Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/prodigal-2.6.3/bitmap.c Examining data/prodigal-2.6.3/bitmap.h Examining data/prodigal-2.6.3/dprog.c Examining data/prodigal-2.6.3/dprog.h Examining data/prodigal-2.6.3/gene.c Examining data/prodigal-2.6.3/gene.h Examining data/prodigal-2.6.3/main.c Examining data/prodigal-2.6.3/metagenomic.c Examining data/prodigal-2.6.3/metagenomic.h Examining data/prodigal-2.6.3/node.c Examining data/prodigal-2.6.3/node.h Examining data/prodigal-2.6.3/sequence.c Examining data/prodigal-2.6.3/sequence.h Examining data/prodigal-2.6.3/training.c Examining data/prodigal-2.6.3/training.h FINAL RESULTS: data/prodigal-2.6.3/gene.c:278:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(genes[i].gene_data, "ID=%d_%d;partial=%d%d;start_type=%s;", sctr, data/prodigal-2.6.3/gene.c:286:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(genes[i].gene_data, "%srbs_motif=%s;rbs_spacer=%s", data/prodigal-2.6.3/gene.c:290:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(genes[i].gene_data, "%srbs_motif=%s;rbs_spacer=%s", data/prodigal-2.6.3/gene.c:298:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(genes[i].gene_data, "%srbs_motif=%s;rbs_spacer=%s", data/prodigal-2.6.3/gene.c:303:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(genes[i].gene_data, "%srbs_motif=%s;rbs_spacer=%s", data/prodigal-2.6.3/gene.c:307:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(genes[i].gene_data, "%srbs_motif=None;rbs_spacer=None", data/prodigal-2.6.3/gene.c:309:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf(genes[i].gene_data, "%srbs_motif=%s;rbs_spacer=%dbp", data/prodigal-2.6.3/gene.c:312:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(genes[i].gene_data, "%s;gc_cont=%.3f", genes[i].gene_data, data/prodigal-2.6.3/gene.c:322:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(genes[i].score_data, "%stscore=%.2f;", genes[i].score_data, data/prodigal-2.6.3/gene.c:338:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(seq_data, "seqnum=%d;seqlen=%d;seqhdr=\"%s\"", sctr, slen, header); data/prodigal-2.6.3/gene.c:342:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(run_data, "version=Prodigal.v%s;run_type=Single;", version); data/prodigal-2.6.3/gene.c:343:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(run_data, "%smodel=\"Ab initio\";", run_data); data/prodigal-2.6.3/gene.c:346:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(run_data, "version=Prodigal.v%s;run_type=Metagenomic;", version); data/prodigal-2.6.3/gene.c:347:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(run_data, "%smodel=\"%s\";", run_data, mdesc); data/prodigal-2.6.3/gene.c:349:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(run_data, "%sgc_cont=%.2f;transl_table=%d;uses_sd=%d", run_data, data/prodigal-2.6.3/main.c:593:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cur_header, new_header); data/prodigal-2.6.3/metagenomic.c:78:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[0].desc, "%d|%s|%s|%.1f|%d|%d", 0, data/prodigal-2.6.3/metagenomic.c:81:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[1].desc, "%d|%s|%s|%.1f|%d|%d", 1, data/prodigal-2.6.3/metagenomic.c:84:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[2].desc, "%d|%s|%s|%.1f|%d|%d", 2, data/prodigal-2.6.3/metagenomic.c:87:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[3].desc, "%d|%s|%s|%.1f|%d|%d", 3, data/prodigal-2.6.3/metagenomic.c:90:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[4].desc, "%d|%s|%s|%.1f|%d|%d", 4, data/prodigal-2.6.3/metagenomic.c:93:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[5].desc, "%d|%s|%s|%.1f|%d|%d", 5, data/prodigal-2.6.3/metagenomic.c:96:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[6].desc, "%d|%s|%s|%.1f|%d|%d", 6, data/prodigal-2.6.3/metagenomic.c:99:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[7].desc, "%d|%s|%s|%.1f|%d|%d", 7, data/prodigal-2.6.3/metagenomic.c:102:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[8].desc, "%d|%s|%s|%.1f|%d|%d", 8, data/prodigal-2.6.3/metagenomic.c:105:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[9].desc, "%d|%s|%s|%.1f|%d|%d", 9, data/prodigal-2.6.3/metagenomic.c:108:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[10].desc, "%d|%s|%s|%.1f|%d|%d", 10, data/prodigal-2.6.3/metagenomic.c:111:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[11].desc, "%d|%s|%s|%.1f|%d|%d", 11, data/prodigal-2.6.3/metagenomic.c:114:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[12].desc, "%d|%s|%s|%.1f|%d|%d", 12, data/prodigal-2.6.3/metagenomic.c:117:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[13].desc, "%d|%s|%s|%.1f|%d|%d", 