Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/solvate-1.0/solvate.c
FINAL RESULTS:
data/solvate-1.0/solvate.c:410:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(atomstr,tmpstr);
data/solvate-1.0/solvate.c:416:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(residstr,tmpstr);
data/solvate-1.0/solvate.c:461:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(segidstr,tmpstr);
data/solvate-1.0/solvate.c:469:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,linestr);
data/solvate-1.0/solvate.c:474:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,linestr);
data/solvate-1.0/solvate.c:598:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(lstr,"%d %s",&nr_of_atoms,tmpstr)==2) {
data/solvate-1.0/solvate.c:636:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(segidstr,tmpstr);
data/solvate-1.0/solvate.c:649:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(residstr,tmpstr);
data/solvate-1.0/solvate.c:655:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(atomstr,tmpstr);
data/solvate-1.0/solvate.c:661:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(atom_typestr,tmpstr);
data/solvate-1.0/solvate.c:681:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,lstr);
data/solvate-1.0/solvate.c:701:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile1,infile);
data/solvate-1.0/solvate.c:826:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile1,infile);
data/solvate-1.0/solvate.c:3445:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile1,infile);
data/solvate-1.0/solvate.c:3447:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile1,outfile);
data/solvate-1.0/solvate.c:3449:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(psfinfile,infile);
data/solvate-1.0/solvate.c:3451:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(psfoutfile,outfile);
data/solvate-1.0/solvate.c:3453:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xplorfile,XPLOR_SCRIPT_NAME);
data/solvate-1.0/solvate.c:4362:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(infile,argv[i]);
data/solvate-1.0/solvate.c:4366:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile,argv[i]);
data/solvate-1.0/solvate.c:4378:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile,infile);
data/solvate-1.0/solvate.c:384:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linestr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:385:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linestr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:489:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:507:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%8.3f ",x);
data/solvate-1.0/solvate.c:508:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_XKO,tmpstr,PDB_L_XKO);
data/solvate-1.0/solvate.c:510:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%8.3f ",y);
data/solvate-1.0/solvate.c:511:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_YKO,tmpstr,PDB_L_YKO);
data/solvate-1.0/solvate.c:513:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%8.3f ",z);
data/solvate-1.0/solvate.c:514:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_ZKO,tmpstr,PDB_L_ZKO);
data/solvate-1.0/solvate.c:526:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:527:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linestr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:530:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linestr,"ATOM 000000 OH2 TIP3 0 0.000 0.000 0.000 0.00 0.00 W000");
data/solvate-1.0/solvate.c:533:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linestr,"ATOM 000000 H1 TIP3 0 0.000 0.000 0.000 0.00 0.00 W000");
data/solvate-1.0/solvate.c:536:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linestr,"ATOM 000000 H2 TIP3 0 0.000 0.000 0.000 0.00 0.00 W000");
data/solvate-1.0/solvate.c:538:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%6ld ",atom_nr);
data/solvate-1.0/solvate.c:539:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_ATOMNR,tmpstr,PDB_L_ATOMNR);
data/solvate-1.0/solvate.c:540:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%8.3f ",x);
data/solvate-1.0/solvate.c:541:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_XKO,tmpstr,PDB_L_XKO);
data/solvate-1.0/solvate.c:542:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%8.3f ",y);
data/solvate-1.0/solvate.c:543:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_YKO,tmpstr,PDB_L_YKO);
data/solvate-1.0/solvate.c:544:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%8.3f ",z);
data/solvate-1.0/solvate.c:545:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_ZKO,tmpstr,PDB_L_ZKO);
data/solvate-1.0/solvate.c:546:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%5d ",res_id);
data/solvate-1.0/solvate.c:547:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_RESIDNR-1,tmpstr,PDB_L_RESIDNR);
data/solvate-1.0/solvate.c:548:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%3d ",seg_id);
data/solvate-1.0/solvate.c:549:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_SEGIDSTR+1,tmpstr,PDB_L_SEGIDSTR-1);
data/solvate-1.0/solvate.c:559:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:560:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linestr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:563:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linestr,"ATOM 000000 NA INA 0 0.000 0.000 0.000 0.00 0.00 NA ");
data/solvate-1.0/solvate.c:566:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linestr,"ATOM 000000 CL ICL 0 0.000 0.000 0.000 0.00 0.00 CL ");
data/solvate-1.0/solvate.c:572:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%6ld ",atom_nr);
data/solvate-1.0/solvate.c:573:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_ATOMNR,tmpstr,PDB_L_ATOMNR);
data/solvate-1.0/solvate.c:574:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%8.3f ",x);
data/solvate-1.0/solvate.c:575:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_XKO,tmpstr,PDB_L_XKO);
data/solvate-1.0/solvate.c:576:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%8.3f ",y);
data/solvate-1.0/solvate.c:577:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_YKO,tmpstr,PDB_L_YKO);
data/solvate-1.0/solvate.c:578:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%8.3f ",z);
data/solvate-1.0/solvate.c:579:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_ZKO,tmpstr,PDB_L_ZKO);
data/solvate-1.0/solvate.c:580:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpstr,"%5d ",res_id);
data/solvate-1.0/solvate.c:581:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linestr+PDB_P_RESIDNR-1,tmpstr,PDB_L_RESIDNR);
data/solvate-1.0/solvate.c:592:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lstr[MAX_STRING_SIZE];
data/solvate-1.0/solvate.c:593:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpstr[MAX_STRING_SIZE];
data/solvate-1.0/solvate.c:620:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lstr[MAX_STRING_SIZE];
data/solvate-1.0/solvate.c:621:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpstr[MAX_STRING_SIZE];
data/solvate-1.0/solvate.c:694:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atomstr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:695:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char residstr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:696:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segidstr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:697:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile1[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:702:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(infile1,".pdb");
