Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/clonalframe-1.2/src/alignment.cpp Examining data/clonalframe-1.2/src/alignment.h Examining data/clonalframe-1.2/src/alignment_structure.cpp Examining data/clonalframe-1.2/src/alignment_structure.h Examining data/clonalframe-1.2/src/alignment_xmfa.cpp Examining data/clonalframe-1.2/src/alignment_xmfa.h Examining data/clonalframe-1.2/src/boot.cpp Examining data/clonalframe-1.2/src/boot.h Examining data/clonalframe-1.2/src/burst.cpp Examining data/clonalframe-1.2/src/burst.h Examining data/clonalframe-1.2/src/ClonalFrame.cpp Examining data/clonalframe-1.2/src/consensus.cpp Examining data/clonalframe-1.2/src/consensus.h Examining data/clonalframe-1.2/src/genes.cpp Examining data/clonalframe-1.2/src/genes.h Examining data/clonalframe-1.2/src/hashcell.cpp Examining data/clonalframe-1.2/src/hashcell.h Examining data/clonalframe-1.2/src/move.cpp Examining data/clonalframe-1.2/src/move.h Examining data/clonalframe-1.2/src/move_ages.cpp Examining data/clonalframe-1.2/src/move_ages.h Examining data/clonalframe-1.2/src/move_delta.cpp Examining data/clonalframe-1.2/src/move_delta.h Examining data/clonalframe-1.2/src/move_gap.cpp Examining data/clonalframe-1.2/src/move_gap.h Examining data/clonalframe-1.2/src/move_hidden.h Examining data/clonalframe-1.2/src/move_hidden2.cpp Examining data/clonalframe-1.2/src/move_hidden2.h Examining data/clonalframe-1.2/src/move_mu.cpp Examining data/clonalframe-1.2/src/move_mu.h Examining data/clonalframe-1.2/src/move_nu.cpp Examining data/clonalframe-1.2/src/move_nu.h Examining data/clonalframe-1.2/src/move_rho.cpp Examining data/clonalframe-1.2/src/move_rho.h Examining data/clonalframe-1.2/src/move_wb.cpp Examining data/clonalframe-1.2/src/move_wb.h Examining data/clonalframe-1.2/src/param.cpp Examining data/clonalframe-1.2/src/param.h Examining data/clonalframe-1.2/src/recorder.cpp Examining data/clonalframe-1.2/src/recorder.h Examining data/clonalframe-1.2/src/timeval.h Examining data/clonalframe-1.2/src/tree.cpp Examining data/clonalframe-1.2/src/tree.h Examining data/clonalframe-1.2/src/tree_coal.cpp Examining data/clonalframe-1.2/src/tree_coal.h Examining data/clonalframe-1.2/src/tree_newick.cpp Examining data/clonalframe-1.2/src/tree_newick.h Examining data/clonalframe-1.2/src/tree_simple.cpp Examining data/clonalframe-1.2/src/tree_simple.h Examining data/clonalframe-1.2/src/tree_upgma.cpp Examining data/clonalframe-1.2/src/tree_upgma.h Examining data/clonalframe-1.2/src/move_hidden.cpp Examining data/clonalframe-1.2/src/util.cpp Examining data/clonalframe-1.2/src/util.h FINAL RESULTS: data/clonalframe-1.2/src/ClonalFrame.cpp:250:24: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (argc-optind>0) sprintf(outputname,"%s",argv[optind++]); else sprintf(outputname,"%s.out",inputname); data/clonalframe-1.2/src/ClonalFrame.cpp:250:70: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (argc-optind>0) sprintf(outputname,"%s",argv[optind++]); else sprintf(outputname,"%s.out",inputname); data/clonalframe-1.2/src/alignment_xmfa.cpp:200:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf2,buf+i); data/clonalframe-1.2/src/consensus.cpp:174:26: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. pos+=sprintf(res+pos,"%s:%f,",r,age-tokeep[j]->age/tokeep[j]->nb); data/clonalframe-1.2/src/recorder.cpp:101:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s",out); data/clonalframe-1.2/src/tree.cpp:323:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"(%s,%s):%f",l,r,fage-age); data/clonalframe-1.2/src/tree.cpp:325:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"(%s,%s):%f",r,l,fage-age); data/clonalframe-1.2/src/ClonalFrame.cpp:194:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt (argc, argv, "E:x:y:z:m:d:n:r:t:w:j:e:S:a:b:f:g:l:sMDNRTAGHhBCcUvFILW")) != -1) data/clonalframe-1.2/src/ClonalFrame.cpp:92:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((devrandom = fopen("/dev/urandom","r")) == NULL) { data/clonalframe-1.2/src/ClonalFrame.cpp:197:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case('x'):nbit=atoi(optarg);break; data/clonalframe-1.2/src/ClonalFrame.cpp:198:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case('y'):burn=atoi(optarg);break; data/clonalframe-1.2/src/ClonalFrame.cpp:199:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case('z'):thin=atoi(optarg);break; data/clonalframe-1.2/src/ClonalFrame.cpp:214:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case('t'):treeinit=atoi(optarg);break; data/clonalframe-1.2/src/ClonalFrame.cpp:222:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case('e'):nbswaps=atoi(optarg);break; data/clonalframe-1.2/src/ClonalFrame.cpp:223:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case('S'):seeded=true;seed=atoi(optarg);break; data/clonalframe-1.2/src/ClonalFrame.cpp:233:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case('l'):mindistrefsites=atoi(optarg);break; data/clonalframe-1.2/src/alignment.cpp:238:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * f=fopen(filename,"w"); data/clonalframe-1.2/src/alignment.cpp:245:44: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (getData(j,k)=='N') memcpy(buf+k-beg,"-",1);else