13, data/prodigal-2.6.3/metagenomic.c:120:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[14].desc, "%d|%s|%s|%.1f|%d|%d", 14, data/prodigal-2.6.3/metagenomic.c:123:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[15].desc, "%d|%s|%s|%.1f|%d|%d", 15, data/prodigal-2.6.3/metagenomic.c:126:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[16].desc, "%d|%s|%s|%.1f|%d|%d", 16, data/prodigal-2.6.3/metagenomic.c:129:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[17].desc, "%d|%s|%s|%.1f|%d|%d", 17, data/prodigal-2.6.3/metagenomic.c:132:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[18].desc, "%d|%s|%s|%.1f|%d|%d", 18, data/prodigal-2.6.3/metagenomic.c:135:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[19].desc, "%d|%s|%s|%.1f|%d|%d", 19, data/prodigal-2.6.3/metagenomic.c:138:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[20].desc, "%d|%s|%s|%.1f|%d|%d", 20, data/prodigal-2.6.3/metagenomic.c:141:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[21].desc, "%d|%s|%s|%.1f|%d|%d", 21, data/prodigal-2.6.3/metagenomic.c:144:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[22].desc, "%d|%s|%s|%.1f|%d|%d", 22, data/prodigal-2.6.3/metagenomic.c:147:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[23].desc, "%d|%s|%s|%.1f|%d|%d", 23, data/prodigal-2.6.3/metagenomic.c:150:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[24].desc, "%d|%s|%s|%.1f|%d|%d", 24, data/prodigal-2.6.3/metagenomic.c:153:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[25].desc, "%d|%s|%s|%.1f|%d|%d", 25, data/prodigal-2.6.3/metagenomic.c:156:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[26].desc, "%d|%s|%s|%.1f|%d|%d", 26, data/prodigal-2.6.3/metagenomic.c:159:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[27].desc, "%d|%s|%s|%.1f|%d|%d", 27, data/prodigal-2.6.3/metagenomic.c:162:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[28].desc, "%d|%s|%s|%.1f|%d|%d", 28, data/prodigal-2.6.3/metagenomic.c:165:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[29].desc, "%d|%s|%s|%.1f|%d|%d", 29, data/prodigal-2.6.3/metagenomic.c:168:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[30].desc, "%d|%s|%s|%.1f|%d|%d", 30, data/prodigal-2.6.3/metagenomic.c:171:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[31].desc, "%d|%s|%s|%.1f|%d|%d", 31, data/prodigal-2.6.3/metagenomic.c:174:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[32].desc, "%d|%s|%s|%.1f|%d|%d", 32, data/prodigal-2.6.3/metagenomic.c:177:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[33].desc, "%d|%s|%s|%.1f|%d|%d", 33, data/prodigal-2.6.3/metagenomic.c:180:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[34].desc, "%d|%s|%s|%.1f|%d|%d", 34, data/prodigal-2.6.3/metagenomic.c:183:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[35].desc, "%d|%s|%s|%.1f|%d|%d", 35, data/prodigal-2.6.3/metagenomic.c:186:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[36].desc, "%d|%s|%s|%.1f|%d|%d", 36, data/prodigal-2.6.3/metagenomic.c:189:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[37].desc, "%d|%s|%s|%.1f|%d|%d", 37, data/prodigal-2.6.3/metagenomic.c:192:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[38].desc, "%d|%s|%s|%.1f|%d|%d", 38, data/prodigal-2.6.3/metagenomic.c:195:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[39].desc, "%d|%s|%s|%.1f|%d|%d", 39, data/prodigal-2.6.3/metagenomic.c:198:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[40].desc, "%d|%s|%s|%.1f|%d|%d", 40, data/prodigal-2.6.3/metagenomic.c:201:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[41].desc, "%d|%s|%s|%.1f|%d|%d", 41, data/prodigal-2.6.3/metagenomic.c:204:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[42].desc, "%d|%s|%s|%.1f|%d|%d", 42, data/prodigal-2.6.3/metagenomic.c:207:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[43].desc, "%d|%s|%s|%.1f|%d|%d", 43, data/prodigal-2.6.3/metagenomic.c:210:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[44].desc, "%d|%s|%s|%.1f|%d|%d", 44, data/prodigal-2.6.3/metagenomic.c:213:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[45].desc, "%d|%s|%s|%.1f|%d|%d", 45, data/prodigal-2.6.3/metagenomic.c:216:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[46].desc, "%d|%s|%s|%.1f|%d|%d", 46, data/prodigal-2.6.3/metagenomic.c:219:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[47].desc, "%d|%s|%s|%.1f|%d|%d", 47, data/prodigal-2.6.3/metagenomic.c:222:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[48].desc, "%d|%s|%s|%.1f|%d|%d", 48, data/prodigal-2.6.3/metagenomic.c:225:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(meta[49].desc, "%d|%s|%s|%.1f|%d|%d", 