cpp:869:34: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
else matrix[i][j] = -mismatch;
data/skesa-2.4.0/glb_align.hpp:85:25: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
SMatrix(int match, int mismatch); // matrix for DNA
data/skesa-2.4.0/graphdigger.hpp:98:66: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool operator==(const SeqInterval& other) const { return equal(begin, end, other.begin); }
data/skesa-2.4.0/graphdigger.hpp:354:30: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
SMatrix delta(match, mismatch);
data/skesa-2.4.0/graphdigger.hpp:2316:25: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(!equal(last_chunkp->end()-kmer_len, last_chunkp->end()-shift, step_back.front().begin()+shift))
data/skesa-2.4.0/graphdigger.hpp:2654:33: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(!equal(jlchunk.begin(), jlchunk.begin()+hit.second, irchunk.end()-overlap_len))
data/skesa-2.4.0/graphdigger.hpp:2672:33: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(!equal(seq.begin(), seq.end(), jrchunk.end()-overlap_len+kmer_len))
data/skesa-2.4.0/graphdigger.hpp:2697:33: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(!equal(jrchunk.end()-overlap_len+kmer_len, jrchunk.end(), ilchunk.begin()+kmer_len))
data/skesa-2.4.0/graphdigger.hpp:2715:33: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(!equal(jlchunk.begin(), jlchunk.begin()+hit.second, seq.begin()))
data/skesa-2.4.0/graphdigger.hpp:2942:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t CheckAndClipReadLite(string& read) {
data/skesa-2.4.0/graphdigger.hpp:2944:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int rlen = read.size();
data/skesa-2.4.0/graphdigger.hpp:2946:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.clear();
data/skesa-2.4.0/graphdigger.hpp:2952:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rh.PushBack(read);
data/skesa-2.4.0/graphdigger.hpp:2956:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vector<int> bases(read.size(), 0);
data/skesa-2.4.0/graphdigger.hpp:2983:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.clear();
data/skesa-2.4.0/graphdigger.hpp:2985:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = read.substr(left, len);
data/skesa-2.4.0/graphdigger.hpp:3001:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pair<int,int> CheckAndClipRead(string& read, deque<Node>& nodes) {
data/skesa-2.4.0/graphdigger.hpp:3004:93: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string lextend = MostLikelyExtension(DBGraph::ReverseComplement(m_graph.GetNode(read.substr(0, kmer_len))), kmer_len);
data/skesa-2.4.0/graphdigger.hpp:3006:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string rextend = MostLikelyExtension(m_graph.GetNode(read.substr(read.size()-kmer_len)), kmer_len);
data/skesa-2.4.0/graphdigger.hpp:3006:78: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string rextend = MostLikelyExtension(m_graph.GetNode(read.substr(read.size()-kmer_len)), kmer_len);
data/skesa-2.4.0/graphdigger.hpp:3014:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vector<int> bases(read.size(), 0);
data/skesa-2.4.0/graphdigger.hpp:3016:93: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(int kk = 0; lextend.size()+read_pos+1 < extended_nodes.size() && read_pos < read.size(); ++kk, ++read_pos) {
data/skesa-2.4.0/graphdigger.hpp:3040:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(unsigned k = 0; k < read.size(); ++k) {
data/skesa-2.4.0/graphdigger.hpp:3041:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for( ; k < read.size() && !bases[k]; ++k); // skip bad bases
data/skesa-2.4.0/graphdigger.hpp:3044:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for( ; k < read.size() && bases[k]; ++k, ++current_len); // count adjacent good bases
data/skesa-2.4.0/graphdigger.hpp:3052:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
left = read.size();
data/skesa-2.4.0/graphdigger.hpp:3054:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.clear();
data/skesa-2.4.0/graphdigger.hpp:3057:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = read.substr(left, len);
data/skesa-2.4.0/graphdigger.hpp:3100:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
string read;
data/skesa-2.4.0/graphdigger.hpp:3104:67: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(hit < (int)min(nodes1.size(),nodes2.size()) && equal(nodes2.begin(), nodes2.begin()+hit, nodes1.end()-hit-1)) { // overlap
