Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c
Examining data/python-biopython-1.78+dfsg/Bio/Cluster/cluster.c
Examining data/python-biopython-1.78+dfsg/Bio/Cluster/cluster.h
Examining data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c
Examining data/python-biopython-1.78+dfsg/Bio/Nexus/cnexus.c
Examining data/python-biopython-1.78+dfsg/Bio/PDB/QCPSuperimposer/qcprotmodule.c
Examining data/python-biopython-1.78+dfsg/Bio/PDB/kdtrees.c
Examining data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c
Examining data/python-biopython-1.78+dfsg/Bio/motifs/_pwm.c
FINAL RESULTS:
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1880:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(p, " substitution_matrix: <%s object at %p>\n",
data/python-biopython-1.78+dfsg/Bio/Cluster/cluster.c:1853:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(initseed);
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1701:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char mapping[128];
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1736:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char mapping[128];
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1756:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->mapping, mapping, 128);
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1768:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char mapping[128];
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1802:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->mapping, mapping, 128);
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1874:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1877:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(text, "Pairwise sequence aligner with parameters\n");
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1884:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " match_score: %f\n", self->match);
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1886:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " mismatch_score: %f\n", self->mismatch);
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1890:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " target_gap_function: %%R\n");
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1894:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " target_internal_open_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1897:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " target_internal_extend_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1900:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " target_left_open_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1903:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " target_left_extend_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1906:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " target_right_open_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1909:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " target_right_extend_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1914:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " query_gap_function: %%R\n");
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1918:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " query_internal_open_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1921:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " query_internal_extend_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1924:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " query_left_open_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1927:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " query_left_extend_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1930:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " query_right_open_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1933:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, " query_right_extend_gap_score: %f\n",
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1938:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case Global: n = sprintf(p, " mode: global\n"); break;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1939:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case Local: n = sprintf(p, " mode: local\n"); break;
data/python-biopython-1.78+dfsg/Bio/Cluster/cluster.c:3418:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newdata[i], data[i], ndata*sizeof(double));
data/python-biopython-1.78+dfsg/Bio/Cluster/cluster.c:3419:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newmask[i], mask[i], ndata*sizeof(int));
data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c:683:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[64];
data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c:685:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "(%d, %d): %g",
data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c:930:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[128];
data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c:939:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "(%d, %d): %g", node.left, node.right, node.distance);
data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c:24:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static double calc_affine_penalty(int length, double open, double extend,
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1683:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
double mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1711:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(letters);
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1886:56: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
n = sprintf(p, " mismatch_score: %f\n", self->mismatch);
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:2017:37: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return PyFloat_FromDouble(self->mismatch);
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:2032:22: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
self->mismatch = mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:5978:69: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#define COMPARE_SCORE (kA < 0 || kB < 0) ? 0 : (kA == kB) ? match : mismatch
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:5987:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6007:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6027:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6047:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6067:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6087:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6107:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6127:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6187:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6207:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6227:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6247:35: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const double mismatch = self->mismatch;
data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6300:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int equal;
data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c:940:22: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (i < n-1) strcat(string, "\n");
data/python-biopython-1.78+dfsg/Bio/Nexus/cnexus.c:34:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(scanned=PyMem_RawMalloc(strlen(input)+1)))
data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c:41:53: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
double match, double mismatch,
data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c:49:58: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
score = (sequenceA[i] == sequenceB[j]) ? match : mismatch;
data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c:120:19: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
double match, mismatch;
data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c:274:51: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
match, mismatch,
ANALYSIS SUMMARY:
Hits = 59
Lines analyzed = 16702 in approximately 0.71 seconds (23372 lines/second)
Physical Source Lines of Code (SLOC) = 13312
Hits@level = [0] 0 [1] 25 [2] 32 [3] 1 [4] 1 [5] 0
Hits@level+ = [0+] 59 [1+] 59 [2+] 34 [3+] 2 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 4.43209 [1+] 4.43209 [2+] 2.55409 [3+] 0.15024 [4+] 0.0751202 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.