Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.h
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/mmath.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/update.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/dpalphaprey.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/meancounts.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/setparam.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/dpalphaIP.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/likelihood.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/mmath.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/dpmu.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/setsummary.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/setprior.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/printmap.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/dpeta.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/mcmc.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/dpeta0.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.h
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/dpalphaprey.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/meancounts.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/setparam.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/dpalphaIP.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/likelihood.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/mmath.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/dpmu.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/setsummary.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/setprior.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/printmap.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/dpeta.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/mcmc.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/dpeta0.c
Examining data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.h
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/dpalphaprey.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/meancounts.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/setparam.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/dpalphaIP.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/likelihood.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/mmath.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/dpmu.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/setsummary.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/setprior.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/printmap.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/dpeta.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/mcmc.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/dpeta0.c
Examining data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.h
Examining data/saint-2.5.0+dfsg/src/SAINTreformat/saint.h
Examining data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c
Examining data/saint-2.5.0+dfsg/src/SAINTreformat/mapping.c
Examining data/saint-2.5.0+dfsg/src/SAINTreformat/printmap.c
Examining data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c
Examining data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c
Examining data/saint-2.5.0+dfsg/src/SAINTreformat/append.c
FINAL RESULTS:
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:28:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:29:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->ip[i], buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:30:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:31:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->bait[i], buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:32:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:33:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->prey[i], buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:34:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:131:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->uprey[cur], data->prey[i]);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:132:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->ubait[cur], data->bait[i]);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:328:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:329:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->PREY[i], buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:331:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:332:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->PREYGENE[i], buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:357:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp[cur], data->BAIT[i]);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:389:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for(i=0;i<data->nbait;i++) strcpy(data->BAIT[i], temp[i]);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:517:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, data->BAIT[data->IP2b[i]]);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:562:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:563:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->IP[i], buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:564:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:565:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->BAIT[i], buf); /* not unique at this point */
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:566:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:142:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir LOG"); /* error logs */
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:143:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir MAPPING"); /* mapping logs */
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:144:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir MCMC"); /* posterior samples */
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:145:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir RESULT"); /* posterior probabilities, other summaries */
data/saint-2.5.0+dfsg/src/SAINTreformat/append.c:39:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for(i=0;i<nIP;i++) strcpy(IP[i], data->IP[data->b2IP[j][i]]);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:67:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:68:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->ip[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:69:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(allInter[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:71:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:72:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->bait[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:73:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:74:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->prey[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:75:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(allInter[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:76:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:95:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t_prey[cur], data->prey[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:96:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t_bait[cur], data->bait[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:97:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t_ip[cur], data->ip[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:104:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->prey[i], t_prey[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:105:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->bait[i], t_bait[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:106:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->ip[i], t_ip[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:139:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:144:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->PREY[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:147:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:151:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:152:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->PREYGENE[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:176:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(uniquePreyGene[j], data->PREYGENE[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:204:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t_preyname[cur], uniquePrey[j]);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:213:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->PREY[i], t_preyname[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:246:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:247:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->IP[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:248:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:249:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->BAIT[i], buf); /* not unique at this point */
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:250:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/mapping.c:56:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->uprey[cur], data->prey[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/mapping.c:57:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->ubait[cur], data->bait[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/mapping.c:141:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(uniq[j], x[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/mapping.c:277:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp[cur], data->BAIT[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/mapping.c:303:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for(i=0;i<data->nbait;i++) strcpy(data->BAIT[i], temp[i]);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:26:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:30:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->PREY[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:32:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:35:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:36:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->PREYGENE[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:62:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:63:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->IP[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:64:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:65:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->BAIT[i], buf); /* not unique at this point */