memcpy(buf+k-beg,lets+getData(j,k)-'0',1); data/clonalframe-1.2/src/alignment.cpp:245:73: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (getData(j,k)=='N') memcpy(buf+k-beg,"-",1);else memcpy(buf+k-beg,lets+getData(j,k)-'0',1); data/clonalframe-1.2/src/alignment.h:55:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * names[10000]; data/clonalframe-1.2/src/alignment_structure.cpp:29:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * f=fopen(filename,"r"); data/clonalframe-1.2/src/alignment_structure.cpp:91:82: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. for (int i=0;i<numLines-1;i++) {names[i]=(char*)calloc(100,sizeof(char));sprintf(names[i],"%d",i+1);} data/clonalframe-1.2/src/alignment_structure.cpp:104:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(c,"%d",gsl_matrix_int_get(d,j,i)); data/clonalframe-1.2/src/alignment_structure.cpp:141:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * f=fopen(filename,"r"); data/clonalframe-1.2/src/alignment_xmfa.cpp:27:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10000]; data/clonalframe-1.2/src/alignment_xmfa.cpp:28:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[1000]; data/clonalframe-1.2/src/alignment_xmfa.cpp:30:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * f=fopen(filename,"r"); data/clonalframe-1.2/src/alignment_xmfa.cpp:109:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in[i]=fopen(filename,"r"); data/clonalframe-1.2/src/consensus.cpp:155:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(res+strlen(res),":0.000000"); data/clonalframe-1.2/src/consensus.cpp:171:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos+=sprintf(res+pos,"%d:%f,",first(tokeep[j]->id)+1,age); data/clonalframe-1.2/src/consensus.cpp:179:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(res+pos-1,")%d",w+1); data/clonalframe-1.2/src/genes.cpp:28:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * mapf=fopen(mapfile,"r"); data/clonalframe-1.2/src/genes.cpp:41:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * genes=fopen(genesfile,"r"); data/clonalframe-1.2/src/recorder.cpp:94:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1000]; data/clonalframe-1.2/src/recorder.cpp:102:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * f=fopen(filename,"w"); data/clonalframe-1.2/src/tree.cpp:336:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"%d:%f",i+1,fage-age); data/clonalframe-1.2/src/tree_newick.cpp:36:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). newickFile.open(name); data/clonalframe-1.2/src/util.cpp:36:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * f=fopen(filename,"w"); data/clonalframe-1.2/src/util.cpp:60:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * f=fopen(filename,"w"); data/clonalframe-1.2/src/alignment.cpp:246:17: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(buf+end-beg,"\0"); data/clonalframe-1.2/src/alignment_structure.cpp:39:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch=fgetc(f); data/clonalframe-1.2/src/alignment_xmfa.cpp:92:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length+=strlen(buf); data/clonalframe-1.2/src/alignment_xmfa.cpp:129:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (j=0;j<strlen(bufin[i]);j++) { data/clonalframe-1.2/src/alignment_xmfa.cpp:190:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buf[strlen(buf)-1]=='\n' || buf[strlen(buf)-1]=='\r') data/clonalframe-1.2/src/alignment_xmfa.cpp:190:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buf[strlen(buf)-1]=='\n' || buf[strlen(buf)-1]=='\r') data/clonalframe-1.2/src/alignment_xmfa.cpp:191:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[strlen(buf)-1]='\0'; data/clonalframe-1.2/src/consensus.cpp:155:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(res+strlen(res),":0.000000"); data/clonalframe-1.2/src/consensus.cpp:165:14: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. pos+=sprintf(res+pos,"("); data/clonalframe-1.2/src/tree.cpp:318:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf=(char *)calloc(strlen(l)+strlen(r)+50,sizeof(char)); data/clonalframe-1.2/src/tree.cpp:318:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf=(char *)calloc(strlen(l)+strlen(r)+50,sizeof(char)); ANALYSIS SUMMARY: Hits = 50 Lines analyzed = 5815 in approximately 0.25 seconds (22979 lines/second) Physical Source Lines of Code (SLOC) = 3740 Hits@level = [0] 101 [1] 11 [2] 31 [3] 1 [4] 7 [5] 0 Hits@level+ = [0+] 151 [1+] 50 [2+] 39 [3+] 8 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 40.3743 [1+] 13.369 [2+] 10.4278 [3+] 2.13904 [4+] 1.87166 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.