Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/akregator-20.08.2/configuration/akregator_config_appearance.cpp
Examining data/akregator-20.08.2/configuration/akregator_config_appearance.h
Examining data/akregator-20.08.2/configuration/akregator_config_plugins.cpp
Examining data/akregator-20.08.2/configuration/akregator_config_userfeedback.h
Examining data/akregator-20.08.2/configuration/settings_advanced.h
Examining data/akregator-20.08.2/configuration/akregatorconfigurepluginlistwidget.cpp
Examining data/akregator-20.08.2/configuration/akregator_config_archive.h
Examining data/akregator-20.08.2/configuration/akregator_config_general.h
Examining data/akregator-20.08.2/configuration/akregator_config_plugins.h
Examining data/akregator-20.08.2/configuration/akregator_config_browser.cpp
Examining data/akregator-20.08.2/configuration/akregatorconfigurepluginlistwidget.h
Examining data/akregator-20.08.2/configuration/settings_advanced.cpp
Examining data/akregator-20.08.2/configuration/akregator_config_advanced.cpp
Examining data/akregator-20.08.2/configuration/akregator_config_archive.cpp
Examining data/akregator-20.08.2/configuration/akregator_config_general.cpp
Examining data/akregator-20.08.2/configuration/akregator_config_browser.h
Examining data/akregator-20.08.2/configuration/akregator_config_userfeedback.cpp
Examining data/akregator-20.08.2/configuration/akregator_config_advanced.h
Examining data/akregator-20.08.2/interfaces/storagefactoryregistry.h
Examining data/akregator-20.08.2/interfaces/userfeedback/userfeedbackmanager.h
Examining data/akregator-20.08.2/interfaces/userfeedback/akregatoruserfeedbackprovider.cpp
Examining data/akregator-20.08.2/interfaces/userfeedback/akregatoruserfeedbackprovider.h
Examining data/akregator-20.08.2/interfaces/userfeedback/userfeedbackmanager.cpp
Examining data/akregator-20.08.2/interfaces/plugin.cpp
Examining data/akregator-20.08.2/interfaces/storagefactory.h
Examining data/akregator-20.08.2/interfaces/article.h
Examining data/akregator-20.08.2/interfaces/feedlistmanagementinterface.h
Examining data/akregator-20.08.2/interfaces/types.h
Examining data/akregator-20.08.2/interfaces/feedlistmanagementinterface.cpp
Examining data/akregator-20.08.2/interfaces/command.h
Examining data/akregator-20.08.2/interfaces/storage.h
Examining data/akregator-20.08.2/interfaces/storagefactoryregistry.cpp
Examining data/akregator-20.08.2/interfaces/plugin.h
Examining data/akregator-20.08.2/interfaces/command.cpp
Examining data/akregator-20.08.2/interfaces/feedstorage.h
Examining data/akregator-20.08.2/kontactplugin/akregator_plugin.cpp
Examining data/akregator-20.08.2/kontactplugin/akregator_plugin.h
Examining data/akregator-20.08.2/export/akregatorstorageexporter.cpp
Examining data/akregator-20.08.2/src/treenodevisitor.h
Examining data/akregator-20.08.2/src/abstractselectioncontroller.cpp
Examining data/akregator-20.08.2/src/crashwidget/crashwidget.h
Examining data/akregator-20.08.2/src/crashwidget/crashwidget.cpp
Examining data/akregator-20.08.2/src/akregratormigrateapplication.cpp
Examining data/akregator-20.08.2/src/selectioncontroller.cpp
Examining data/akregator-20.08.2/src/articleviewerwidget.h
Examining data/akregator-20.08.2/src/akregator_options.h
Examining data/akregator-20.08.2/src/widgets/searchbar.h
Examining data/akregator-20.08.2/src/widgets/statussearchline.cpp
Examining data/akregator-20.08.2/src/widgets/akregatorcentralwidget.cpp
Examining data/akregator-20.08.2/src/widgets/akregatorcentralwidget.h
Examining data/akregator-20.08.2/src/widgets/statussearchline.h
Examining data/akregator-20.08.2/src/widgets/searchbar.cpp
Examining data/akregator-20.08.2/src/akregator_part.h
Examining data/akregator-20.08.2/src/tabwidget.cpp
Examining data/akregator-20.08.2/src/mainwindow.h
Examining data/akregator-20.08.2/src/subscription/subscriptionlistview.cpp
Examining data/akregator-20.08.2/src/subscription/subscriptionlistview.h
Examining data/akregator-20.08.2/src/subscription/subscriptionlistmodel.h
Examining data/akregator-20.08.2/src/subscription/subscriptionlistjobs.cpp
