Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/prodigal-2.6.3/bitmap.c
Examining data/prodigal-2.6.3/bitmap.h
Examining data/prodigal-2.6.3/dprog.c
Examining data/prodigal-2.6.3/dprog.h
Examining data/prodigal-2.6.3/gene.c
Examining data/prodigal-2.6.3/gene.h
Examining data/prodigal-2.6.3/main.c
Examining data/prodigal-2.6.3/metagenomic.c
Examining data/prodigal-2.6.3/metagenomic.h
Examining data/prodigal-2.6.3/node.c
Examining data/prodigal-2.6.3/node.h
Examining data/prodigal-2.6.3/sequence.c
Examining data/prodigal-2.6.3/sequence.h
Examining data/prodigal-2.6.3/training.c
Examining data/prodigal-2.6.3/training.h
FINAL RESULTS:
data/prodigal-2.6.3/gene.c:278:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(genes[i].gene_data, "ID=%d_%d;partial=%d%d;start_type=%s;", sctr,
data/prodigal-2.6.3/gene.c:286:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(genes[i].gene_data, "%srbs_motif=%s;rbs_spacer=%s",
data/prodigal-2.6.3/gene.c:290:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(genes[i].gene_data, "%srbs_motif=%s;rbs_spacer=%s",
data/prodigal-2.6.3/gene.c:298:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(genes[i].gene_data, "%srbs_motif=%s;rbs_spacer=%s",
data/prodigal-2.6.3/gene.c:303:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(genes[i].gene_data, "%srbs_motif=%s;rbs_spacer=%s",
data/prodigal-2.6.3/gene.c:307:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(genes[i].gene_data, "%srbs_motif=None;rbs_spacer=None",
data/prodigal-2.6.3/gene.c:309:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
else sprintf(genes[i].gene_data, "%srbs_motif=%s;rbs_spacer=%dbp",
data/prodigal-2.6.3/gene.c:312:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(genes[i].gene_data, "%s;gc_cont=%.3f", genes[i].gene_data,
data/prodigal-2.6.3/gene.c:322:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(genes[i].score_data, "%stscore=%.2f;", genes[i].score_data,
data/prodigal-2.6.3/gene.c:338:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(seq_data, "seqnum=%d;seqlen=%d;seqhdr=\"%s\"", sctr, slen, header);
data/prodigal-2.6.3/gene.c:342:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(run_data, "version=Prodigal.v%s;run_type=Single;", version);
data/prodigal-2.6.3/gene.c:343:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(run_data, "%smodel=\"Ab initio\";", run_data);
data/prodigal-2.6.3/gene.c:346:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(run_data, "version=Prodigal.v%s;run_type=Metagenomic;", version);
data/prodigal-2.6.3/gene.c:347:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(run_data, "%smodel=\"%s\";", run_data, mdesc);
data/prodigal-2.6.3/gene.c:349:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(run_data, "%sgc_cont=%.2f;transl_table=%d;uses_sd=%d", run_data,
data/prodigal-2.6.3/main.c:593:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_header, new_header);
data/prodigal-2.6.3/metagenomic.c:78:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[0].desc, "%d|%s|%s|%.1f|%d|%d", 0,
data/prodigal-2.6.3/metagenomic.c:81:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[1].desc, "%d|%s|%s|%.1f|%d|%d", 1,
data/prodigal-2.6.3/metagenomic.c:84:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[2].desc, "%d|%s|%s|%.1f|%d|%d", 2,
data/prodigal-2.6.3/metagenomic.c:87:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[3].desc, "%d|%s|%s|%.1f|%d|%d", 3,
data/prodigal-2.6.3/metagenomic.c:90:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[4].desc, "%d|%s|%s|%.1f|%d|%d", 4,
data/prodigal-2.6.3/metagenomic.c:93:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[5].desc, "%d|%s|%s|%.1f|%d|%d", 5,
data/prodigal-2.6.3/metagenomic.c:96:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[6].desc, "%d|%s|%s|%.1f|%d|%d", 6,
data/prodigal-2.6.3/metagenomic.c:99:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[7].desc, "%d|%s|%s|%.1f|%d|%d", 7,
data/prodigal-2.6.3/metagenomic.c:102:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[8].desc, "%d|%s|%s|%.1f|%d|%d", 8,
data/prodigal-2.6.3/metagenomic.c:105:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[9].desc, "%d|%s|%s|%.1f|%d|%d", 9,
data/prodigal-2.6.3/metagenomic.c:108:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[10].desc, "%d|%s|%s|%.1f|%d|%d", 10,
data/prodigal-2.6.3/metagenomic.c:111:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[11].desc, "%d|%s|%s|%.1f|%d|%d", 11,
data/prodigal-2.6.3/metagenomic.c:114:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[12].desc, "%d|%s|%s|%.1f|%d|%d", 12,
