Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/scythe-0.994+git20141017.20d3cff/src/kseq.h Examining data/scythe-0.994+git20141017.20d3cff/src/match.c Examining data/scythe-0.994+git20141017.20d3cff/src/scythe.h Examining data/scythe-0.994+git20141017.20d3cff/src/tests/tests.c Examining data/scythe-0.994+git20141017.20d3cff/src/util.c Examining data/scythe-0.994+git20141017.20d3cff/src/prob.c Examining data/scythe-0.994+git20141017.20d3cff/src/scythe.c FINAL RESULTS: data/scythe-0.994+git20141017.20d3cff/src/prob.c:75:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ps->random = (ls->random * (1-p_prior))/p_denom; data/scythe-0.994+git20141017.20d3cff/src/prob.c:76:36: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ps->is_contam = ps->contam > ps->random; data/scythe-0.994+git20141017.20d3cff/src/prob.c:92:11: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ls->random *= p_match; /* prob match happened by chance */ data/scythe-0.994+git20141017.20d3cff/src/prob.c:96:11: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ls->random *= 1 - p_match; data/scythe-0.994+git20141017.20d3cff/src/scythe.c:130:12: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. optc = getopt_long(argc, argv, "dtfp:a:o:q:m:o:n:M:", long_options, &option_index); data/scythe-0.994+git20141017.20d3cff/src/scythe.h:67:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double random; data/scythe-0.994+git20141017.20d3cff/src/scythe.h:73:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. double random; data/scythe-0.994+git20141017.20d3cff/src/util.c:229:41: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. match->ps->contam, match->ps->random, data/scythe-0.994+git20141017.20d3cff/src/kseq.h:125:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str->s + str->l, ks->buf + ks->begin, i - ks->begin); \ data/scythe-0.994+git20141017.20d3cff/src/scythe.c:154:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). output_fp = fopen(optarg, "w"); data/scythe-0.994+git20141017.20d3cff/src/scythe.c:161:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). matches_fp = fopen(optarg, "w"); data/scythe-0.994+git20141017.20d3cff/src/scythe.c:168:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). min = atoi(optarg); data/scythe-0.994+git20141017.20d3cff/src/scythe.c:171:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). min_keep = atoi(optarg); data/scythe-0.994+git20141017.20d3cff/src/util.c:93:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(out, "%.*s\n", n, seqa); data/scythe-0.994+git20141017.20d3cff/src/util.c:103:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptr, "\n%.*s", (int) n, seqb); data/scythe-0.994+git20141017.20d3cff/src/match.c:38:61: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). match *find_best_match(const adapter_array *aa, const char *read, data/scythe-0.994+git20141017.20d3cff/src/match.c:50:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t al, rl = strlen(read); data/scythe-0.994+git20141017.20d3cff/src/match.c:50:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t al, rl = strlen(read); data/scythe-0.994+git20141017.20d3cff/src/match.c:65:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). score_sequence(curr_arr, &(read)[shift], (aa->adapters[i]).seq, al); data/scythe-0.994+git20141017.20d3cff/src/prob.c:26:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i, n = strlen(qual), q; data/scythe-0.994+git20141017.20d3cff/src/tests/tests.c:38:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). score_sequence(cmp1_t, seqa, seqb, strlen(seqa)); data/scythe-0.994+git20141017.20d3cff/src/tests/tests.c:43:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TEST(sum(score_sequence(cmp1_t, seqa, seqb, strlen(seqa)), strlen(seqa)) == 22, "sum of score_sequence"); data/scythe-0.994+git20141017.20d3cff/src/tests/tests.c:43:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TEST(sum(score_sequence(cmp1_t, seqa, seqb, strlen(seqa)), strlen(seqa)) == 22, "sum of score_sequence"); data/scythe-0.994+git20141017.20d3cff/src/util.c:48:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(adapters[i].seq, aseq->seq.s, seq_l); data/scythe-0.994+git20141017.20d3cff/src/util.c:51:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(adapters[i].name, aseq->name.s, aseq->name.l+1); data/scythe-0.994+git20141017.20d3cff/src/util.c:54:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(adapters[i].name, " ", 1); data/scythe-0.994+git20141017.20d3cff/src/util.c:55:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(adapters[i].name, aseq->comment.s, aseq->comment.l+1); data/scythe-0.994+git20141017.20d3cff/src/util.c:97:7: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(ptr, "|"); data/scythe-0.994+git20141017.20d3cff/src/util.c:99:7: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(ptr, " "); ANALYSIS SUMMARY: Hits = 29 Lines analyzed = 1128 in approximately 0.05 seconds (22806 lines/second) Physical Source Lines of Code (SLOC) = 845 Hits@level = [0] 42 [1] 14 [2] 7 [3] 8 [4] 0 [5] 0 Hits@level+ = [0+] 71 [1+] 29 [2+] 15 [3+] 8 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 84.0237 [1+] 34.3195 [2+] 17.7515 [3+] 9.46746 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.