Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nanopolish-0.13.2/src/alignment/nanopolish_alignment_db.cpp
Examining data/nanopolish-0.13.2/src/alignment/nanopolish_alignment_db.h
Examining data/nanopolish-0.13.2/src/alignment/nanopolish_anchor.cpp
Examining data/nanopolish-0.13.2/src/alignment/nanopolish_anchor.h
Examining data/nanopolish-0.13.2/src/alignment/nanopolish_eventalign.cpp
Examining data/nanopolish-0.13.2/src/alignment/nanopolish_eventalign.h
Examining data/nanopolish-0.13.2/src/common/alg.hpp
Examining data/nanopolish-0.13.2/src/common/fs_support.cpp
Examining data/nanopolish-0.13.2/src/common/fs_support.hpp
Examining data/nanopolish-0.13.2/src/common/logger.hpp
Examining data/nanopolish-0.13.2/src/common/logsum.cpp
Examining data/nanopolish-0.13.2/src/common/logsum.h
Examining data/nanopolish-0.13.2/src/common/logsumset.hpp
Examining data/nanopolish-0.13.2/src/common/nanopolish_alphabet.cpp
Examining data/nanopolish-0.13.2/src/common/nanopolish_alphabet.h
Examining data/nanopolish-0.13.2/src/common/nanopolish_bam_processor.cpp
Examining data/nanopolish-0.13.2/src/common/nanopolish_bam_processor.h
Examining data/nanopolish-0.13.2/src/common/nanopolish_bam_utils.cpp
Examining data/nanopolish-0.13.2/src/common/nanopolish_bam_utils.h
Examining data/nanopolish-0.13.2/src/common/nanopolish_common.cpp
Examining data/nanopolish-0.13.2/src/common/nanopolish_common.h
Examining data/nanopolish-0.13.2/src/common/nanopolish_iupac.cpp
Examining data/nanopolish-0.13.2/src/common/nanopolish_iupac.h
Examining data/nanopolish-0.13.2/src/common/nanopolish_klcs.cpp
Examining data/nanopolish-0.13.2/src/common/nanopolish_klcs.h
Examining data/nanopolish-0.13.2/src/common/nanopolish_matrix.h
Examining data/nanopolish-0.13.2/src/common/nanopolish_variant.cpp
Examining data/nanopolish-0.13.2/src/common/nanopolish_variant.h
Examining data/nanopolish-0.13.2/src/common/profiler.h
Examining data/nanopolish-0.13.2/src/common/progress.h
Examining data/nanopolish-0.13.2/src/hmm/invgauss.hpp
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_duration_model.cpp
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_duration_model.h
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_hmm_input_sequence.h
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_profile_hmm.cpp
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_profile_hmm.h
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_profile_hmm_r7.cpp
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_profile_hmm_r7.h
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_profile_hmm_r9.cpp
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_profile_hmm_r9.h
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_transition_parameters.cpp
Examining data/nanopolish-0.13.2/src/hmm/nanopolish_transition_parameters.h
Examining data/nanopolish-0.13.2/src/io/nanopolish_fast5_io.cpp
Examining data/nanopolish-0.13.2/src/io/nanopolish_fast5_io.h
Examining data/nanopolish-0.13.2/src/io/nanopolish_fast5_loader.cpp
Examining data/nanopolish-0.13.2/src/io/nanopolish_fast5_loader.h
Examining data/nanopolish-0.13.2/src/io/nanopolish_fast5_processor.cpp
Examining data/nanopolish-0.13.2/src/io/nanopolish_fast5_processor.h
Examining data/nanopolish-0.13.2/src/main/nanopolish.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_call_methylation.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_call_methylation.h
Examining data/nanopolish-0.13.2/src/nanopolish_call_variants.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_call_variants.h
Examining data/nanopolish-0.13.2/src/nanopolish_extract.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_extract.h
Examining data/nanopolish-0.13.2/src/nanopolish_getmodel.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_getmodel.h
Examining data/nanopolish-0.13.2/src/nanopolish_haplotype.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_haplotype.h
Examining data/nanopolish-0.13.2/src/nanopolish_index.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_index.h
Examining data/nanopolish-0.13.2/src/nanopolish_methyltrain.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_methyltrain.h
Examining data/nanopolish-0.13.2/src/nanopolish_phase_reads.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_phase_reads.h
Examining data/nanopolish-0.13.2/src/nanopolish_polya_estimator.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_polya_estimator.h
Examining data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_raw_loader.h
Examining data/nanopolish-0.13.2/src/nanopolish_read_db.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_read_db.h
Examining data/nanopolish-0.13.2/src/nanopolish_scorereads.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_scorereads.h
Examining data/nanopolish-0.13.2/src/nanopolish_squiggle_read.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_squiggle_read.h
Examining data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.h
Examining data/nanopolish-0.13.2/src/nanopolish_variant_db.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_variant_db.h
Examining data/nanopolish-0.13.2/src/nanopolish_vcf2fasta.cpp
Examining data/nanopolish-0.13.2/src/nanopolish_vcf2fasta.h
Examining data/nanopolish-0.13.2/src/pore_model/nanopolish_builtin_models.h
Examining data/nanopolish-0.13.2/src/pore_model/nanopolish_model_names.cpp
Examining data/nanopolish-0.13.2/src/pore_model/nanopolish_model_names.h