49, data/prodigal-2.6.3/node.c:1417:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(seq_data, "seqnum=%d;seqlen=%d;seqhdr=\"%s\"", sctr, slen, header); data/prodigal-2.6.3/node.c:1421:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(run_data, "version=Prodigal.v%s;run_type=Single;", version); data/prodigal-2.6.3/node.c:1422:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(run_data, "%smodel=\"Ab initio\";", run_data); data/prodigal-2.6.3/node.c:1425:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(run_data, "version=Prodigal.v%s;run_type=Metagenomic;", version); data/prodigal-2.6.3/node.c:1426:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(run_data, "%smodel=\"%s\";", run_data, mdesc); data/prodigal-2.6.3/node.c:1428:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(run_data, "%sgc_cont=%.2f;transl_table=%d;uses_sd=%d", run_data, data/prodigal-2.6.3/sequence.c:143:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cur_hdr, line+12); data/prodigal-2.6.3/sequence.c:147:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_hdr, line+12); data/prodigal-2.6.3/sequence.c:155:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new_hdr, line+1); data/prodigal-2.6.3/sequence.c:161:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cur_hdr, line+1); data/prodigal-2.6.3/sequence.c:229:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(short_header, header); data/prodigal-2.6.3/gene.c:201:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sd_string[28][100], sd_spacer[28][20], qt[10]; data/prodigal-2.6.3/gene.c:202:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_string[4][5] = { "ATG", "GTG", "TTG" , "Edge" }; data/prodigal-2.6.3/gene.c:205:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[0], "None"); data/prodigal-2.6.3/gene.c:206:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[0], "None"); data/prodigal-2.6.3/gene.c:207:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[1], "GGA/GAG/AGG"); data/prodigal-2.6.3/gene.c:208:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[1], "3-4bp"); data/prodigal-2.6.3/gene.c:209:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[2], "3Base/5BMM"); data/prodigal-2.6.3/gene.c:210:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[2], "13-15bp"); data/prodigal-2.6.3/gene.c:211:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[3], "4Base/6BMM"); data/prodigal-2.6.3/gene.c:212:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[3], "13-15bp"); data/prodigal-2.6.3/gene.c:213:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[4], "AGxAG"); data/prodigal-2.6.3/gene.c:214:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[4], "11-12bp"); data/prodigal-2.6.3/gene.c:215:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[5], "AGxAG"); data/prodigal-2.6.3/gene.c:216:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[5], "3-4bp"); data/prodigal-2.6.3/gene.c:217:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[6], "GGA/GAG/AGG"); data/prodigal-2.6.3/gene.c:218:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[6], "11-12bp"); data/prodigal-2.6.3/gene.c:219:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[7], "GGxGG"); data/prodigal-2.6.3/gene.c:220:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[7], "11-12bp"); data/prodigal-2.6.3/gene.c:221:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[8], "GGxGG"); data/prodigal-2.6.3/gene.c:222:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[8], "3-4bp"); data/prodigal-2.6.3/gene.c:223:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[9], "AGxAG"); data/prodigal-2.6.3/gene.c:224:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[9], "5-10bp"); data/prodigal-2.6.3/gene.c:225:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[10], "AGGAG(G)/GGAGG"); data/prodigal-2.6.3/gene.c:226:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[10], "13-15bp"); data/prodigal-2.6.3/gene.c:227:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[11], "AGGA/GGAG/GAGG"); data/prodigal-2.6.3/gene.c:228:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[11], "3-4bp"); data/prodigal-2.6.3/gene.c:229:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[12], "AGGA/GGAG/GAGG"); data/prodigal-2.6.3/gene.c:230:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[12], "11-12bp"); data/prodigal-2.6.3/gene.c:231:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[13], "GGA/GAG/AGG"); data/prodigal-2.6.3/gene.c:232:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[13], "5-10bp"); data/prodigal-2.6.3/gene.c:233:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[14], "GGxGG"); data/prodigal-2.6.3/gene.c:234:