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:66:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:97:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:98:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->ip[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:99:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:100:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->bait[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:101:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:102:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->prey[i], buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:103:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c:103:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("rm -rf interaction.intermediate");
data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c:129:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir reformat_log"); /* mapping logs */
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:28:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:29:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->ip[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:30:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:31:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->bait[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:32:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:33:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->prey[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:34:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:102:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->uprey[cur], data->prey[i]);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:103:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->ubait[cur], data->bait[i]);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:297:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:298:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->PREY[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:299:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:303:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:304:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->PREYGENE[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:330:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp[cur], data->BAIT[i]);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:362:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for(i=0;i<data->nbait;i++) strcpy(data->BAIT[i], temp[i]);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:490:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, data->BAIT[data->IP2b[i]]);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:535:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:536:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->IP[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:537:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:538:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->BAIT[i], buf); /* not unique at this point */
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:539:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:151:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir LOG"); /* error logs */
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:152:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir MAPPING"); /* mapping logs */
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:153:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir MCMC"); /* posterior samples */
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:154:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir RESULT"); /* posterior probabilities, other summaries */
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:95:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
for(j=0;j<4;j++) fscanf(fp,"%s",buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:97:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp,"%s",buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:98:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->experiment[j], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:101:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
for(j=0;j<4;j++) fscanf(fp,"%s",buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:103:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp,"%s",buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:104:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->bait[j], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:107:20: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
for(j=0;j<4;j++) fscanf(fp,"%s",buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:109:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp,"%s",buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:119:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp,"%s",buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:120:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->prey[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:121:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp,"%s",buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:123:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp,"%s",buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:125:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp,"%s",buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:128:7: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fp,"%s",buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:135:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->unique[cur], data->bait[cur]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:143:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->unique[cur], data->bait[j]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:75:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prob, argv[2]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:78:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list, argv[2]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:81:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fbait, argv[2]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:84:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fprey, argv[2]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:87:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fmu, argv[2]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:90:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iprob, argv[2]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:27:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:28:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->ip[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:29:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:30:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->bait[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:31:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:32:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->prey[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:33:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpinter, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:103:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->uprey[cur], data->prey[i]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:104:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->ubait[cur], data->bait[i]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:301:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:302:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->PREY[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:303:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:307:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpprey, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:308:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->PREYGENE[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:333:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp[cur], data->BAIT[i]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:365:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for(i=0;i<data->nbait;i++) strcpy(data->BAIT[i], temp[i]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:492:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, data->BAIT[data->IP2b[i]]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:537:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:538:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->IP[i], buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:539:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:540:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->BAIT[i], buf); /* not unique at this point */
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:541:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(fpbait, "%s", buf);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:177:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir LOG"); /* error logs */
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:178:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir MAPPING"); /* mapping logs */
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:179:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir MCMC"); /* posterior samples */
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:180:3: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("mkdir RESULT"); /* posterior probabilities, other summaries */
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:10:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:276:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp1 = fopen("PreysNotInData", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:295:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp2 = fopen("PreysNotInList", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:312:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:345:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[data->nIP][256];