data/prodigal-2.6.3/metagenomic.c:117:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[13].desc, "%d|%s|%s|%.1f|%d|%d", 13,
data/prodigal-2.6.3/metagenomic.c:120:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[14].desc, "%d|%s|%s|%.1f|%d|%d", 14,
data/prodigal-2.6.3/metagenomic.c:123:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[15].desc, "%d|%s|%s|%.1f|%d|%d", 15,
data/prodigal-2.6.3/metagenomic.c:126:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[16].desc, "%d|%s|%s|%.1f|%d|%d", 16,
data/prodigal-2.6.3/metagenomic.c:129:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[17].desc, "%d|%s|%s|%.1f|%d|%d", 17,
data/prodigal-2.6.3/metagenomic.c:132:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[18].desc, "%d|%s|%s|%.1f|%d|%d", 18,
data/prodigal-2.6.3/metagenomic.c:135:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[19].desc, "%d|%s|%s|%.1f|%d|%d", 19,
data/prodigal-2.6.3/metagenomic.c:138:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[20].desc, "%d|%s|%s|%.1f|%d|%d", 20,
data/prodigal-2.6.3/metagenomic.c:141:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[21].desc, "%d|%s|%s|%.1f|%d|%d", 21,
data/prodigal-2.6.3/metagenomic.c:144:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[22].desc, "%d|%s|%s|%.1f|%d|%d", 22,
data/prodigal-2.6.3/metagenomic.c:147:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[23].desc, "%d|%s|%s|%.1f|%d|%d", 23,
data/prodigal-2.6.3/metagenomic.c:150:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[24].desc, "%d|%s|%s|%.1f|%d|%d", 24,
data/prodigal-2.6.3/metagenomic.c:153:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[25].desc, "%d|%s|%s|%.1f|%d|%d", 25,
data/prodigal-2.6.3/metagenomic.c:156:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[26].desc, "%d|%s|%s|%.1f|%d|%d", 26,
data/prodigal-2.6.3/metagenomic.c:159:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[27].desc, "%d|%s|%s|%.1f|%d|%d", 27,
data/prodigal-2.6.3/metagenomic.c:162:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[28].desc, "%d|%s|%s|%.1f|%d|%d", 28,
data/prodigal-2.6.3/metagenomic.c:165:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[29].desc, "%d|%s|%s|%.1f|%d|%d", 29,
data/prodigal-2.6.3/metagenomic.c:168:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[30].desc, "%d|%s|%s|%.1f|%d|%d", 30,
data/prodigal-2.6.3/metagenomic.c:171:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[31].desc, "%d|%s|%s|%.1f|%d|%d", 31,
data/prodigal-2.6.3/metagenomic.c:174:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[32].desc, "%d|%s|%s|%.1f|%d|%d", 32,
data/prodigal-2.6.3/metagenomic.c:177:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[33].desc, "%d|%s|%s|%.1f|%d|%d", 33,
data/prodigal-2.6.3/metagenomic.c:180:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[34].desc, "%d|%s|%s|%.1f|%d|%d", 34,
data/prodigal-2.6.3/metagenomic.c:183:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[35].desc, "%d|%s|%s|%.1f|%d|%d", 35,
data/prodigal-2.6.3/metagenomic.c:186:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[36].desc, "%d|%s|%s|%.1f|%d|%d", 36,
data/prodigal-2.6.3/metagenomic.c:189:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[37].desc, "%d|%s|%s|%.1f|%d|%d", 37,
data/prodigal-2.6.3/metagenomic.c:192:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[38].desc, "%d|%s|%s|%.1f|%d|%d", 38,
data/prodigal-2.6.3/metagenomic.c:195:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[39].desc, "%d|%s|%s|%.1f|%d|%d", 39,
data/prodigal-2.6.3/metagenomic.c:198:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[40].desc, "%d|%s|%s|%.1f|%d|%d", 40,
data/prodigal-2.6.3/metagenomic.c:201:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[41].desc, "%d|%s|%s|%.1f|%d|%d", 41,
data/prodigal-2.6.3/metagenomic.c:204:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[42].desc, "%d|%s|%s|%.1f|%d|%d", 42,
data/prodigal-2.6.3/metagenomic.c:207:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[43].desc, "%d|%s|%s|%.1f|%d|%d", 43,
data/prodigal-2.6.3/metagenomic.c:210:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[44].desc, "%d|%s|%s|%.1f|%d|%d", 44,
data/prodigal-2.6.3/metagenomic.c:213:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[45].desc, "%d|%s|%s|%.1f|%d|%d", 45,
data/prodigal-2.6.3/metagenomic.c:216:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[46].desc, "%d|%s|%s|%.1f|%d|%d", 46,
data/prodigal-2.6.3/metagenomic.c:219:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[47].desc, "%d|%s|%s|%.1f|%d|%d", 47,
data/prodigal-2.6.3/metagenomic.c:222:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[48].desc, "%d|%s|%s|%.1f|%d|%d", 48,
