Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/repeatmasker-recon-1.08/src/famdef.c
Examining data/repeatmasker-recon-1.08/src/edgeredef.c
Examining data/repeatmasker-recon-1.08/src/msps.h
Examining data/repeatmasker-recon-1.08/src/ele.h
Examining data/repeatmasker-recon-1.08/src/eledef.c
Examining data/repeatmasker-recon-1.08/src/seqlist.h
Examining data/repeatmasker-recon-1.08/src/imagespread.c
Examining data/repeatmasker-recon-1.08/src/eleredef.c
Examining data/repeatmasker-recon-1.08/src/bolts.h
FINAL RESULTS:
data/repeatmasker-recon-1.08/src/edgeredef.c:200:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/repeatmasker-recon-1.08/src/edgeredef.c:347:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/edgeredef.c:363:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/ele.h:315:2: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %*s", head);
data/repeatmasker-recon-1.08/src/ele.h:355:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/ele.h:402:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s %*s", head);
data/repeatmasker-recon-1.08/src/ele.h:412:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%*s %s %d %d\n", fragname, &ele_info->ele->frag.lb, &ele_info->ele->frag.rb);
data/repeatmasker-recon-1.08/src/ele.h:543:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "msp %d %c %d %f %d %d %s %d %d %d %s %d %d\n", &id, &msp_tmp->stat, &msp_tmp->score, &msp_tmp->iden, &msp_tmp->direction, &ele1, qname, &msp_tmp->query.frag.lb, &msp_tmp->query.frag.rb, &ele2, sname, &msp_tmp->sbjct.frag.lb, &msp_tmp->sbjct.frag.rb);
data/repeatmasker-recon-1.08/src/eledef.c:291:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%d %*d %s %d %d\n", &img.index, fragname, &img.frag.lb, &img.frag.rb);
data/repeatmasker-recon-1.08/src/eleredef.c:818:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/eleredef.c:824:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/eleredef.c:835:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/eleredef.c:841:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/eleredef.c:850:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/eleredef.c:862:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/eleredef.c:877:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/eleredef.c:923:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/eleredef.c:930:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/eleredef.c:937:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/eleredef.c:980:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(command)) {
data/repeatmasker-recon-1.08/src/msps.h:116:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "%ld %f %ld %ld %s %ld %ld %s \n", &(m->score), &(m->iden), &(m->query.frag.lb), &(m->query.frag.rb), qname, &(m->sbjct.frag.lb), &(m->sbjct.frag.rb), sname) != 8) {
data/repeatmasker-recon-1.08/src/edgeredef.c:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[35], stat;
data/repeatmasker-recon-1.08/src/edgeredef.c:38:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
seq_list = fopen(argv[1], "r");
data/repeatmasker-recon-1.08/src/edgeredef.c:45:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 2) start = atoi(argv[2]) - 1;
data/repeatmasker-recon-1.08/src/edgeredef.c:48:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ele_no = fopen("summary/redef_ele_no", "r");
data/repeatmasker-recon-1.08/src/edgeredef.c:54:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
redef_stat = fopen("tmp/redef_stat", "r");
data/repeatmasker-recon-1.08/src/edgeredef.c:60:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen("tmp2/log", "w");
data/repeatmasker-recon-1.08/src/edgeredef.c:67:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ele_ct = atoi(line);
data/repeatmasker-recon-1.08/src/edgeredef.c:86:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ei = atoi(line);
data/repeatmasker-recon-1.08/src/edgeredef.c:152:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
redef_stat = fopen("tmp2/redef_stat", "w");
data/repeatmasker-recon-1.08/src/edgeredef.c:199:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "cp tmp/e%d tmp2/.", ele_info->index);
data/repeatmasker-recon-1.08/src/edgeredef.c:346:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mv -f tmp2/clan/e* tmp2/.");
data/repeatmasker-recon-1.08/src/edgeredef.c:362:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mv -f tmp2/redef_stat tmp2/redef_stat_prev");
