Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/akonadi-mime-20.08.2/autotests/benchmarker/testvcard.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildir20percentread.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildirfetchunreadheaders.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildirremovereadmessages.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildirfetchunreadheaders.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildirfetchallheaders.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildir.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildirremovereadmessages.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildirfetchallheaders.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildirimport.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildir20percentread.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildir.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maildir/maildirimport.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/testmaildir.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maketest.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/testvcard.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/testmaildir.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/main.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/maketest.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/test.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/test.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/vcard/vcardimport.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/vcard/vcardimport.cpp Examining data/akonadi-mime-20.08.2/autotests/benchmarker/vcard/vcard.h Examining data/akonadi-mime-20.08.2/autotests/benchmarker/vcard/vcard.cpp Examining data/akonadi-mime-20.08.2/autotests/racetest.h Examining data/akonadi-mime-20.08.2/autotests/localfolderstest.h Examining data/akonadi-mime-20.08.2/autotests/collectionjobtest.h Examining data/akonadi-mime-20.08.2/autotests/racetest.cpp Examining data/akonadi-mime-20.08.2/autotests/mailserializerplugintest.h Examining data/akonadi-mime-20.08.2/autotests/pop3resourceattributetest.h Examining data/akonadi-mime-20.08.2/autotests/newmailnotifierattributetest.h Examining data/akonadi-mime-20.08.2/autotests/newmailnotifierattributetest.cpp Examining data/akonadi-mime-20.08.2/autotests/mailserializertest.h Examining data/akonadi-mime-20.08.2/autotests/localfoldersrequestjobtest.cpp Examining data/akonadi-mime-20.08.2/autotests/messagetests/messagetest.h Examining data/akonadi-mime-20.08.2/autotests/messagetests/messagetest.cpp Examining data/akonadi-mime-20.08.2/autotests/localfoldersrequestjobtest.h Examining data/akonadi-mime-20.08.2/autotests/mailserializertest.cpp Examining data/akonadi-mime-20.08.2/autotests/mailserializerplugintest.cpp Examining data/akonadi-mime-20.08.2/autotests/pop3resourceattributetest.cpp Examining data/akonadi-mime-20.08.2/autotests/localfolderstest.cpp Examining data/akonadi-mime-20.08.2/tests/foldersrequester.cpp Examining data/akonadi-mime-20.08.2/tests/foldersrequester.h Examining data/akonadi-mime-20.08.2/tests/headfetcher.h Examining data/akonadi-mime-20.08.2/tests/headfetcher.cpp Examining data/akonadi-mime-20.08.2/serializers/akonadi_serializer_mail.cpp Examining data/akonadi-mime-20.08.2/serializers/akonadi_serializer_mail.h Examining data/akonadi-mime-20.08.2/src/specialmailcollectionsrequestjob.h Examining data/akonadi-mime-20.08.2/src/specialmailcollectionsrequestjob.cpp Examining data/akonadi-mime-20.08.2/src/movecommand.h Examining data/akonadi-mime-20.08.2/src/commandbase.cpp Examining data/akonadi-mime-20.08.2/src/util_p.h Examining data/akonadi-mime-20.08.2/src/addressattribute.h Examining data/akonadi-mime-20.08.2/src/pop3resourceattribute.h Examining data/akonadi-mime-20.08.2/src/markascommand.cpp Examining data/akonadi-mime-20.08.2/src/emptytrashcommand.h Examining data/akonadi-mime-20.08.2/src/messageflags.h Examining data/akonadi-mime-20.08.2/src/messageparts.cpp Examining data/akonadi-mime-20.08.2/src/newmailnotifierattribute.h Examining data/akonadi-mime-20.08.2/src/addressattribute.cpp Examining data/akonadi-mime-20.08.2/src/specialmailcollections.cpp Examining data/akonadi-mime-20.08.2/src/movetotrashcommand.h Examining data/akonadi-mime-20.08.2/src/removeduplicatesjob.cpp Examining data/akonadi-mime-20.08.2/src/newmailnotifierattribute.cpp Examining data/akonadi-mime-20.08.2/src/attributeregistrar.cpp Examining data/akonadi-mime-20.08.2/src/messagemodel.h Examining data/akonadi-mime-20.08.2/src/messageparts.h Examining data/akonadi-mime-20.08.2/src/messageflags.cpp Examining data/akonadi-mime-20.08.2/src/specialmailcollections.h Examining data/akonadi-mime-20.08.2/src/messagefolderattribute.cpp Examining data/akonadi-mime-20.08.2/src/pop3resourceattribute.cpp Examining data/akonadi-mime-20.08.2/src/metatype.h Examining data/akonadi-mime-20.08.2/src/movetotrashcommand.cpp Examining data/akonadi-mime-20.08.2/src/messagestatus.h Examining data/akonadi-mime-20.08.2/src/movecommand.cpp Examining data/akonadi-mime-20.08.2/src/specialmailcollectionstesting_p.h Examining data/akonadi-mime-20.08.2/src/commandbase.h Examining data/akonadi-mime-20.08.2/src/standardmailactionmanager.h Examining data/akonadi-mime-20.08.2/src/specialmailcollectionsdiscoveryjob.cpp Examining data/akonadi-mime-20.08.2/src/emptytrashcommand.cpp Examining data/akonadi-mime-20.08.2/src/messagestatus.cpp Examining data/akonadi-mime-20.08.2/src/messagefolderattribute.h Examining data/akonadi-mime-20.08.2/src/specialmailcollectionsdiscoveryjob.h Examining data/akonadi-mime-20.08.2/src/standardmailactionmanager.cpp Examining data/akonadi-mime-20.08.2/src/markascommand.h Examining data/akonadi-mime-20.08.2/src/util.cpp Examining data/akonadi-mime-20.08.2/src/specialmailcollectionstesting.cpp Examining data/akonadi-mime-20.08.2/src/removeduplicatesjob.h Examining data/akonadi-mime-20.08.2/src/messagemodel.cpp FINAL RESULTS: data/akonadi-mime-20.08.2/autotests/mailserializertest.cpp:70:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::WriteOnly); data/akonadi-mime-20.08.2/autotests/mailserializertest.cpp:124:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/akonadi-mime-20.08.2/autotests/mailserializertest.cpp:163:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::WriteOnly); data/akonadi-mime-20.08.2/autotests/mailserializertest.cpp:228:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadWrite); data/akonadi-mime-20.08.2/autotests/mailserializertest.cpp:287:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/akonadi-mime-20.08.2/autotests/mailserializertest.cpp:329:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/akonadi-mime-20.08.2/autotests/mailserializertest.cpp:353:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/akonadi-mime-20.08.2/autotests/messagetests/messagetest.cpp:46:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). const bool ok = file.open(QIODevice::ReadOnly); data/akonadi-mime-20.08.2/src/specialmailcollections.cpp:35:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char s_specialCollectionTypes[SpecialMailCollections::LastType][11] = { data/akonadi-mime-20.08.2/src/messagestatus.cpp:283:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void Akonadi::MessageStatus::setRead(bool read) data/akonadi-mime-20.08.2/src/messagestatus.cpp:285:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) { ANALYSIS SUMMARY: Hits = 11 Lines analyzed = 8380 in approximately 0.23 seconds (35869 lines/second) Physical Source Lines of Code (SLOC) = 5797 Hits@level = [0] 0 [1] 2 [2] 9 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 11 [1+] 11 [2+] 9 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.89753 [1+] 1.89753 [2+] 1.55253 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.