data/prodigal-2.6.3/metagenomic.c:225:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(meta[49].desc, "%d|%s|%s|%.1f|%d|%d", 49,
data/prodigal-2.6.3/node.c:1417:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(seq_data, "seqnum=%d;seqlen=%d;seqhdr=\"%s\"", sctr, slen, header);
data/prodigal-2.6.3/node.c:1421:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(run_data, "version=Prodigal.v%s;run_type=Single;", version);
data/prodigal-2.6.3/node.c:1422:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(run_data, "%smodel=\"Ab initio\";", run_data);
data/prodigal-2.6.3/node.c:1425:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(run_data, "version=Prodigal.v%s;run_type=Metagenomic;", version);
data/prodigal-2.6.3/node.c:1426:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(run_data, "%smodel=\"%s\";", run_data, mdesc);
data/prodigal-2.6.3/node.c:1428:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(run_data, "%sgc_cont=%.2f;transl_table=%d;uses_sd=%d", run_data,
data/prodigal-2.6.3/sequence.c:143:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_hdr, line+12);
data/prodigal-2.6.3/sequence.c:147:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_hdr, line+12);
data/prodigal-2.6.3/sequence.c:155:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_hdr, line+1);
data/prodigal-2.6.3/sequence.c:161:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_hdr, line+1);
data/prodigal-2.6.3/sequence.c:229:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(short_header, header);
data/prodigal-2.6.3/gene.c:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sd_string[28][100], sd_spacer[28][20], qt[10];
data/prodigal-2.6.3/gene.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_string[4][5] = { "ATG", "GTG", "TTG" , "Edge" };
data/prodigal-2.6.3/gene.c:205:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[0], "None");
data/prodigal-2.6.3/gene.c:206:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[0], "None");
data/prodigal-2.6.3/gene.c:207:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[1], "GGA/GAG/AGG");
data/prodigal-2.6.3/gene.c:208:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[1], "3-4bp");
data/prodigal-2.6.3/gene.c:209:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[2], "3Base/5BMM");
data/prodigal-2.6.3/gene.c:210:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[2], "13-15bp");
data/prodigal-2.6.3/gene.c:211:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[3], "4Base/6BMM");
data/prodigal-2.6.3/gene.c:212:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[3], "13-15bp");
data/prodigal-2.6.3/gene.c:213:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[4], "AGxAG");
data/prodigal-2.6.3/gene.c:214:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[4], "11-12bp");
data/prodigal-2.6.3/gene.c:215:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[5], "AGxAG");
data/prodigal-2.6.3/gene.c:216:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[5], "3-4bp");
data/prodigal-2.6.3/gene.c:217:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[6], "GGA/GAG/AGG");
data/prodigal-2.6.3/gene.c:218:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[6], "11-12bp");
data/prodigal-2.6.3/gene.c:219:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[7], "GGxGG");
data/prodigal-2.6.3/gene.c:220:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[7], "11-12bp");
data/prodigal-2.6.3/gene.c:221:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[8], "GGxGG");
data/prodigal-2.6.3/gene.c:222:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[8], "3-4bp");
data/prodigal-2.6.3/gene.c:223:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[9], "AGxAG");
data/prodigal-2.6.3/gene.c:224:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[9], "5-10bp");
data/prodigal-2.6.3/gene.c:225:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[10], "AGGAG(G)/GGAGG");
data/prodigal-2.6.3/gene.c:226:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[10], "13-15bp");
data/prodigal-2.6.3/gene.c:227:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[11], "AGGA/GGAG/GAGG");
data/prodigal-2.6.3/gene.c:228:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[11], "3-4bp");
data/prodigal-2.6.3/gene.c:229:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[12], "AGGA/GGAG/GAGG");
data/prodigal-2.6.3/gene.c:230:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[12], "11-12bp");
data/prodigal-2.6.3/gene.c:231:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[13], "GGA/GAG/AGG");
data/prodigal-2.6.3/gene.c:232:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[13], "5-10bp");