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[14], "5-10bp"); data/prodigal-2.6.3/gene.c:235:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[15], "AGGA"); data/prodigal-2.6.3/gene.c:236:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[15], "5-10bp"); data/prodigal-2.6.3/gene.c:237:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[16], "GGAG/GAGG"); data/prodigal-2.6.3/gene.c:238:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[16], "5-10bp"); data/prodigal-2.6.3/gene.c:239:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[17], "AGxAGG/AGGxGG"); data/prodigal-2.6.3/gene.c:240:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[17], "11-12bp"); data/prodigal-2.6.3/gene.c:241:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[18], "AGxAGG/AGGxGG"); data/prodigal-2.6.3/gene.c:242:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[18], "3-4bp"); data/prodigal-2.6.3/gene.c:243:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[19], "AGxAGG/AGGxGG"); data/prodigal-2.6.3/gene.c:244:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[19], "5-10bp"); data/prodigal-2.6.3/gene.c:245:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[20], "AGGAG/GGAGG"); data/prodigal-2.6.3/gene.c:246:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[20], "11-12bp"); data/prodigal-2.6.3/gene.c:247:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[21], "AGGAG"); data/prodigal-2.6.3/gene.c:248:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[21], "3-4bp"); data/prodigal-2.6.3/gene.c:249:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[22], "AGGAG"); data/prodigal-2.6.3/gene.c:250:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[22], "5-10bp"); data/prodigal-2.6.3/gene.c:251:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[23], "GGAGG"); data/prodigal-2.6.3/gene.c:252:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[23], "3-4bp"); data/prodigal-2.6.3/gene.c:253:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[24], "GGAGG"); data/prodigal-2.6.3/gene.c:254:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[24], "5-10bp"); data/prodigal-2.6.3/gene.c:255:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[25], "AGGAGG"); data/prodigal-2.6.3/gene.c:256:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[25], "11-12bp"); data/prodigal-2.6.3/gene.c:257:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[26], "AGGAGG"); data/prodigal-2.6.3/gene.c:258:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[26], "3-4bp"); data/prodigal-2.6.3/gene.c:259:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[27], "AGGAGG"); data/prodigal-2.6.3/gene.c:260:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[27], "5-10bp"); data/prodigal-2.6.3/gene.c:318:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(genes[i].score_data, data/prodigal-2.6.3/gene.c:334:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char left[50], right[50]; data/prodigal-2.6.3/gene.c:335:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq_data[MAX_LINE*2], run_data[MAX_LINE]; data/prodigal-2.6.3/gene.c:376:30: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(nod[ndx].edge == 1) sprintf(left, "<%d", genes[i].begin); data/prodigal-2.6.3/gene.c:377:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(left, "%d", genes[i].begin); data/prodigal-2.6.3/gene.c:378:31: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(nod[sndx].edge == 1) sprintf(right, ">%d", genes[i].end); data/prodigal-2.6.3/gene.c:379:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(right, "%d", genes[i].end); data/prodigal-2.6.3/gene.c:402:31: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(nod[sndx].edge == 1) sprintf(left, "<%d", genes[i].begin); data/prodigal-2.6.3/gene.c:403:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(left, "%d", genes[i].begin); data/prodigal-2.6.3/gene.c:404:30: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(nod[ndx].edge == 1) sprintf(right, ">%d", genes[i].end); data/prodigal-2.6.3/gene.c:405:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(right, "%d", genes[i].end); data/prodigal-2.6.3/gene.h:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gene_data[500]; /* String containing gene information */ data/prodigal-2.6.3/gene.h:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char score_data[500]; /* String containing scoring information */ data/prodigal-2.6.3/main.c:48:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *input_file, *output_file, input_copy[MAX_LINE]; data/prodigal-2.6.3/main.c:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cur_header[MAX_LINE], new_header[MAX_LINE], short_header[MAX_LINE]; data/prodigal-2.6.3/main.c:77:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(meta[i].desc, "None"); data/prodigal-2.6.3/main.c:97:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(input_copy, "tmp.prodigal.stdin.