Examining data/nanopolish-0.13.2/src/pore_model/nanopolish_pore_model_set.cpp
Examining data/nanopolish-0.13.2/src/pore_model/nanopolish_pore_model_set.h
Examining data/nanopolish-0.13.2/src/pore_model/nanopolish_poremodel.cpp
Examining data/nanopolish-0.13.2/src/pore_model/nanopolish_poremodel.h
Examining data/nanopolish-0.13.2/src/test/catch.hpp
Examining data/nanopolish-0.13.2/src/test/nanopolish_test.cpp
Examining data/nanopolish-0.13.2/src/thirdparty/fet.c
Examining data/nanopolish-0.13.2/src/thirdparty/fet.h
Examining data/nanopolish-0.13.2/src/thirdparty/scrappie/event_detection.c
Examining data/nanopolish-0.13.2/src/thirdparty/scrappie/event_detection.h
Examining data/nanopolish-0.13.2/src/thirdparty/scrappie/scrappie_common.c
Examining data/nanopolish-0.13.2/src/thirdparty/scrappie/scrappie_common.h
Examining data/nanopolish-0.13.2/src/thirdparty/scrappie/scrappie_stdlib.h
Examining data/nanopolish-0.13.2/src/thirdparty/scrappie/scrappie_structures.h
Examining data/nanopolish-0.13.2/src/thirdparty/stdaln.c
Examining data/nanopolish-0.13.2/src/thirdparty/stdaln.h
Examining data/nanopolish-0.13.2/src/training_core.cpp
Examining data/nanopolish-0.13.2/src/training_core.hpp
FINAL RESULTS:
data/nanopolish-0.13.2/src/pore_model/nanopolish_poremodel.cpp:22:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(known, newbase);
data/nanopolish-0.13.2/src/thirdparty/fet.c:106:9: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (scanf("%s%d%d%d%d", id, &n11, &n12, &n21, &n22) == 5) {
data/nanopolish-0.13.2/src/alignment/nanopolish_eventalign.cpp:832:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/nanopolish_call_methylation.cpp:785:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/nanopolish_call_variants.cpp:1020:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/nanopolish_extract.cpp:313:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/nanopolish_getmodel.cpp:68:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/nanopolish_index.cpp:234:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/nanopolish_methyltrain.cpp:481:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/nanopolish_phase_reads.cpp:117:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/nanopolish_polya_estimator.cpp:102:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/nanopolish_scorereads.cpp:232:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.cpp:77:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/nanopolish_vcf2fasta.cpp:80:23: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
for (char c; (c = getopt_long(argc, argv, shortopts, longopts, NULL)) != -1;) {
data/nanopolish-0.13.2/src/test/catch.hpp:5726:22: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( m_configData.rngSeed );
data/nanopolish-0.13.2/src/alignment/nanopolish_eventalign.cpp:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_get_cigar(event_record),
data/nanopolish-0.13.2/src/alignment/nanopolish_eventalign.cpp:924:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.summary_fp = fopen(opt::summary_file.c_str(), "w");
data/nanopolish-0.13.2/src/common/nanopolish_bam_utils.cpp:51:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bam_get_cigar(record),
data/nanopolish-0.13.2/src/common/nanopolish_common.cpp:54:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
out = { atoi(vec[0].c_str()),
data/nanopolish-0.13.2/src/common/nanopolish_common.cpp:55:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(vec[1].c_str()),
data/nanopolish-0.13.2/src/common/nanopolish_common.cpp:56:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(vec[2].c_str())
data/nanopolish-0.13.2/src/common/nanopolish_matrix.h:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_matrix.cells, old_matrix.cells, bytes);
data/nanopolish-0.13.2/src/nanopolish_call_methylation.cpp:487:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* read_fp = fopen(fastq_filename.c_str(), "r");
data/nanopolish-0.13.2/src/nanopolish_call_methylation.cpp:594:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handles.site_writer = fopen(calls_outname.c_str(), "w");
data/nanopolish-0.13.2/src/nanopolish_call_variants.cpp:465:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* stats_out = fopen(stats_fn.c_str(), "w");
data/nanopolish-0.13.2/src/nanopolish_call_variants.cpp:466:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* alignment_out = fopen(alignment_fn.c_str(), "w");
data/nanopolish-0.13.2/src/nanopolish_call_variants.cpp:1171:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_fp = fopen(opt::output_file.c_str(), "w");
data/nanopolish-0.13.2/src/nanopolish_call_variants.cpp:1244:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* consensus_fp = fopen(opt::consensus_output.c_str(), "w");
data/nanopolish-0.13.2/src/nanopolish_extract.cpp:179:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(fn);
data/nanopolish-0.13.2/src/nanopolish_extract.cpp:402:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs.open(opt::output_file);
data/nanopolish-0.13.2/src/nanopolish_methyltrain.cpp:827:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* summary_fp = fopen(summary_fn.str().c_str(), "w");
data/nanopolish-0.13.2/src/nanopolish_read_db.cpp:108:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* read_fp = fopen(input_filename.c_str(), "r");
data/nanopolish-0.13.2/src/nanopolish_read_db.cpp:121:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* write_fp = fopen(out_fasta_filename.c_str(), "w");