data/prodigal-2.6.3/gene.c:233:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[14], "GGxGG");
data/prodigal-2.6.3/gene.c:234:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[14], "5-10bp");
data/prodigal-2.6.3/gene.c:235:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[15], "AGGA");
data/prodigal-2.6.3/gene.c:236:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[15], "5-10bp");
data/prodigal-2.6.3/gene.c:237:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[16], "GGAG/GAGG");
data/prodigal-2.6.3/gene.c:238:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[16], "5-10bp");
data/prodigal-2.6.3/gene.c:239:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[17], "AGxAGG/AGGxGG");
data/prodigal-2.6.3/gene.c:240:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[17], "11-12bp");
data/prodigal-2.6.3/gene.c:241:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[18], "AGxAGG/AGGxGG");
data/prodigal-2.6.3/gene.c:242:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[18], "3-4bp");
data/prodigal-2.6.3/gene.c:243:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[19], "AGxAGG/AGGxGG");
data/prodigal-2.6.3/gene.c:244:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[19], "5-10bp");
data/prodigal-2.6.3/gene.c:245:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[20], "AGGAG/GGAGG");
data/prodigal-2.6.3/gene.c:246:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[20], "11-12bp");
data/prodigal-2.6.3/gene.c:247:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[21], "AGGAG");
data/prodigal-2.6.3/gene.c:248:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[21], "3-4bp");
data/prodigal-2.6.3/gene.c:249:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[22], "AGGAG");
data/prodigal-2.6.3/gene.c:250:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[22], "5-10bp");
data/prodigal-2.6.3/gene.c:251:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[23], "GGAGG");
data/prodigal-2.6.3/gene.c:252:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[23], "3-4bp");
data/prodigal-2.6.3/gene.c:253:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[24], "GGAGG");
data/prodigal-2.6.3/gene.c:254:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[24], "5-10bp");
data/prodigal-2.6.3/gene.c:255:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[25], "AGGAGG");
data/prodigal-2.6.3/gene.c:256:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[25], "11-12bp");
data/prodigal-2.6.3/gene.c:257:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[26], "AGGAGG");
data/prodigal-2.6.3/gene.c:258:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[26], "3-4bp");
data/prodigal-2.6.3/gene.c:259:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[27], "AGGAGG");
data/prodigal-2.6.3/gene.c:260:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[27], "5-10bp");
data/prodigal-2.6.3/gene.c:318:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(genes[i].score_data,
data/prodigal-2.6.3/gene.c:334:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char left[50], right[50];
data/prodigal-2.6.3/gene.c:335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_data[MAX_LINE*2], run_data[MAX_LINE];
data/prodigal-2.6.3/gene.c:376:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(nod[ndx].edge == 1) sprintf(left, "<%d", genes[i].begin);
data/prodigal-2.6.3/gene.c:377:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(left, "%d", genes[i].begin);
data/prodigal-2.6.3/gene.c:378:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(nod[sndx].edge == 1) sprintf(right, ">%d", genes[i].end);
data/prodigal-2.6.3/gene.c:379:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(right, "%d", genes[i].end);
data/prodigal-2.6.3/gene.c:402:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(nod[sndx].edge == 1) sprintf(left, "<%d", genes[i].begin);
data/prodigal-2.6.3/gene.c:403:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(left, "%d", genes[i].begin);
data/prodigal-2.6.3/gene.c:404:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(nod[ndx].edge == 1) sprintf(right, ">%d", genes[i].end);
data/prodigal-2.6.3/gene.c:405:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(right, "%d", genes[i].end);
data/prodigal-2.6.3/gene.h:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gene_data[500]; /* String containing gene information */
data/prodigal-2.6.3/gene.h:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char score_data[500]; /* String containing scoring information */