data/solvate-1.0/solvate.c:706:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen(infile1,"r"))==NULL) {
data/solvate-1.0/solvate.c:733:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen(infile1,"r"))==NULL) {
data/solvate-1.0/solvate.c:818:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atomtypestr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:819:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atomstr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:820:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char residstr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:821:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segidstr[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:822:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile1[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:827:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(infile1,".psf");
data/solvate-1.0/solvate.c:831:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen(infile1,"r"))==NULL) {
data/solvate-1.0/solvate.c:2099:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen("gaussians.lis","w"))==NULL) {
data/solvate-1.0/solvate.c:2139:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen("gaussians.lis","r"))==NULL) {
data/solvate-1.0/solvate.c:2229:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen("boundary.lis","r"))==NULL) {
data/solvate-1.0/solvate.c:2329:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen("boundary.lis","w"))==NULL) {
data/solvate-1.0/solvate.c:2542:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen("surface_stat.lis","w"))==NULL) {
data/solvate-1.0/solvate.c:2651:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen("surface_stat.lis","a"))==NULL) {
data/solvate-1.0/solvate.c:2669:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen("volume_stat.lis","w"))==NULL) {
data/solvate-1.0/solvate.c:2967:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp=fopen("surface_stat.lis","a"))==NULL) {
data/solvate-1.0/solvate.c:3438:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile1[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:3439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile1[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:3440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xplorfile[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:3441:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psfinfile[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:3442:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psfoutfile[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:3446:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(infile1,".pdb");
data/solvate-1.0/solvate.c:3448:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outfile1,".pdb");
data/solvate-1.0/solvate.c:3450:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(psfinfile,".psf");
data/solvate-1.0/solvate.c:3452:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(psfoutfile,".psf");
data/solvate-1.0/solvate.c:3492:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_out=fopen(outfile1,"w"))==NULL) {
data/solvate-1.0/solvate.c:3501:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_in=fopen(infile1,"r"))==NULL) {
data/solvate-1.0/solvate.c:3606:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp_xplor=fopen(xplorfile,"w"))==NULL) {
data/solvate-1.0/solvate.c:4243:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infile[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:4244:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[MAX_STRING_SIZE+1];
data/solvate-1.0/solvate.c:306:3: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(fp);
data/solvate-1.0/solvate.c:307:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for ( ; fgetc(fp)!='\n' ; ) ;
data/solvate-1.0/solvate.c:318:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(f);
data/solvate-1.0/solvate.c:356:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i,slen=(int)strlen(str);
data/solvate-1.0/solvate.c:390:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr,4);
data/solvate-1.0/solvate.c:400:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr+PDB_P_ATOMNR,PDB_L_ATOMNR);
data/solvate-1.0/solvate.c:407:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr+PDB_P_ATOMSTR,PDB_L_ATOMSTR);
data/solvate-1.0/solvate.c:413:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr+PDB_P_RESIDSTR,PDB_L_RESIDSTR);
data/solvate-1.0/solvate.c:419:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr+PDB_P_RESIDNR,PDB_L_RESIDNR);
data/solvate-1.0/solvate.c:426:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr+PDB_P_XKO,PDB_L_XKO);
data/solvate-1.0/solvate.c:432:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr+PDB_P_YKO,PDB_L_YKO);
data/solvate-1.0/solvate.c:438:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr+PDB_P_ZKO,PDB_L_ZKO);
data/solvate-1.0/solvate.c:444:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr+PDB_P_BETA,PDB_L_BETA);
data/solvate-1.0/solvate.c:449:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr+PDB_P_HARMON,PDB_L_HARMON);
data/solvate-1.0/solvate.c:455:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(linestr)<PDB_P_SEGIDSTR) {
data/solvate-1.0/solvate.c:458:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr+PDB_P_SEGIDSTR,PDB_L_SEGIDSTR);
data/solvate-1.0/solvate.c:495:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,linestr,4);
data/solvate-1.0/solvate.c:626:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,lstr+PSF_P_ATOMNR,PSF_L_ATOMNR);
data/solvate-1.0/solvate.c:633:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,lstr+PSF_P_SEGIDSTR,PSF_L_SEGIDSTR);
data/solvate-1.0/solvate.c:639:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,lstr+PSF_P_RESIDNR,PSF_L_RESIDNR);
data/solvate-1.0/solvate.c:646:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,lstr+PSF_P_RESIDSTR,PSF_L_RESIDSTR);
data/solvate-1.0/solvate.c:652:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,lstr+PSF_P_ATOMSTR,PSF_L_ATOMSTR);
data/solvate-1.0/solvate.c:658:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,lstr+PSF_P_ATOMTYPSTR,PSF_L_ATOMTYPSTR);
data/solvate-1.0/solvate.c:664:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,lstr+PSF_P_CHARGE,PSF_L_CHARGE);
data/solvate-1.0/solvate.c:670:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpstr,lstr+PSF_P_MASS,PSF_L_MASS);
data/solvate-1.0/solvate.c:4267:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(infile," ");
data/solvate-1.0/solvate.c:4268:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(outfile," ");
data/solvate-1.0/solvate.c:4379:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(infile," ");
ANALYSIS SUMMARY:
Hits = 130
Lines analyzed = 4461 in approximately 0.49 seconds (9178 lines/second)
Physical Source Lines of Code (SLOC) = 3891
Hits@level = [0] 389 [1] 28 [2] 81 [3] 0 [4] 21 [5] 0
Hits@level+ = [0+] 519 [1+] 130 [2+] 102 [3+] 21 [4+] 21 [5+] 0
Hits/KSLOC@level+ = [0+] 133.385 [1+] 33.4104 [2+] 26.2143 [3+] 5.39707 [4+] 5.39707 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.