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:473:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp1 = fopen("IPNotInData", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:492:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp2 = fopen("IPNotInList", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:508:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/initdata.c:546:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/printmap.c:5:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("interaction","w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/printmap.c:17:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("unique_interaction","w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/printmap.c:40:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("IP","w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/printmap.c:61:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("bait","w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/printmap.c:87:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("prey","w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:9:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("interactions", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:25:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("unique_interactions", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:105:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("preys", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:115:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("IPs", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:125:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("baits", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:163:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp1 = fopen("hist_alpha_prey", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:164:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp2 = fopen("hist_alpha_IP", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:165:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp3 = fopen("hist_mu", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:166:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp4 = fopen("hist_eta", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:167:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp5 = fopen("hist_eta0", "w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:200:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("matrix_form","w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/result.c:304:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("matrix_form_short","w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:4:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:76:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpinter = fopen(argv[1], "r");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:77:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpprey = fopen(argv[2], "r");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:78:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpbait = fopen(argv[3], "r");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:100:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*burn = atoi(argv[4]);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:108:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*iter = atoi(argv[5]);
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:135:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpinter = fopen(argv[1], "r");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:136:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpprey = fopen(argv[2], "r");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:137:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpbait = fopen(argv[3], "r");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:161:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp1 = fopen("alpha_prey","w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:162:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp2 = fopen("alpha_IP","w");
data/saint-2.5.0+dfsg/src/SAINTint-ctrl/saint.c:163:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp3 = fopen("mu","w");
data/saint-2.5.0+dfsg/src/SAINTreformat/append.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IP[500][500]; /* should be enough */
data/saint-2.5.0+dfsg/src/SAINTreformat/append.c:35:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("interaction.new","w");
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10000];
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:148:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->preyLen[i] = atoi(buf); /* not unique at this point */
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:198:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpp = fopen("prey.new", "w");
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:315:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpi = fopen("interaction.intermediate", "w");
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:345:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpb = fopen("bait.new", "w");
data/saint-2.5.0+dfsg/src/SAINTreformat/mapping.c:226:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp1 = fopen("PreysNotInData", "w");
data/saint-2.5.0+dfsg/src/SAINTreformat/mapping.c:245:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp2 = fopen("PreysNotInList", "w");
data/saint-2.5.0+dfsg/src/SAINTreformat/mapping.c:265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[data->nIP][256];
data/saint-2.5.0+dfsg/src/SAINTreformat/mapping.c:386:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp1 = fopen("IPNotInData", "w");
data/saint-2.5.0+dfsg/src/SAINTreformat/mapping.c:405:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp2 = fopen("IPNotInList", "w");
data/saint-2.5.0+dfsg/src/SAINTreformat/printmap.c:5:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("interaction","w");
data/saint-2.5.0+dfsg/src/SAINTreformat/printmap.c:17:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("unique_interaction","w");
data/saint-2.5.0+dfsg/src/SAINTreformat/printmap.c:40:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("IP","w");
data/saint-2.5.0+dfsg/src/SAINTreformat/printmap.c:61:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("bait","w");
data/saint-2.5.0+dfsg/src/SAINTreformat/printmap.c:87:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("prey","w");
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:7:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10000];
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:14:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpprey = fopen("prey.new", "r");
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:33:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data->preyLen[i] = atoi(buf); /* not unique at this point */
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:45:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpbait = fopen("bait.new", "r");
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:80:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpinter = fopen("interaction.intermediate", "r");
data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c:4:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c:51:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpinter = fopen(argv[1], "r");
data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c:52:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpprey = fopen(argv[2], "r");
data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c:53:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpbait = fopen(argv[3], "r");
data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c:54:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argc == 5) data->_K_ = atoi(argv[4]);
data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c:121:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpinter = fopen(argv[1], "r");
data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c:122:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpprey = fopen(argv[2], "r");
data/saint-2.5.0+dfsg/src/SAINTreformat/saint.c:123:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpbait = fopen(argv[3], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:8:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:247:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp1 = fopen("PreysNotInData", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:266:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp2 = fopen("PreysNotInList", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[data->nIP][256];
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:446:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp1 = fopen("IPNotInData", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:465:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp2 = fopen("IPNotInList", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:481:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/initdata.c:519:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/printmap.c:5:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("interaction","w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/printmap.c:17:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("unique_interaction","w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/printmap.c:40:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("IP","w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/printmap.c:61:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("bait","w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/printmap.c:87:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("prey","w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:9:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("interactions", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:26:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("unique_interactions", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:90:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("preys", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:100:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("IPs", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:110:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("baits", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:148:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp1 = fopen("hist_alpha_prey", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:149:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp2 = fopen("hist_alpha_IP", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:150:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp3 = fopen("hist_mu", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:151:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp4 = fopen("hist_eta", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:152:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp5 = fopen("hist_eta0", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:185:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("matrix_form","w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/result.c:288:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("matrix_form_short","w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:4:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:93:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpinter = fopen(argv[1], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:94:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpprey = fopen(argv[2], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:95:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpbait = fopen(argv[3], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:112:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