data/prodigal-2.6.3/main.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *input_file, *output_file, input_copy[MAX_LINE];
data/prodigal-2.6.3/main.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_header[MAX_LINE], new_header[MAX_LINE], short_header[MAX_LINE];
data/prodigal-2.6.3/main.c:77:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(meta[i].desc, "None");
data/prodigal-2.6.3/main.c:97:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(input_copy, "tmp.prodigal.stdin.%d", pid);
data/prodigal-2.6.3/main.c:156:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tinf.trans_table = atoi(argv[i+1]);
data/prodigal-2.6.3/main.c:252:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_ptr = fopen(input_file, "r");
data/prodigal-2.6.3/main.c:259:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_ptr = fopen(output_file, "w");
data/prodigal-2.6.3/main.c:266:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
start_ptr = fopen(start_file, "w");
data/prodigal-2.6.3/main.c:273:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
trans_ptr = fopen(trans_file, "w");
data/prodigal-2.6.3/main.c:281:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nuc_ptr = fopen(nuc_file, "w");
data/prodigal-2.6.3/main.c:460:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cur_header, "Prodigal_Seq_1");
data/prodigal-2.6.3/main.c:461:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(new_header, "Prodigal_Seq_2");
data/prodigal-2.6.3/main.c:594:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(new_header, "Prodigal_Seq_%d\n", num_seq+1);
data/prodigal-2.6.3/main.c:683:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE+1];
data/prodigal-2.6.3/main.c:690:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wp = fopen(path, "w");
data/prodigal-2.6.3/metagenomic.h:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[500]; /* Text description of this bin */
data/prodigal-2.6.3/node.c:1412:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sd_string[28][100], sd_spacer[28][20], qt[10];
data/prodigal-2.6.3/node.c:1413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_string[4][5] = { "ATG", "GTG", "TTG" , "Edge" };
data/prodigal-2.6.3/node.c:1414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq_data[MAX_LINE*2], run_data[MAX_LINE];
data/prodigal-2.6.3/node.c:1431:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[0], "None");
data/prodigal-2.6.3/node.c:1432:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[0], "None");
data/prodigal-2.6.3/node.c:1433:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[1], "GGA/GAG/AGG");
data/prodigal-2.6.3/node.c:1434:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[1], "3-4bp");
data/prodigal-2.6.3/node.c:1435:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[2], "3Base/5BMM");
data/prodigal-2.6.3/node.c:1436:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[2], "13-15bp");
data/prodigal-2.6.3/node.c:1437:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[3], "4Base/6BMM");
data/prodigal-2.6.3/node.c:1438:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[3], "13-15bp");
data/prodigal-2.6.3/node.c:1439:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[4], "AGxAG");
data/prodigal-2.6.3/node.c:1440:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[4], "11-12bp");
data/prodigal-2.6.3/node.c:1441:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[5], "AGxAG");
data/prodigal-2.6.3/node.c:1442:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[5], "3-4bp");
data/prodigal-2.6.3/node.c:1443:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[6], "GGA/GAG/AGG");
data/prodigal-2.6.3/node.c:1444:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[6], "11-12bp");
data/prodigal-2.6.3/node.c:1445:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[7], "GGxGG");
data/prodigal-2.6.3/node.c:1446:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[7], "11-12bp");
data/prodigal-2.6.3/node.c:1447:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[8], "GGxGG");
data/prodigal-2.6.3/node.c:1448:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[8], "3-4bp");
data/prodigal-2.6.3/node.c:1449:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[9], "AGxAG");
data/prodigal-2.6.3/node.c:1450:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[9], "5-10bp");
data/prodigal-2.6.3/node.c:1451:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[10], "AGGAG(G)/GGAGG");
data/prodigal-2.6.3/node.c:1452:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[10], "13-15bp");
data/prodigal-2.6.3/node.c:1453:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[11], "AGGA/GGAG/GAGG");
