Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pybdsf-1.9.2/natgrid/Include/nnchead.h
Examining data/pybdsf-1.9.2/natgrid/Include/nncheadd.h
Examining data/pybdsf-1.9.2/natgrid/Include/nncheads.h
Examining data/pybdsf-1.9.2/natgrid/Include/nnexver.h
Examining data/pybdsf-1.9.2/natgrid/Include/nnghead.h
Examining data/pybdsf-1.9.2/natgrid/Include/nngheadd.h
Examining data/pybdsf-1.9.2/natgrid/Include/nngheads.h
Examining data/pybdsf-1.9.2/natgrid/Include/nntpvrs.h
Examining data/pybdsf-1.9.2/natgrid/Include/nntypes.h
Examining data/pybdsf-1.9.2/natgrid/Include/nnuhead.h
Examining data/pybdsf-1.9.2/natgrid/Include/nnuheadd.h
Examining data/pybdsf-1.9.2/natgrid/Include/nnuheads.h
Examining data/pybdsf-1.9.2/natgrid/Include/nnmhead.h
Examining data/pybdsf-1.9.2/natgrid/Src/natgrid.c
Examining data/pybdsf-1.9.2/natgrid/Src/natgridd.c
Examining data/pybdsf-1.9.2/natgrid/Src/natgridmodule.c
Examining data/pybdsf-1.9.2/natgrid/Src/natgrids.c
Examining data/pybdsf-1.9.2/natgrid/Src/nncrunch.c
Examining data/pybdsf-1.9.2/natgrid/Src/nncrunchd.c
Examining data/pybdsf-1.9.2/natgrid/Src/nncrunchs.c
Examining data/pybdsf-1.9.2/natgrid/Src/nnerror.c
Examining data/pybdsf-1.9.2/natgrid/Src/nnuser.c
Examining data/pybdsf-1.9.2/natgrid/Src/nnuserd.c
Examining data/pybdsf-1.9.2/natgrid/Src/nnusers.c
Examining data/pybdsf-1.9.2/src/c++/Fitter_dn2g.cc
Examining data/pybdsf-1.9.2/src/c++/Fitter_dnsg.cc
Examining data/pybdsf-1.9.2/src/c++/Fitter_lmder.cc
Examining data/pybdsf-1.9.2/src/c++/Fitters.h
Examining data/pybdsf-1.9.2/src/c++/MGFunction.h
Examining data/pybdsf-1.9.2/src/c++/MGFunction1.cc
Examining data/pybdsf-1.9.2/src/c++/MGFunction2.cc
Examining data/pybdsf-1.9.2/src/c++/boost_python.h
Examining data/pybdsf-1.9.2/src/c++/cbdsm_main.cc
Examining data/pybdsf-1.9.2/src/c++/num_util/num_util.cpp
Examining data/pybdsf-1.9.2/src/c++/num_util/num_util.h
Examining data/pybdsf-1.9.2/src/c++/pyndarray.h
Examining data/pybdsf-1.9.2/src/c++/stat.cc
Examining data/pybdsf-1.9.2/src/c++/stat.h
FINAL RESULTS:
data/pybdsf-1.9.2/natgrid/Src/nnuser.c:17:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(emsg,"\n Parameter name supplied is: %s\n",pnam);
data/pybdsf-1.9.2/natgrid/Src/nnuser.c:63:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(emsg,"\n Parameter name supplied is: %s\n",pnam);
data/pybdsf-1.9.2/natgrid/Src/nnuser.c:98:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(error_file,vnam);
data/pybdsf-1.9.2/natgrid/Src/nnuser.c:102:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(emsg,"\n Parameter name supplied is: %s\n",pnam);
data/pybdsf-1.9.2/natgrid/Src/nnuser.c:143:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(emsg,"\n Parameter name supplied is: %s\n",pnam);
data/pybdsf-1.9.2/natgrid/Src/nnuserd.c:48:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(emsg,"\n Parameter name supplied is: %s\n",pnam);
data/pybdsf-1.9.2/natgrid/Src/nnuserd.c:101:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(emsg,"\n Parameter name supplied is: %s\n",pnam);
data/pybdsf-1.9.2/natgrid/Src/nnusers.c:46:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(emsg,"\n Parameter name supplied is: %s\n",pnam);
data/pybdsf-1.9.2/natgrid/Src/nnusers.c:99:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(emsg,"\n Parameter name supplied is: %s\n",pnam);
data/pybdsf-1.9.2/natgrid/Src/nncrunchd.c:321:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(367);
data/pybdsf-1.9.2/natgrid/Src/nncrunchs.c:322:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(367);
data/pybdsf-1.9.2/natgrid/Include/nnchead.h:38:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tri_file[256], error_file[256], emsg[256];
data/pybdsf-1.9.2/natgrid/Include/nnchead.h:40:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
extern FILE *fopen(), *filee;
data/pybdsf-1.9.2/natgrid/Include/nnghead.h:38:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char tri_file[256], error_file[256], emsg[256];
data/pybdsf-1.9.2/natgrid/Include/nnghead.h:40:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
extern FILE *fopen(), *filee;
data/pybdsf-1.9.2/natgrid/Include/nnmhead.h:39:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tri_file[256] = {"nnalg.dat"}, error_file[256] = {"stderr"},
data/pybdsf-1.9.2/natgrid/Include/nnmhead.h:42:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fopen(), *filee = NULL;
data/pybdsf-1.9.2/natgrid/Src/natgridmodule.c:200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *title[6] = { "x", "y ", "z", "xo", "yo", "result" }; /* Titles for print to file */
data/pybdsf-1.9.2/natgrid/Src/natgridmodule.c:235:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen("natgrids.asc", "w")) == NULL) {
data/pybdsf-1.9.2/natgrid/Src/natgridmodule.c:522:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cval[128]; /* the value currently assigned to the control parameter whose name is
data/pybdsf-1.9.2/natgrid/Src/natgridmodule.c:707:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *title[3] = {"x", "y ", "z"}; /* Titles for print to file */
