Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c Examining data/python-biopython-1.78+dfsg/Bio/Cluster/cluster.c Examining data/python-biopython-1.78+dfsg/Bio/Cluster/cluster.h Examining data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c Examining data/python-biopython-1.78+dfsg/Bio/Nexus/cnexus.c Examining data/python-biopython-1.78+dfsg/Bio/PDB/QCPSuperimposer/qcprotmodule.c Examining data/python-biopython-1.78+dfsg/Bio/PDB/kdtrees.c Examining data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c Examining data/python-biopython-1.78+dfsg/Bio/motifs/_pwm.c FINAL RESULTS: data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1880:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. n = sprintf(p, " substitution_matrix: <%s object at %p>\n", data/python-biopython-1.78+dfsg/Bio/Cluster/cluster.c:1853:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(initseed); data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1701:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char mapping[128]; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1736:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char mapping[128]; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1756:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(self->mapping, mapping, 128); data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1768:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char mapping[128]; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1802:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(self->mapping, mapping, 128); data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1874:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[1024]; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1877:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(text, "Pairwise sequence aligner with parameters\n"); data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1884:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " match_score: %f\n", self->match); data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1886:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " mismatch_score: %f\n", self->mismatch); data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1890:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " target_gap_function: %%R\n"); data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1894:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " target_internal_open_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1897:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " target_internal_extend_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1900:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " target_left_open_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1903:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " target_left_extend_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1906:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " target_right_open_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1909:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " target_right_extend_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1914:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " query_gap_function: %%R\n"); data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1918:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " query_internal_open_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1921:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " query_internal_extend_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1924:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " query_left_open_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1927:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " query_left_extend_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1930:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " query_right_open_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1933:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(p, " query_right_extend_gap_score: %f\n", data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1938:26: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case Global: n = sprintf(p, " mode: global\n"); break; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1939:25: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case Local: n = sprintf(p, " mode: local\n"); break; data/python-biopython-1.78+dfsg/Bio/Cluster/cluster.c:3418:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newdata[i], data[i], ndata*sizeof(double)); data/python-biopython-1.78+dfsg/Bio/Cluster/cluster.c:3419:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newmask[i], mask[i], ndata*sizeof(int)); data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c:683:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[64]; data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c:685:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "(%d, %d): %g", data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c:930:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[128]; data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c:939:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "(%d, %d): %g", node.left, node.right, node.distance); data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c:24:54: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static double calc_affine_penalty(int length, double open, double extend, data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1683:12: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. double mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1711:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(letters); data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:1886:56: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. n = sprintf(p, " mismatch_score: %f\n", self->mismatch); data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:2017:37: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return PyFloat_FromDouble(self->mismatch); data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:2032:22: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. self->mismatch = mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:5978:69: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. #define COMPARE_SCORE (kA < 0 || kB < 0) ? 0 : (kA == kB) ? match : mismatch data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:5987:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6007:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6027:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6047:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6067:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6087:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6107:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6127:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6187:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6207:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6227:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6247:35: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const double mismatch = self->mismatch; data/python-biopython-1.78+dfsg/Bio/Align/_aligners.c:6300:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. int equal; data/python-biopython-1.78+dfsg/Bio/Cluster/clustermodule.c:940:22: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (i < n-1) strcat(string, "\n"); data/python-biopython-1.78+dfsg/Bio/Nexus/cnexus.c:34:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(scanned=PyMem_RawMalloc(strlen(input)+1))) data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c:41:53: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. double match, double mismatch, data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c:49:58: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. score = (sequenceA[i] == sequenceB[j]) ? match : mismatch; data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c:120:19: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. double match, mismatch; data/python-biopython-1.78+dfsg/Bio/cpairwise2module.c:274:51: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. match, mismatch, ANALYSIS SUMMARY: Hits = 59 Lines analyzed = 16702 in approximately 0.71 seconds (23372 lines/second) Physical Source Lines of Code (SLOC) = 13312 Hits@level = [0] 0 [1] 25 [2] 32 [3] 1 [4] 1 [5] 0 Hits@level+ = [0+] 59 [1+] 59 [2+] 34 [3+] 2 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 4.43209 [1+] 4.43209 [2+] 2.55409 [3+] 0.15024 [4+] 0.0751202 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.