Examining data/akregator-20.08.2/src/subscription/subscriptionlistmodel.cpp
Examining data/akregator-20.08.2/src/subscription/subscriptionlistdelegate.cpp
Examining data/akregator-20.08.2/src/subscription/subscriptionlistjobs.h
Examining data/akregator-20.08.2/src/subscription/subscriptionlistdelegate.h
Examining data/akregator-20.08.2/src/pluginmanager.cpp
Examining data/akregator-20.08.2/src/articlelistview.cpp
Examining data/akregator-20.08.2/src/openurlrequest.cpp
Examining data/akregator-20.08.2/src/aboutdata.h
Examining data/akregator-20.08.2/src/articlejobs.h
Examining data/akregator-20.08.2/src/frame/mainframe.h
Examining data/akregator-20.08.2/src/frame/framemanager.h
Examining data/akregator-20.08.2/src/frame/webengine/webengineframe.cpp
Examining data/akregator-20.08.2/src/frame/webengine/akrwebengineviewer.h
Examining data/akregator-20.08.2/src/frame/webengine/akrwebengineviewer.cpp
Examining data/akregator-20.08.2/src/frame/webengine/webengineframe.h
Examining data/akregator-20.08.2/src/frame/framemanager.cpp
Examining data/akregator-20.08.2/src/frame/frame.h
Examining data/akregator-20.08.2/src/frame/frame.cpp
Examining data/akregator-20.08.2/src/frame/mainframe.cpp
Examining data/akregator-20.08.2/src/abstractselectioncontroller.h
Examining data/akregator-20.08.2/src/articleviewerwidget.cpp
Examining data/akregator-20.08.2/src/trayicon.h
Examining data/akregator-20.08.2/src/urlhandler/webengine/urlhandlerwebenginemanager.h
Examining data/akregator-20.08.2/src/urlhandler/webengine/urlhandlerwebengine.cpp
Examining data/akregator-20.08.2/src/urlhandler/webengine/urlhandlerwebenginemanager.cpp
Examining data/akregator-20.08.2/src/urlhandler/webengine/urlhandlerwebengine.h
Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebenginewidgetng.cpp
Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articlehtmlwebenginewriter.cpp
Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebenginewidgetng.h
Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebenginepage.cpp
Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebenginepage.h
Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebengine.cpp
Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebengine.h
Examining data/akregator-20.08.2/src/articleviewer-ng/webengine/articlehtmlwebenginewriter.h
Examining data/akregator-20.08.2/src/mainwidget.cpp
Examining data/akregator-20.08.2/src/dummystorage/storagefactorydummyimpl.h
Examining data/akregator-20.08.2/src/dummystorage/storagedummyimpl.cpp
Examining data/akregator-20.08.2/src/dummystorage/storagefactorydummyimpl.cpp
Examining data/akregator-20.08.2/src/dummystorage/storagedummyimpl.h
Examining data/akregator-20.08.2/src/dummystorage/feedstoragedummyimpl.cpp
Examining data/akregator-20.08.2/src/dummystorage/feedstoragedummyimpl.h
Examining data/akregator-20.08.2/src/utils.h
Examining data/akregator-20.08.2/src/articlemodel.cpp
Examining data/akregator-20.08.2/src/mainwidget.h
Examining data/akregator-20.08.2/src/mainwindow.cpp
Examining data/akregator-20.08.2/src/folder.cpp
Examining data/akregator-20.08.2/src/kernel.cpp
Examining data/akregator-20.08.2/src/unityservicemanager.cpp
Examining data/akregator-20.08.2/src/selectioncontroller.h
Examining data/akregator-20.08.2/src/job/downloadarticlejob.cpp
Examining data/akregator-20.08.2/src/job/downloadfeediconjob.h
Examining data/akregator-20.08.2/src/job/autotests/downloadfeediconjobtest.cpp
Examining data/akregator-20.08.2/src/job/autotests/downloadfeediconjobtest.h
Examining data/akregator-20.08.2/src/job/downloadarticlejob.h
Examining data/akregator-20.08.2/src/job/downloadfeediconjob.cpp
Examining data/akregator-20.08.2/src/progressmanager.h
Examining data/akregator-20.08.2/src/feed/feed.cpp
Examining data/akregator-20.08.2/src/feed/feedretriever.cpp
Examining data/akregator-20.08.2/src/feed/feedlist.h
Examining data/akregator-20.08.2/src/feed/feedpropertiesdialog.cpp
Examining data/akregator-20.08.2/src/feed/feedlist.cpp
Examining data/akregator-20.08.2/src/feed/feedretriever.h
Examining data/akregator-20.08.2/src/feed/feed.h