data/pybdsf-1.9.2/natgrid/Src/natgridmodule.c:731:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen("pntinits.asc", "w")) == NULL) {
data/pybdsf-1.9.2/natgrid/Src/natgridmodule.c:914:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *title[6] = {"x", "y ", "z", "xo", "yo", "result"}; /* Titles for print to file */
data/pybdsf-1.9.2/natgrid/Src/natgridmodule.c:950:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen("natgridd.asc", "w")) == NULL) {
data/pybdsf-1.9.2/natgrid/Src/natgridmodule.c:1235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *title[3] = { "x", "y ", "z" }; /* Titles for print to file */
data/pybdsf-1.9.2/natgrid/Src/natgridmodule.c:1258:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fp = fopen("pntinitd.asc", "w")) == NULL) {
data/pybdsf-1.9.2/natgrid/Src/nncrunch.c:445:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((filer = fopen(tri_file,"w")) EQ (FILE *) NULL)
data/pybdsf-1.9.2/natgrid/Src/nncrunchd.c:309:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Coordinates %d and %d are identical.\n",i0,i1);
data/pybdsf-1.9.2/natgrid/Src/nncrunchd.c:478:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n\n Current automatically computed scaling "
data/pybdsf-1.9.2/natgrid/Src/nncrunchd.c:497:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Requested row = %d (indices starting with one)\n",row+1);
data/pybdsf-1.9.2/natgrid/Src/nncrunchd.c:505:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Requested column = %d (indices starting with one)\n",
data/pybdsf-1.9.2/natgrid/Src/nncrunchd.c:526:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n\n Current automatically computed scaling "
data/pybdsf-1.9.2/natgrid/Src/nncrunchd.c:545:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Requested row = %d (indices starting with one)\n",row+1);
data/pybdsf-1.9.2/natgrid/Src/nncrunchd.c:553:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Requested column = %d (indices starting with one)\n",
data/pybdsf-1.9.2/natgrid/Src/nncrunchd.c:617:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Coordinate = (%f, %f)\n", x, y);
data/pybdsf-1.9.2/natgrid/Src/nncrunchs.c:310:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Coordinates %d and %d are identical.\n",i0,i1);
data/pybdsf-1.9.2/natgrid/Src/nncrunchs.c:479:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n\n Current automatically computed scaling "
data/pybdsf-1.9.2/natgrid/Src/nncrunchs.c:498:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Requested row = %d (indices starting with one)\n",row+1);
data/pybdsf-1.9.2/natgrid/Src/nncrunchs.c:506:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Requested column = %d (indices starting with one)\n",
data/pybdsf-1.9.2/natgrid/Src/nncrunchs.c:527:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n\n Current automatically computed scaling "
data/pybdsf-1.9.2/natgrid/Src/nncrunchs.c:546:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Requested row = %d (indices starting with one)\n",row+1);
data/pybdsf-1.9.2/natgrid/Src/nncrunchs.c:554:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Requested column = %d (indices starting with one)\n",
data/pybdsf-1.9.2/natgrid/Src/nncrunchs.c:618:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(emsg,"\n Coordinate = (%f, %f)\n", x, y);
data/pybdsf-1.9.2/natgrid/Src/nnerror.c:36:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *err_list[MAX_ERROR] = {
data/pybdsf-1.9.2/natgrid/Src/nnerror.c:130:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rlist = (char *) err_list[29];
data/pybdsf-1.9.2/natgrid/Src/nnerror.c:133:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rlist = (char *) err_list[i-1];
data/pybdsf-1.9.2/natgrid/Src/nnuser.c:86:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(error_file,"stderr");
data/pybdsf-1.9.2/natgrid/Src/nnuser.c:90:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(error_file,"stdout");
data/pybdsf-1.9.2/natgrid/Src/nnuser.c:93:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((filee = fopen(vnam,"w")) EQ (FILE *) NULL)
data/pybdsf-1.9.2/natgrid/Src/nnuser.c:159:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdum[256];
data/pybdsf-1.9.2/natgrid/Src/nnuser.c:171:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdum[256] = {" "};
data/pybdsf-1.9.2/src/c++/num_util/num_util.h:78:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr_data, data, PyArray_ITEMSIZE((PyArrayObject*) obj.ptr()) * n); // copies the input data to
data/pybdsf-1.9.2/src/c++/num_util/num_util.h:96:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arr_data, data, PyArray_ITEMSIZE((PyArrayObject*) obj.ptr()) * total);
ANALYSIS SUMMARY:
Hits = 53
Lines analyzed = 7988 in approximately 0.33 seconds (24092 lines/second)
Physical Source Lines of Code (SLOC) = 5439
Hits@level = [0] 125 [1] 0 [2] 42 [3] 2 [4] 9 [5] 0
Hits@level+ = [0+] 178 [1+] 53 [2+] 53 [3+] 11 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 32.7266 [1+] 9.74444 [2+] 9.74444 [3+] 2.02243 [4+] 1.65472 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.