%d", pid); data/prodigal-2.6.3/main.c:156:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tinf.trans_table = atoi(argv[i+1]); data/prodigal-2.6.3/main.c:252:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). input_ptr = fopen(input_file, "r"); data/prodigal-2.6.3/main.c:259:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). output_ptr = fopen(output_file, "w"); data/prodigal-2.6.3/main.c:266:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). start_ptr = fopen(start_file, "w"); data/prodigal-2.6.3/main.c:273:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). trans_ptr = fopen(trans_file, "w"); data/prodigal-2.6.3/main.c:281:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). nuc_ptr = fopen(nuc_file, "w"); data/prodigal-2.6.3/main.c:460:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cur_header, "Prodigal_Seq_1"); data/prodigal-2.6.3/main.c:461:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(new_header, "Prodigal_Seq_2"); data/prodigal-2.6.3/main.c:594:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(new_header, "Prodigal_Seq_%d\n", num_seq+1); data/prodigal-2.6.3/main.c:683:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAX_LINE+1]; data/prodigal-2.6.3/main.c:690:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). wp = fopen(path, "w"); data/prodigal-2.6.3/metagenomic.h:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[500]; /* Text description of this bin */ data/prodigal-2.6.3/node.c:1412:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sd_string[28][100], sd_spacer[28][20], qt[10]; data/prodigal-2.6.3/node.c:1413:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_string[4][5] = { "ATG", "GTG", "TTG" , "Edge" }; data/prodigal-2.6.3/node.c:1414:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq_data[MAX_LINE*2], run_data[MAX_LINE]; data/prodigal-2.6.3/node.c:1431:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[0], "None"); data/prodigal-2.6.3/node.c:1432:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[0], "None"); data/prodigal-2.6.3/node.c:1433:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[1], "GGA/GAG/AGG"); data/prodigal-2.6.3/node.c:1434:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[1], "3-4bp"); data/prodigal-2.6.3/node.c:1435:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[2], "3Base/5BMM"); data/prodigal-2.6.3/node.c:1436:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[2], "13-15bp"); data/prodigal-2.6.3/node.c:1437:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[3], "4Base/6BMM"); data/prodigal-2.6.3/node.c:1438:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[3], "13-15bp"); data/prodigal-2.6.3/node.c:1439:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[4], "AGxAG"); data/prodigal-2.6.3/node.c:1440:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[4], "11-12bp"); data/prodigal-2.6.3/node.c:1441:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[5], "AGxAG"); data/prodigal-2.6.3/node.c:1442:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[5], "3-4bp"); data/prodigal-2.6.3/node.c:1443:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[6], "GGA/GAG/AGG"); data/prodigal-2.6.3/node.c:1444:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[6], "11-12bp"); data/prodigal-2.6.3/node.c:1445:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[7], "GGxGG"); data/prodigal-2.6.3/node.c:1446:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[7], "11-12bp"); data/prodigal-2.6.3/node.c:1447:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[8], "GGxGG"); data/prodigal-2.6.3/node.c:1448:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[8], "3-4bp"); data/prodigal-2.6.3/node.c:1449:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[9], "AGxAG"); data/prodigal-2.6.3/node.c:1450:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[9], "5-10bp"); data/prodigal-2.6.3/node.c:1451:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[10], "AGGAG(G)/GGAGG"); data/prodigal-2.6.3/node.c:1452:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[10], "13-15bp"); data/prodigal-2.6.3/node.c:1453:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[11], "AGGA/GGAG/GAGG"); data/prodigal-2.6.3/node.c:1454:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[11], "3-4bp"); data/prodigal-2.6.3/node.c:1455:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[12], "AGGA/GGAG/GAGG"); data/prodigal-2.6.3/node.c:1456:