data/prodigal-2.6.3/node.c:1454:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[11], "3-4bp");
data/prodigal-2.6.3/node.c:1455:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[12], "AGGA/GGAG/GAGG");
data/prodigal-2.6.3/node.c:1456:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[12], "11-12bp");
data/prodigal-2.6.3/node.c:1457:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[13], "GGA/GAG/AGG");
data/prodigal-2.6.3/node.c:1458:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[13], "5-10bp");
data/prodigal-2.6.3/node.c:1459:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[14], "GGxGG");
data/prodigal-2.6.3/node.c:1460:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[14], "5-10bp");
data/prodigal-2.6.3/node.c:1461:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[15], "AGGA");
data/prodigal-2.6.3/node.c:1462:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[15], "5-10bp");
data/prodigal-2.6.3/node.c:1463:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[16], "GGAG/GAGG");
data/prodigal-2.6.3/node.c:1464:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[16], "5-10bp");
data/prodigal-2.6.3/node.c:1465:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[17], "AGxAGG/AGGxGG");
data/prodigal-2.6.3/node.c:1466:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[17], "11-12bp");
data/prodigal-2.6.3/node.c:1467:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[18], "AGxAGG/AGGxGG");
data/prodigal-2.6.3/node.c:1468:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[18], "3-4bp");
data/prodigal-2.6.3/node.c:1469:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[19], "AGxAGG/AGGxGG");
data/prodigal-2.6.3/node.c:1470:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[19], "5-10bp");
data/prodigal-2.6.3/node.c:1471:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[20], "AGGAG/GGAGG");
data/prodigal-2.6.3/node.c:1472:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[20], "11-12bp");
data/prodigal-2.6.3/node.c:1473:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[21], "AGGAG");
data/prodigal-2.6.3/node.c:1474:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[21], "3-4bp");
data/prodigal-2.6.3/node.c:1475:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[22], "AGGAG");
data/prodigal-2.6.3/node.c:1476:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[22], "5-10bp");
data/prodigal-2.6.3/node.c:1477:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[23], "GGAGG");
data/prodigal-2.6.3/node.c:1478:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[23], "3-4bp");
data/prodigal-2.6.3/node.c:1479:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[24], "GGAGG");
data/prodigal-2.6.3/node.c:1480:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[24], "5-10bp");
data/prodigal-2.6.3/node.c:1481:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[25], "AGGAGG");
data/prodigal-2.6.3/node.c:1482:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[25], "11-12bp");
data/prodigal-2.6.3/node.c:1483:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[26], "AGGAGG");
data/prodigal-2.6.3/node.c:1484:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[26], "3-4bp");
data/prodigal-2.6.3/node.c:1485:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_string[27], "AGGAGG");
data/prodigal-2.6.3/node.c:1486:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sd_spacer[27], "5-10bp");
data/prodigal-2.6.3/sequence.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE+1];
data/prodigal-2.6.3/sequence.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE+1];
data/prodigal-2.6.3/sequence.c:130:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(new_hdr, "Prodigal_Seq_%d", *sctr+2);
data/prodigal-2.6.3/sequence.c:238:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(i == 0) { sprintf(short_header, "Prodigal_Seq_%d", sctr); }
data/prodigal-2.6.3/sequence.c:626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char letters[4] = { 'A', 'G', 'C', 'T' };
data/prodigal-2.6.3/sequence.c:627:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(len == 0) strcpy(qt, "None");
data/prodigal-2.6.3/training.c:28:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(fn, "rb");
data/prodigal-2.6.3/training.c:41:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(fn, "wb");