data/repeatmasker-recon-1.08/src/ele.h:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/repeatmasker-recon-1.08/src/ele.h:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ele_name[50], line[150], head[10], *msp = "msp";
data/repeatmasker-recon-1.08/src/ele.h:304:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ele_name, "tmp/e%d", ei);
data/repeatmasker-recon-1.08/src/ele.h:305:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ele_file = fopen(ele_name, "r");
data/repeatmasker-recon-1.08/src/ele.h:354:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "ln -s tmp/e%d unproc/.\n", ele_info->index);
data/repeatmasker-recon-1.08/src/ele.h:377:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[200], head[10], rest[150], *fn = (char *) malloc(20*sizeof(char));
data/repeatmasker-recon-1.08/src/ele.h:378:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fragname[NAME_LEN];
data/repeatmasker-recon-1.08/src/ele.h:390:31: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (ele_info->file_updated) sprintf(fn, "tmp2/e%d", ele_info->index);
data/repeatmasker-recon-1.08/src/ele.h:391:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(fn, "tmp/e%d", ele_info->index);
data/repeatmasker-recon-1.08/src/ele.h:392:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fn, "r");
data/repeatmasker-recon-1.08/src/ele.h:538:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qname[NAME_LEN], sname[NAME_LEN];
data/repeatmasker-recon-1.08/src/ele.h:690:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "tmp2/e%d", ele_info->index);
data/repeatmasker-recon-1.08/src/ele.h:691:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fn, "w");
data/repeatmasker-recon-1.08/src/eledef.c:94:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ele_name, "ele_def_res/e%d", (*(all_iprot+i))->ele_index);\
data/repeatmasker-recon-1.08/src/eledef.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[150], *m1="single", *m2="double";
data/repeatmasker-recon-1.08/src/eledef.c:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ele_name[50]; /*name of element used as name of the ele file*/
data/repeatmasker-recon-1.08/src/eledef.c:157:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
seq_list = fopen(argv[1], "r");
data/repeatmasker-recon-1.08/src/eledef.c:164:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msp_file = fopen(argv[2], "r");
data/repeatmasker-recon-1.08/src/eledef.c:185:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(frags = fopen("images/images_sorted", "r"))) {
data/repeatmasker-recon-1.08/src/eledef.c:189:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(msp_no = fopen("summary/ori_msp_no", "r"))) {
data/repeatmasker-recon-1.08/src/eledef.c:193:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = fopen("ele_def_res/errors", "w");
data/repeatmasker-recon-1.08/src/eledef.c:194:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
all_ele = fopen("summary/naive_eles", "w");
data/repeatmasker-recon-1.08/src/eledef.c:195:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
img_prot = fopen("ele_def_res/img_prot", "w");
data/repeatmasker-recon-1.08/src/eledef.c:196:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ele_no = fopen("summary/naive_ele_no", "w");
data/repeatmasker-recon-1.08/src/eledef.c:197:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
size_list = fopen("ele_def_res/size_list", "w");
data/repeatmasker-recon-1.08/src/eledef.c:200:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msp_ct = atoi(line);
data/repeatmasker-recon-1.08/src/eledef.c:223:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
img_prot = fopen("ele_def_res/img_prot", "r");
data/repeatmasker-recon-1.08/src/eledef.c:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100];
data/repeatmasker-recon-1.08/src/eledef.c:281:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fragname[NAME_LEN];
data/repeatmasker-recon-1.08/src/eledef.c:388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[151];
data/repeatmasker-recon-1.08/src/eleredef.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[35], stat;
data/repeatmasker-recon-1.08/src/eleredef.c:108:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
seq_list = fopen(argv[1], "r");
data/repeatmasker-recon-1.08/src/eleredef.c:115:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 2) start = atoi(argv[2]) - 1;
data/repeatmasker-recon-1.08/src/eleredef.c:117:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc > 3) clan_ct = atoi(argv[3]);
data/repeatmasker-recon-1.08/src/eleredef.c:120:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ele_no = fopen("summary/naive_ele_no", "r");