data/skesa-2.4.0/graphdigger.hpp:3133:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read.empty())
data/skesa-2.4.0/graphdigger.hpp:3139:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!read.empty()) {
data/skesa-2.4.0/graphdigger.hpp:3143:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read = lextend+read;
data/skesa-2.4.0/graphdigger.hpp:3146:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
paired_reads[0].PushBack(read);
data/skesa-2.4.0/readsgetter.hpp:369:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void InsertRead(string& read, CReadHolder& rholder, const string& source_name) {
data/skesa-2.4.0/readsgetter.hpp:371:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(char& c : read) c = toupper(c);
data/skesa-2.4.0/readsgetter.hpp:373:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read.find_first_not_of("ACGTYRWSKMDVHBXN-") != string::npos)
data/skesa-2.4.0/readsgetter.hpp:380:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(start < read.size()) {
data/skesa-2.4.0/readsgetter.hpp:381:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t stop = min(read.size(),read.find_first_not_of("ACGT", start));
data/skesa-2.4.0/readsgetter.hpp:381:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t stop = min(read.size(),read.find_first_not_of("ACGT", start));
data/skesa-2.4.0/readsgetter.hpp:387:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
start = read.find_first_of("ACGT", stop);
data/skesa-2.4.0/readsgetter.hpp:390:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rholder.PushBack(read.substr(best_start, best_len));
data/skesa-2.4.0/readsgetter.hpp:464:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
InsertRead(read, rslt[1], acc);
data/skesa-2.4.0/readsgetter.hpp:498:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto NextRead = [] (string& acc, string& read, bool isfasta, boost::iostreams::filtering_istream& is, const string& source_name) {
data/skesa-2.4.0/readsgetter.hpp:500:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.clear();
data/skesa-2.4.0/readsgetter.hpp:515:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.erase(remove(read.begin(),read.end(),'\n'),read.end());
data/skesa-2.4.0/readsgetter.hpp:515:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.erase(remove(read.begin(),read.end(),'\n'),read.end());
data/skesa-2.4.0/readsgetter.hpp:515:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.erase(remove(read.begin(),read.end(),'\n'),read.end());
data/skesa-2.4.0/readsgetter.hpp:515:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.erase(remove(read.begin(),read.end(),'\n'),read.end());
data/skesa-2.4.0/readsgetter.hpp:525:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!getline(is, read))
data/skesa-2.4.0/readsgetter.hpp:545:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!gztest.read(reinterpret_cast<char*>(gzstart.data()), 2))
data/skesa-2.4.0/readsgetter.hpp:655:54: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto NextRead = [] (string& acc, string& read, bool isfasta, boost::iostreams::filtering_istream& is, const string& source_name) {
data/skesa-2.4.0/readsgetter.hpp:657:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.clear();
data/skesa-2.4.0/readsgetter.hpp:672:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.erase(remove(read.begin(),read.end(),'\n'),read.end());
data/skesa-2.4.0/readsgetter.hpp:672:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.erase(remove(read.begin(),read.end(),'\n'),read.end());
data/skesa-2.4.0/readsgetter.hpp:672:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.erase(remove(read.begin(),read.end(),'\n'),read.end());
data/skesa-2.4.0/readsgetter.hpp:672:69: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.erase(remove(read.begin(),read.end(),'\n'),read.end());
data/skesa-2.4.0/readsgetter.hpp:682:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!getline(is, read))
data/skesa-2.4.0/readsgetter.hpp:702:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!gztest.read(reinterpret_cast<char*>(gzstart.data()), 2))
ANALYSIS SUMMARY:
Hits = 124
Lines analyzed = 16797 in approximately 0.48 seconds (35104 lines/second)
Physical Source Lines of Code (SLOC) = 13399
Hits@level = [0] 1 [1] 100 [2] 24 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 125 [1+] 124 [2+] 24 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 9.32905 [1+] 9.25442 [2+] 1.79118 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.