data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.cpp:241:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* tsv_writer = fopen("train_poremodel_from_basecalls.tsv", "w");
data/nanopolish-0.13.2/src/pore_model/nanopolish_poremodel.cpp:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newbase[2];
data/nanopolish-0.13.2/src/pore_model/nanopolish_poremodel.cpp:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bases[maxNucleotides+1] = "";
data/nanopolish-0.13.2/src/pore_model/nanopolish_poremodel.cpp:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bases[maxNucleotides+1]="";
data/nanopolish-0.13.2/src/test/catch.hpp:1035:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sizer[1];
data/nanopolish-0.13.2/src/test/catch.hpp:1040:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sizer[2];
data/nanopolish-0.13.2/src/test/catch.hpp:2560:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[sizeof(T)];
data/nanopolish-0.13.2/src/test/catch.hpp:5623:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( m_config->getFilename().c_str() );
data/nanopolish-0.13.2/src/test/catch.hpp:6136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/nanopolish-0.13.2/src/test/catch.hpp:7256:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/nanopolish-0.13.2/src/test/catch.hpp:7821:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/nanopolish-0.13.2/src/thirdparty/fet.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[1024];
data/nanopolish-0.13.2/src/thirdparty/scrappie/scrappie_common.c:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(space, x, nx * sizeof(float));
data/nanopolish-0.13.2/src/thirdparty/stdaln.c:33:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_nt16_table[256] = {
data/nanopolish-0.13.2/src/thirdparty/stdaln.c:54:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_nt4_table[256] = {
data/nanopolish-0.13.2/src/thirdparty/stdaln.c:75:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_aa_table[256] = {
data/nanopolish-0.13.2/src/thirdparty/stdaln.c:97:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aln_trans_table_eu[66] = {
data/nanopolish-0.13.2/src/alignment/nanopolish_eventalign.cpp:371:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bam_get_qname(event_record),
data/nanopolish-0.13.2/src/common/nanopolish_alphabet.h:290:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strspn(bases, _base) == strlen(bases);
data/nanopolish-0.13.2/src/common/nanopolish_alphabet.h:317:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strspn(bases, _base) == strlen(bases);
data/nanopolish-0.13.2/src/common/nanopolish_alphabet.h:354:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strspn(bases, _base) == strlen(bases);
data/nanopolish-0.13.2/src/common/nanopolish_alphabet.h:374:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strspn(bases, _base) == strlen(bases);
data/nanopolish-0.13.2/src/common/nanopolish_alphabet.h:394:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strspn(bases, _base) == strlen(bases);
data/nanopolish-0.13.2/src/common/nanopolish_alphabet.h:414:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strspn(bases, _base) == strlen(bases);
data/nanopolish-0.13.2/src/common/nanopolish_bam_utils.cpp:44:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bam_get_qname(record),
data/nanopolish-0.13.2/src/common/nanopolish_common.h:55:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SquiggleRead* read;
data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h:32:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline float z_score(const SquiggleRead& read,
data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h:38:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float level = read.get_drift_scaled_level(event_idx, strand);
data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h:39:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
GaussianParameters gp = read.get_scaled_gaussian_from_pore_model_state(pore_model, strand, kmer_rank);
data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h:57:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline float log_probability_match_r9(const SquiggleRead& read,
data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h:64:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float level = read.get_drift_scaled_level(event_idx, strand);
data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h:65:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
GaussianParameters gp = read.get_scaled_gaussian_from_pore_model_state(pore_model, strand, kmer_rank);
data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h:70:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline float log_probability_match_r7(const SquiggleRead& read,
data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h:78:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float level = read.get_drift_scaled_level(event_idx, strand);
data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h:79:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
GaussianParameters gp = read.get_scaled_gaussian_from_pore_model_state(pore_model, strand, kmer_rank);
data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h:86:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline float log_probability_event_insert_r7(const SquiggleRead& read,