data/repeatmasker-recon-1.08/src/eleredef.c:125:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msp_no = fopen("summary/redef_msp_no", "r");
data/repeatmasker-recon-1.08/src/eleredef.c:126:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!msp_no) msp_no = fopen("summary/ori_msp_no", "r");
data/repeatmasker-recon-1.08/src/eleredef.c:134:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
edge_no = fopen("summary/naive_edge_no", "r");
data/repeatmasker-recon-1.08/src/eleredef.c:137:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
size_list = fopen("tmp/size_list", "r");
data/repeatmasker-recon-1.08/src/eleredef.c:140:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
new_stat = fopen("tmp2/redef_stat", "r");
data/repeatmasker-recon-1.08/src/eleredef.c:142:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
new_msps = fopen("summary/new_msps", "a");
data/repeatmasker-recon-1.08/src/eleredef.c:148:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
unproc = fopen("summary/unproc", "a");
data/repeatmasker-recon-1.08/src/eleredef.c:154:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
combo = fopen("summary/combo", "a");
data/repeatmasker-recon-1.08/src/eleredef.c:160:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
obs = fopen("summary/obsolete", "a");
data/repeatmasker-recon-1.08/src/eleredef.c:166:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen("tmp2/log", "a");
data/repeatmasker-recon-1.08/src/eleredef.c:174:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ele_ct = atoi(line);
data/repeatmasker-recon-1.08/src/eleredef.c:179:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msp_index = atoi(line) - 1;
data/repeatmasker-recon-1.08/src/eleredef.c:185:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
edge_index = atoi(line) - 1;
data/repeatmasker-recon-1.08/src/eleredef.c:210:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ei = atoi(line);
data/repeatmasker-recon-1.08/src/eleredef.c:212:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fu = atoi(&line[i+3]);
data/repeatmasker-recon-1.08/src/eleredef.c:306:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("summary/redef_ele_no", "w");
data/repeatmasker-recon-1.08/src/eleredef.c:319:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
redef_stat = fopen("tmp2/redef_stat", "w");
data/repeatmasker-recon-1.08/src/eleredef.c:329:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("summary/redef_msp_no", "w");
data/repeatmasker-recon-1.08/src/eleredef.c:333:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("summary/naive_edge_no", "w");
data/repeatmasker-recon-1.08/src/eleredef.c:815:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "tmp2/clan/combos");
data/repeatmasker-recon-1.08/src/eleredef.c:817:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mv -f tmp2/clan/combos combos/clan%d", clan_ct);
data/repeatmasker-recon-1.08/src/eleredef.c:823:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mkdir tmp2/clan/combos");
data/repeatmasker-recon-1.08/src/eleredef.c:832:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "tmp2/clan/obsolete");
data/repeatmasker-recon-1.08/src/eleredef.c:834:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mv -f tmp2/clan/obsolete obsolete/clan%d", clan_ct);
data/repeatmasker-recon-1.08/src/eleredef.c:840:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mkdir tmp2/clan/obsolete");
data/repeatmasker-recon-1.08/src/eleredef.c:849:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mv -f tmp2/clan/e* tmp2/.");
data/repeatmasker-recon-1.08/src/eleredef.c:856:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "tmp2/clan/e%d", i+1);
data/repeatmasker-recon-1.08/src/eleredef.c:857:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fp = fopen(command, "r")) in_clan = 1;
data/repeatmasker-recon-1.08/src/eleredef.c:861:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mv -f tmp2/clan/e%d tmp2/.", i+1);
data/repeatmasker-recon-1.08/src/eleredef.c:871:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "tmp2/clan/e%d", cur_ele_info->index);
data/repeatmasker-recon-1.08/src/eleredef.c:872:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fp = fopen(command, "r")) in_clan = 1;
data/repeatmasker-recon-1.08/src/eleredef.c:876:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mv -f tmp2/clan/e%d tmp2/.", cur_ele_info->index);