burn = atoi(argv[4]);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:113:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iter = atoi(argv[5]);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:114:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lowMode = atoi(argv[6]);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:115:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minFold = atoi(argv[7]);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:116:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
NORMALIZE = atoi(argv[8]);
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:144:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpinter = fopen(argv[1], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:145:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpprey = fopen(argv[2], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:146:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpbait = fopen(argv[3], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:167:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp1 = fopen("alpha_prey","w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:168:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp2 = fopen("alpha_IP","w");
data/saint-2.5.0+dfsg/src/SAINTspc-ctrl/saint.c:169:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp3 = fopen("mu","w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/init_data.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[_MAX_BUF_];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:4:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prob[_MAX_BUF_];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbait[_MAX_BUF_];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fprey[_MAX_BUF_];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmu[_MAX_BUF_];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char list[_MAX_BUF_];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iprob[_MAX_BUF_];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:66:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpi = fopen(argv[1], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:73:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(argv[1], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:74:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_output = fopen(argv[2], "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:76:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(prob, "_prob");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:77:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_outprob = fopen(prob, "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:79:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(list, "_list");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:80:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_list = fopen(list, "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:82:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fbait, "_alpha_bait");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:83:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpbait = fopen(fbait, "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:85:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fprey, "_alpha_prey");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:86:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpprey = fopen(fprey, "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:88:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(fmu, "_mu_prey");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:89:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpmu = fopen(fmu, "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:91:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(iprob, "_iprob");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:92:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_iprob = fopen(iprob, "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:94:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
burn = atoi(argv[3]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:95:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iter = atoi(argv[4]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:98:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(argv[6]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:103:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(argv[7]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl-matrix/saint.c:108:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(argv[8]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:8:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:248:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp1 = fopen("PreysNotInData", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:267:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp2 = fopen("PreysNotInList", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:284:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[data->nIP][500];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:448:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp1 = fopen("IPNotInData", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:467:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fptemp2 = fopen("IPNotInList", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:483:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/initdata.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/printmap.c:5:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("interaction","w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/printmap.c:17:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("unique_interaction","w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/printmap.c:40:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("IP","w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/printmap.c:61:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("bait","w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/printmap.c:87:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("prey","w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:9:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("interactions", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:25:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("unique_interactions", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:77:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("preys", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:87:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("IPs", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:97:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("baits", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:135:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp1 = fopen("hist_alpha_prey", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:136:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp2 = fopen("hist_alpha_IP", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:137:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp3 = fopen("hist_mu", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:138:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp4 = fopen("hist_eta", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:139:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp5 = fopen("hist_eta0", "w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:172:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("matrix_form","w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/result.c:240:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("matrix_form_short","w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:4:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10000];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:23:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10000];
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:78:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpinter = fopen(argv[1], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:79:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpprey = fopen(argv[2], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:80:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpbait = fopen(argv[3], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:102:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
burn = atoi(argv[4]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:110:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iter = atoi(argv[5]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:134:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modelvar = atoi(argv[8]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:142:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
NORMALIZE = atoi(argv[9]);
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:170:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpinter = fopen(argv[1], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:171:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpprey = fopen(argv[2], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:172:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fpbait = fopen(argv[3], "r");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:197:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp1 = fopen("alpha_prey","w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:198:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp2 = fopen("alpha_IP","w");
data/saint-2.5.0+dfsg/src/SAINTspc-noctrl/saint.c:199:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp3 = fopen("mu","w");
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:70:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(allInter[i], " ");
data/saint-2.5.0+dfsg/src/SAINTreformat/initdata.c:140:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) > 500) {
data/saint-2.5.0+dfsg/src/SAINTreformat/remap.c:27:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) > 500) {
ANALYSIS SUMMARY:
Hits = 337
Lines analyzed = 13699 in approximately 0.50 seconds (27574 lines/second)
Physical Source Lines of Code (SLOC) = 10985
Hits@level = [0] 571 [1] 3 [2] 182 [3] 0 [4] 152 [5] 0
Hits@level+ = [0+] 908 [1+] 337 [2+] 334 [3+] 152 [4+] 152 [5+] 0
Hits/KSLOC@level+ = [0+] 82.6582 [1+] 30.6782 [2+] 30.4051 [3+] 13.8371 [4+] 13.8371 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.