Examining data/akregator-20.08.2/src/feed/feedpropertiesdialog.h
Examining data/akregator-20.08.2/src/utils/temporaryvalue.h
Examining data/akregator-20.08.2/src/utils/filtercolumnsproxymodel.cpp
Examining data/akregator-20.08.2/src/utils/filtercolumnsproxymodel.h
Examining data/akregator-20.08.2/src/articlematcher.h
Examining data/akregator-20.08.2/src/tabwidget.h
Examining data/akregator-20.08.2/src/main.cpp
Examining data/akregator-20.08.2/src/utils.cpp
Examining data/akregator-20.08.2/src/notificationmanager.h
Examining data/akregator-20.08.2/src/addfeeddialog.cpp
Examining data/akregator-20.08.2/src/fetchqueue.cpp
Examining data/akregator-20.08.2/src/notificationmanager.cpp
Examining data/akregator-20.08.2/src/fetchqueue.h
Examining data/akregator-20.08.2/src/folder.h
Examining data/akregator-20.08.2/src/treenode.h
Examining data/akregator-20.08.2/src/actions/actionmanager.cpp
Examining data/akregator-20.08.2/src/actions/actions.cpp
Examining data/akregator-20.08.2/src/actions/actionmanagerimpl.h
Examining data/akregator-20.08.2/src/actions/actionmanager.h
Examining data/akregator-20.08.2/src/actions/actionmanagerimpl.cpp
Examining data/akregator-20.08.2/src/actions/actions.h
Examining data/akregator-20.08.2/src/akregratormigrateapplication.h
Examining data/akregator-20.08.2/src/kernel.h
Examining data/akregator-20.08.2/src/command/loadfeedlistcommand.cpp
Examining data/akregator-20.08.2/src/command/editsubscriptioncommand.cpp
Examining data/akregator-20.08.2/src/command/importfeedlistcommand.h
Examining data/akregator-20.08.2/src/command/importfeedlistcommand.cpp
Examining data/akregator-20.08.2/src/command/deletesubscriptioncommand.h
Examining data/akregator-20.08.2/src/command/createfeedcommand.h
Examining data/akregator-20.08.2/src/command/loadfeedlistcommand.h
Examining data/akregator-20.08.2/src/command/deletesubscriptioncommand.cpp
Examining data/akregator-20.08.2/src/command/createfeedcommand.cpp
Examining data/akregator-20.08.2/src/command/createfoldercommand.cpp
Examining data/akregator-20.08.2/src/command/editsubscriptioncommand.h
Examining data/akregator-20.08.2/src/command/expireitemscommand.h
Examining data/akregator-20.08.2/src/command/expireitemscommand.cpp
Examining data/akregator-20.08.2/src/command/createfoldercommand.h
Examining data/akregator-20.08.2/src/addfeeddialog.h
Examining data/akregator-20.08.2/src/pluginmanager.h
Examining data/akregator-20.08.2/src/formatter/defaultcombinedviewformatter.cpp
Examining data/akregator-20.08.2/src/formatter/grantleeutil.cpp
Examining data/akregator-20.08.2/src/formatter/grantleeviewformatter.cpp
Examining data/akregator-20.08.2/src/formatter/defaultnormalviewformatter.cpp
Examining data/akregator-20.08.2/src/formatter/defaultnormalviewformatter.h
Examining data/akregator-20.08.2/src/formatter/grantleeviewformatter.h
Examining data/akregator-20.08.2/src/formatter/articlegrantleeobject.h
Examining data/akregator-20.08.2/src/formatter/articleformatter.cpp
Examining data/akregator-20.08.2/src/formatter/articleformatter.h
Examining data/akregator-20.08.2/src/formatter/articlegrantleeobject.cpp
Examining data/akregator-20.08.2/src/formatter/grantleeutil.h
Examining data/akregator-20.08.2/src/formatter/defaultcombinedviewformatter.h
Examining data/akregator-20.08.2/src/unityservicemanager.h
Examining data/akregator-20.08.2/src/articlemodel.h
Examining data/akregator-20.08.2/src/trayicon.cpp
Examining data/akregator-20.08.2/src/articlelistview.h
Examining data/akregator-20.08.2/src/articlejobs.cpp
Examining data/akregator-20.08.2/src/shared.h
Examining data/akregator-20.08.2/src/treenode.cpp
Examining data/akregator-20.08.2/src/treenodevisitor.cpp
Examining data/akregator-20.08.2/src/article.cpp
Examining data/akregator-20.08.2/src/aboutdata.cpp
Examining data/akregator-20.08.2/src/progressmanager.cpp
Examining data/akregator-20.08.2/src/articlematcher.cpp
Examining data/akregator-20.08.2/src/openurlrequest.h