data/repeatmasker-recon-1.08/src/eleredef.c:922:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mv -f tmp2/redef_stat tmp2/redef_stat_prev");
data/repeatmasker-recon-1.08/src/eleredef.c:929:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mv -f tmp2/msp_no tmp2/msp_no_prev");
data/repeatmasker-recon-1.08/src/eleredef.c:936:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "mv -f tmp2/edge_no tmp2/edge_no_prev");
data/repeatmasker-recon-1.08/src/eleredef.c:979:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "rm -f tmp2/e%d", ele_info->index);
data/repeatmasker-recon-1.08/src/eleredef.c:2289:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ele_name, "tmp2/clan/combos/e%d", ele_info->index);
data/repeatmasker-recon-1.08/src/eleredef.c:2290:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ele_fp = fopen(ele_name, "w");
data/repeatmasker-recon-1.08/src/eleredef.c:2320:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ele_name, "tmp2/clan/obsolete/e%d", ele_info->index);
data/repeatmasker-recon-1.08/src/eleredef.c:2321:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ele_fp = fopen(ele_name, "w");
data/repeatmasker-recon-1.08/src/famdef.c:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[35], stat;
data/repeatmasker-recon-1.08/src/famdef.c:34:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
seq_list = fopen(argv[1], "r");
data/repeatmasker-recon-1.08/src/famdef.c:41:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ele_no = fopen("summary/redef_ele_no", "r");
data/repeatmasker-recon-1.08/src/famdef.c:47:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
redef_stat = fopen("tmp/redef_stat", "r");
data/repeatmasker-recon-1.08/src/famdef.c:53:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
eles = fopen("summary/eles", "w");
data/repeatmasker-recon-1.08/src/famdef.c:54:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fams = fopen("summary/families", "w");
data/repeatmasker-recon-1.08/src/famdef.c:55:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fam_no = fopen("summary/fam_no", "w");
data/repeatmasker-recon-1.08/src/famdef.c:56:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
final_ele_no = fopen("summary/ele_no", "w");
data/repeatmasker-recon-1.08/src/famdef.c:58:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen("tmp/log2", "w");
data/repeatmasker-recon-1.08/src/famdef.c:61:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ele_ct = atoi(line);
data/repeatmasker-recon-1.08/src/famdef.c:80:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ei = atoi(line);
data/repeatmasker-recon-1.08/src/imagespread.c:13:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[150], output_name[50];
data/repeatmasker-recon-1.08/src/imagespread.c:24:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
seq_list = fopen(argv[1], "r");
data/repeatmasker-recon-1.08/src/imagespread.c:29:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msp_file = fopen(argv[2], "r");
data/repeatmasker-recon-1.08/src/imagespread.c:34:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc == 4) {noof = atoi(argv[3]);}
data/repeatmasker-recon-1.08/src/imagespread.c:38:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
err = fopen("images/errors", "w");
data/repeatmasker-recon-1.08/src/imagespread.c:43:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msp_no = fopen("summary/ori_msp_no", "w");
data/repeatmasker-recon-1.08/src/imagespread.c:50:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output_name, "images/spread%d", i+1);
data/repeatmasker-recon-1.08/src/imagespread.c:51:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*(output+i) = fopen(output_name, "w");
data/repeatmasker-recon-1.08/src/msps.h:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qname[NAME_LEN], sname[NAME_LEN];
data/repeatmasker-recon-1.08/src/seqlist.h:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/repeatmasker-recon-1.08/src/seqlist.h:20:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seq_no = atoi(line);
data/repeatmasker-recon-1.08/src/seqlist.h:41:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*(seq_names+seq_ct), name_start, NAME_LEN-1);
ANALYSIS SUMMARY:
Hits = 131
Lines analyzed = 5410 in approximately 0.20 seconds (27481 lines/second)
Physical Source Lines of Code (SLOC) = 3721
Hits@level = [0] 195 [1] 1 [2] 109 [3] 0 [4] 21 [5] 0
Hits@level+ = [0+] 326 [1+] 131 [2+] 130 [3+] 21 [4+] 21 [5+] 0
Hits/KSLOC@level+ = [0+] 87.6109 [1+] 35.2056 [2+] 34.9368 [3+] 5.64364 [4+] 5.64364 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.