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[12], "11-12bp"); data/prodigal-2.6.3/node.c:1457:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[13], "GGA/GAG/AGG"); data/prodigal-2.6.3/node.c:1458:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[13], "5-10bp"); data/prodigal-2.6.3/node.c:1459:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[14], "GGxGG"); data/prodigal-2.6.3/node.c:1460:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[14], "5-10bp"); data/prodigal-2.6.3/node.c:1461:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[15], "AGGA"); data/prodigal-2.6.3/node.c:1462:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[15], "5-10bp"); data/prodigal-2.6.3/node.c:1463:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[16], "GGAG/GAGG"); data/prodigal-2.6.3/node.c:1464:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[16], "5-10bp"); data/prodigal-2.6.3/node.c:1465:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[17], "AGxAGG/AGGxGG"); data/prodigal-2.6.3/node.c:1466:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[17], "11-12bp"); data/prodigal-2.6.3/node.c:1467:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[18], "AGxAGG/AGGxGG"); data/prodigal-2.6.3/node.c:1468:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[18], "3-4bp"); data/prodigal-2.6.3/node.c:1469:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[19], "AGxAGG/AGGxGG"); data/prodigal-2.6.3/node.c:1470:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[19], "5-10bp"); data/prodigal-2.6.3/node.c:1471:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[20], "AGGAG/GGAGG"); data/prodigal-2.6.3/node.c:1472:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[20], "11-12bp"); data/prodigal-2.6.3/node.c:1473:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[21], "AGGAG"); data/prodigal-2.6.3/node.c:1474:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[21], "3-4bp"); data/prodigal-2.6.3/node.c:1475:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[22], "AGGAG"); data/prodigal-2.6.3/node.c:1476:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[22], "5-10bp"); data/prodigal-2.6.3/node.c:1477:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[23], "GGAGG"); data/prodigal-2.6.3/node.c:1478:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[23], "3-4bp"); data/prodigal-2.6.3/node.c:1479:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[24], "GGAGG"); data/prodigal-2.6.3/node.c:1480:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[24], "5-10bp"); data/prodigal-2.6.3/node.c:1481:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[25], "AGGAGG"); data/prodigal-2.6.3/node.c:1482:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[25], "11-12bp"); data/prodigal-2.6.3/node.c:1483:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[26], "AGGAGG"); data/prodigal-2.6.3/node.c:1484:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[26], "3-4bp"); data/prodigal-2.6.3/node.c:1485:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_string[27], "AGGAGG"); data/prodigal-2.6.3/node.c:1486:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sd_spacer[27], "5-10bp"); data/prodigal-2.6.3/sequence.c:34:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAX_LINE+1]; data/prodigal-2.6.3/sequence.c:125:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAX_LINE+1]; data/prodigal-2.6.3/sequence.c:130:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(new_hdr, "Prodigal_Seq_%d", *sctr+2); data/prodigal-2.6.3/sequence.c:238:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if(i == 0) { sprintf(short_header, "Prodigal_Seq_%d", sctr); } data/prodigal-2.6.3/sequence.c:626:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char letters[4] = { 'A', 'G', 'C', 'T' }; data/prodigal-2.6.3/sequence.c:627:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if(len == 0) strcpy(qt, "None"); data/prodigal-2.6.3/training.c:28:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(fn, "rb"); data/prodigal-2.6.3/training.c:41:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(fn, "wb"); data/prodigal-2.6.3/training.c:78:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:104:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:130:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:156:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:182:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:208:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:234:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:260:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:286:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:312:