data/prodigal-2.6.3/training.c:78:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:182:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:208:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:234:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:260:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:286:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:312:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:364:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:416:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:442:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:468:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:494:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:520:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:546:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:572:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:598:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:624:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:650:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:676:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:702:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:728:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:754:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:780:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:806:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:832:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:858:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:884:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:910:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:936:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:962:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:988:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1014:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1040:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1066:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1092:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1118:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1144:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1170:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1196:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1222:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1274:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1300:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1326:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/training.c:1352:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tptr, &tinf, sizeof(struct _training));
data/prodigal-2.6.3/gene.c:352:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(left, "");
data/prodigal-2.6.3/gene.c:353:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(right, "");
data/prodigal-2.6.3/sequence.c:41:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(hdr == 0 && line[strlen(line)-1] != '\n' && wrn == 0) {
data/prodigal-2.6.3/sequence.c:48:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(line) > 6 && strncmp(line, "ORIGIN", 6) == 0)) {
data/prodigal-2.6.3/sequence.c:70:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < strlen(line); i++) {
data/prodigal-2.6.3/sequence.c:135:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(reading_seq == 0 && line[strlen(line)-1] != '\n' && wrn == 0) {
data/prodigal-2.6.3/sequence.c:141:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(line) > 10 && strncmp(line, "DEFINITION", 10) == 0) {
data/prodigal-2.6.3/sequence.c:144:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_hdr[strlen(cur_hdr)-1] = '\0';
data/prodigal-2.6.3/sequence.c:148:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_hdr[strlen(new_hdr)-1] = '\0';
data/prodigal-2.6.3/sequence.c:152:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(line) > 6 && strncmp(line, "ORIGIN", 6) == 0)) {
data/prodigal-2.6.3/sequence.c:156:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_hdr[strlen(new_hdr)-1] = '\0';
data/prodigal-2.6.3/sequence.c:162:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_hdr[strlen(cur_hdr)-1] = '\0';
data/prodigal-2.6.3/sequence.c:181:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < strlen(line); i++) {
data/prodigal-2.6.3/sequence.c:230:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i = 0; i < strlen(header); i++) {
data/prodigal-2.6.3/sequence.c:233:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(short_header, header, i);
ANALYSIS SUMMARY:
Hits = 296
Lines analyzed = 6078 in approximately 42.30 seconds (144 lines/second)
Physical Source Lines of Code (SLOC) = 4889
Hits@level = [0] 197 [1] 15 [2] 204 [3] 0 [4] 77 [5] 0
Hits@level+ = [0+] 493 [1+] 296 [2+] 281 [3+] 77 [4+] 77 [5+] 0
Hits/KSLOC@level+ = [0+] 100.839 [1+] 60.5441 [2+] 57.476 [3+] 15.7496 [4+] 15.7496 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.