data/nanopolish-0.13.2/src/hmm/nanopolish_emissions.h:95:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return log_probability_match_r7(read, pore_model, kmer_rank, event_idx, strand, scale, log_scale);
data/nanopolish-0.13.2/src/nanopolish_call_variants.cpp:628:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const SquiggleRead* read = event_sequences[j].read;
data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp:77:75: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::vector<AlignedPair> adaptive_banded_simple_event_align(SquiggleRead& read, const PoreModel& pore_model, const std::string& sequence)
data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp:82:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t n_events = read.events[strand_idx].size();
data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp:263:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float lp_emission = log_probability_match_r9(read, pore_model, kmer_rank, event_idx, strand_idx);
data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp:341:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sum_emission += log_probability_match_r9(read, pore_model, kmer_rank, curr_event_idx, strand_idx);
data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp:381:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::vector<AlignedPair> banded_simple_event_align(SquiggleRead& read, const PoreModel& pore_model, const std::string& sequence)
data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp:389:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::vector<size_t> kmer_for_event(read.events[strand_idx].size());
data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp:390:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(size_t ki = 0; ki < read.base_to_event_map.size(); ++ki) {
data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp:391:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IndexPair& elem = read.base_to_event_map[ki].indices[0];
data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp:421:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t n_events = read.events[strand_idx].size();
data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp:478:58: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
float lp_emission = log_probability_match_r9(read, pore_model, kmer_rank, event_idx, strand_idx);
data/nanopolish-0.13.2/src/nanopolish_raw_loader.cpp:544:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sum_emission += log_probability_match_r9(read, pore_model, kmer_rank, curr_event_idx, strand_idx);
data/nanopolish-0.13.2/src/nanopolish_raw_loader.h:22:75: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::vector<AlignedPair> adaptive_banded_simple_event_align(SquiggleRead& read,
data/nanopolish-0.13.2/src/nanopolish_raw_loader.h:28:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::vector<AlignedPair> banded_simple_event_align(SquiggleRead& read,
data/nanopolish-0.13.2/src/nanopolish_squiggle_read.cpp:1202:27: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
auto p = std::mismatch(read_name.begin(), read_name.end(), fq_a[0].begin());
data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.cpp:175:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void alignment_to_training_data(const SquiggleRead* read,
data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.cpp:234:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reads.push_back(read);
data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.cpp:245:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(auto* read : reads) {
data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.cpp:259:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
alignment_to_training_data(read,
data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.cpp:316:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
recalibrate_model(*read,
data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.cpp:338:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
alignment_to_training_data(read,
data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.cpp:386:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(auto* read : reads) {
data/nanopolish-0.13.2/src/nanopolish_train_poremodel_from_basecalls.cpp:387:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
delete read;
data/nanopolish-0.13.2/src/pore_model/nanopolish_poremodel.cpp:20:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ( (posn = strspn(kmer, known)) != strlen(kmer) ){
data/nanopolish-0.13.2/src/thirdparty/scrappie/scrappie_stdlib.h:40:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define strlen(A) (NULL != A) ? strlen(A) : 0
data/nanopolish-0.13.2/src/thirdparty/scrappie/scrappie_stdlib.h:40:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define strlen(A) (NULL != A) ? strlen(A) : 0
data/nanopolish-0.13.2/src/thirdparty/stdaln.c:771:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len1 < 0) len1 = strlen(seq1);
data/nanopolish-0.13.2/src/thirdparty/stdaln.c:772:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len2 < 0) len2 = strlen(seq2);
ANALYSIS SUMMARY:
Hits = 98
Lines analyzed = 32317 in approximately 0.76 seconds (42471 lines/second)
Physical Source Lines of Code (SLOC) = 23396
Hits@level = [0] 264 [1] 48 [2] 35 [3] 13 [4] 2 [5] 0
Hits@level+ = [0+] 362 [1+] 98 [2+] 50 [3+] 15 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 15.4727 [1+] 4.18875 [2+] 2.13712 [3+] 0.641135 [4+] 0.0854847 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.