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:338:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:364:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:390:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:416:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:442:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:468:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:494:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:520:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:546:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:572:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:598:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:624:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:650:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:676:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:702:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:728:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:754:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:780:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:806:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:832:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:858:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:884:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:910:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:936:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:962:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:988:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1014:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1040:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1066:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1092:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1118:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1144:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1170:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1196:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1222:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1248:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1274:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1300:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1326:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/training.c:1352:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tptr, &tinf, sizeof(struct _training)); data/prodigal-2.6.3/gene.c:352:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(left, ""); data/prodigal-2.6.3/gene.c:353:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(right, ""); data/prodigal-2.6.3/sequence.c:41:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(hdr == 0 && line[strlen(line)-1] != '\n' && wrn == 0) { data/prodigal-2.6.3/sequence.c:48:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(line) > 6 && strncmp(line, "ORIGIN", 6) == 0)) { data/prodigal-2.6.3/sequence.c:70:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0; i < strlen(line); i++) { data/prodigal-2.6.3/sequence.c:135:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(reading_seq == 0 && line[strlen(line)-1] != '\n' && wrn == 0) { data/prodigal-2.6.3/sequence.c:141:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(line) > 10 && strncmp(line, "DEFINITION", 10) == 0) { data/prodigal-2.6.3/sequence.c:144:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur_hdr[strlen(cur_hdr)-1] = '\0'; data/prodigal-2.6.3/sequence.c:148:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_hdr[strlen(new_hdr)-1] = '\0'; data/prodigal-2.6.3/sequence.c:152:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(line) > 6 && strncmp(line, "ORIGIN", 6) == 0)) { data/prodigal-2.6.3/sequence.c:156:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_hdr[strlen(new_hdr)-1] = '\0'; data/prodigal-2.6.3/sequence.c:162:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur_hdr[strlen(cur_hdr)-1] = '\0'; data/prodigal-2.6.3/sequence.c:181:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0; i < strlen(line); i++) { data/prodigal-2.6.3/sequence.c:230:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0; i < strlen(header); i++) { data/prodigal-2.6.3/sequence.c:233:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(short_header, header, i); ANALYSIS SUMMARY: Hits = 296 Lines analyzed = 6078 in approximately 42.30 seconds (144 lines/second) Physical Source Lines of Code (SLOC) = 4889 Hits@level = [0] 197 [1] 15 [2] 204 [3] 0 [4] 77 [5] 0 Hits@level+ = [0+] 493 [1+] 296 [2+] 281 [3+] 77 [4+] 77 [5+] 0 Hits/KSLOC@level+ = [0+] 100.839 [1+] 60.5441 [2+] 57.476 [3+] 15.7496 [4+] 15.7496 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.