Examining data/akregator-20.08.2/src/akregator_part.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/mk4plugin.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/storagefactorymk4impl.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/include/mk4io.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/include/mk4str.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/include/mk4dll.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/include/mk4.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/std.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/handler.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/borc.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/format.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/mfc.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/view.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/remap.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/custom.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/handler.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/field.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/derived.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/store.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/header.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/field.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/custom.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/persist.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/derived.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/doxy.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/univ.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/store.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/gnuc.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/mwcw.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/format.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/remap.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/table.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/std.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/msvc.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/win.h
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/persist.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/metakit/src/univ.h
Examining data/akregator-20.08.2/plugins/mk4storage/storagefactorymk4impl.h
Examining data/akregator-20.08.2/plugins/mk4storage/mk4plugin.h
Examining data/akregator-20.08.2/plugins/mk4storage/storagemk4impl.cpp
Examining data/akregator-20.08.2/plugins/mk4storage/feedstoragemk4impl.h
Examining data/akregator-20.08.2/plugins/mk4storage/storagemk4impl.h
Examining data/akregator-20.08.2/plugins/mk4storage/feedstoragemk4impl.cpp
FINAL RESULTS:
data/akregator-20.08.2/plugins/mk4storage/metakit/src/header.h:204:30: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error Exactly one operating system should have been defined
data/akregator-20.08.2/plugins/mk4storage/metakit/src/univ.cpp:33:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(s, p);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/view.cpp:153:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(sPropModsFile, fmt_, arg_);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:156:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy((char *)Buffer().SetBuffer(strlen(str_) + 1), str_);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/view.cpp:64:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&gCritSect);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/view.cpp:74:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&gCritSect);
data/akregator-20.08.2/export/akregatorstorageexporter.cpp:380:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out.open(stdout, QIODevice::WriteOnly)) {
data/akregator-20.08.2/interfaces/storage.h:58:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(bool autoCommit = false) = 0;
data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp:27:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, from, n_);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp:333:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, p, n); // some copying can be avoided, overwritten below...
data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp:553:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, _segments.GetAt(i), n);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp:794:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, iter.BufLoad(), iter.BufLen());
data/akregator-20.08.2/plugins/mk4storage/metakit/src/column.cpp:813:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iter.BufSave(), p, iter.BufLen());
data/akregator-20.08.2/plugins/mk4storage/metakit/src/derived.cpp:644:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scratch, ar, size * sizeof(T));
data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:85:56: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static FILE *(*my_fopen)(const char *, const char *) = fopen;
data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:121:62: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
my_fopen = (FILE * (*)(const char *, const char *))F(fopen);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:152:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen my_fopen
data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:352:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, fname_, -1, wName, MAX_PATH);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:359:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_cleanup = _file = fopen(fname_, mode_ > 0 ? "r+b" : "rb");
data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:375:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, fname_, -1, wName, MAX_PATH);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:381:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_cleanup = _file = fopen(fname_, "w+b");
data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempBuf[4096];
data/akregator-20.08.2/plugins/mk4storage/metakit/src/fileio.cpp:434:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
buf_ = memcpy(tempBuf, buf_, len_);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/format.cpp:741:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iter.BufSave(), buf_.Contents() + spos, iter.BufLen());
data/akregator-20.08.2/plugins/mk4storage/metakit/src/format.cpp:932:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
d4_assert(((const char *)ptr)[length_ - 1] == 0);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/handler.cpp:24:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char zeros[8];
data/akregator-20.08.2/plugins/mk4storage/metakit/src/header.h:132:31: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define d4_memmove(d, s, n) bcopy(s, d, n)
data/akregator-20.08.2/plugins/mk4storage/metakit/src/persist.cpp:628:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_curr, buf_, len_);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/persist.cpp:1185:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_oldBuf, _oldCurr, k);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/persist.cpp:1248:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/akregator-20.08.2/plugins/mk4storage/metakit/src/store.cpp:579:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_, _buffer + _position, length_);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/store.cpp:601:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_buffer + _position, buffer_, n);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp:177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result._value + 2, a.Data(), aCnt);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result._value + 2 + aCnt, b.Data(), sum - aCnt);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp:214:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_value + 2, p, n);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/table.cpp:106:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, _buffer, sizeof _buffer);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/table.cpp:107:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_buffer, bytes_._buffer, sizeof _buffer);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/table.cpp:108:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes_._buffer, t, sizeof _buffer);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/table.cpp:151:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
_contents = (t4_byte *)memcpy(_copy ? d4_new t4_byte[_size] : _buffer,
data/akregator-20.08.2/plugins/mk4storage/metakit/src/univ.cpp:51:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(name_, mode_);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:632:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, orig.Contents(), off_);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:633:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + off_, buf_.Contents(), n);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:634:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + off_ + n, orig.Contents() + off_, orig.Size() - off_);
data/akregator-20.08.2/plugins/mk4storage/storagemk4impl.cpp:134:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool Akregator::Backend::StorageMK4Impl::open(bool autoCommit)
data/akregator-20.08.2/plugins/mk4storage/storagemk4impl.h:63:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(bool autoCommit = false) override;
data/akregator-20.08.2/src/akregator_part.cpp:217:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_storage->open(true);
data/akregator-20.08.2/src/akregator_part.cpp:443:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly)) {
data/akregator-20.08.2/src/akregator_part.cpp:542:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tempFile.open()) {
data/akregator-20.08.2/src/akregator_part.cpp:556:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/akregator-20.08.2/src/articleviewer-ng/webengine/articleviewerwebenginewidgetng.cpp:174:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dialog->open();
data/akregator-20.08.2/src/command/loadfeedlistcommand.cpp:158:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/akregator-20.08.2/src/dummystorage/storagedummyimpl.cpp:75:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool StorageDummyImpl::open(bool /*autoCommit*/)
data/akregator-20.08.2/src/dummystorage/storagedummyimpl.h:50:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(bool autoCommit = false) override;
data/akregator-20.08.2/src/folder.cpp:289:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Folder::setOpen(bool open)
data/akregator-20.08.2/src/folder.cpp:291:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_open = open;
data/akregator-20.08.2/src/folder.h:142:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void setOpen(bool open);
data/akregator-20.08.2/src/job/downloadarticlejob.cpp:58:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mTemporaryFile->open();
data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp:141:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Init(p, p != nullptr ? strlen(p) : 0);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/string.cpp:223:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return n < 255 ? n : n + strlen((const char *)_value + 2 + 255);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/univ.cpp:32:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = (char *)malloc(strlen(p) + 1);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:156:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strcpy((char *)Buffer().SetBuffer(strlen(str_) + 1), str_);
data/akregator-20.08.2/plugins/mk4storage/metakit/src/viewx.cpp:656:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SetData(c4_Bytes(value_, strlen(value_) + 1));
ANALYSIS SUMMARY:
Hits = 62
Lines analyzed = 43786 in approximately 1.38 seconds (31713 lines/second)
Physical Source Lines of Code (SLOC) = 29160
Hits@level = [0] 14 [1] 5 [2] 51 [3] 2 [4] 4 [5] 0
Hits@level+ = [0+] 76 [1+] 62 [2+] 57 [3+] 6 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 2.60631 [1+] 2.1262 [2+] 1.95473 [3+] 0.205761 [4+] 0.137174 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.