Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bluedevil-5.19.5/src/kded/receivefilejob.cpp
Examining data/bluedevil-5.19.5/src/kded/bluedevildaemon.cpp
Examining data/bluedevil-5.19.5/src/kded/debug_p.h
Examining data/bluedevil-5.19.5/src/kded/debug_p.cpp
Examining data/bluedevil-5.19.5/src/kded/bluedevildaemon.h
Examining data/bluedevil-5.19.5/src/kded/obexftp.cpp
Examining data/bluedevil-5.19.5/src/kded/obexagent.cpp
Examining data/bluedevil-5.19.5/src/kded/receivefilejob.h
Examining data/bluedevil-5.19.5/src/kded/devicemonitor.cpp
Examining data/bluedevil-5.19.5/src/kded/helpers/requestconfirmation.h
Examining data/bluedevil-5.19.5/src/kded/helpers/requestpin.cpp
Examining data/bluedevil-5.19.5/src/kded/helpers/requestauthorization.cpp
Examining data/bluedevil-5.19.5/src/kded/helpers/requestpin.h
Examining data/bluedevil-5.19.5/src/kded/helpers/requestauthorization.h
Examining data/bluedevil-5.19.5/src/kded/helpers/requestconfirmation.cpp
Examining data/bluedevil-5.19.5/src/kded/obexagent.h
Examining data/bluedevil-5.19.5/src/kded/bluezagent.cpp
Examining data/bluedevil-5.19.5/src/kded/devicemonitor.h
Examining data/bluedevil-5.19.5/src/kded/bluezagent.h
Examining data/bluedevil-5.19.5/src/kded/obexftp.h
Examining data/bluedevil-5.19.5/src/kio/bluetooth/kiobluetooth.cpp
Examining data/bluedevil-5.19.5/src/kio/bluetooth/kiobluetooth.h
Examining data/bluedevil-5.19.5/src/kio/obexftp/debug_p.h
Examining data/bluedevil-5.19.5/src/kio/obexftp/kioobexftp.cpp
Examining data/bluedevil-5.19.5/src/kio/obexftp/debug_p.cpp
Examining data/bluedevil-5.19.5/src/kio/obexftp/transferfilejob.h
Examining data/bluedevil-5.19.5/src/kio/obexftp/transferfilejob.cpp
Examining data/bluedevil-5.19.5/src/kio/obexftp/kioobexftp.h
Examining data/bluedevil-5.19.5/src/interfaces/kded_bluedevil_types.h
Examining data/bluedevil-5.19.5/src/sendfile/debug_p.h
Examining data/bluedevil-5.19.5/src/sendfile/discoverwidget.cpp
Examining data/bluedevil-5.19.5/src/sendfile/debug_p.cpp
Examining data/bluedevil-5.19.5/src/sendfile/sendfilewizard.cpp
Examining data/bluedevil-5.19.5/src/sendfile/main.cpp
Examining data/bluedevil-5.19.5/src/sendfile/sendfilewizard.h
Examining data/bluedevil-5.19.5/src/sendfile/sendfilesjob.h
Examining data/bluedevil-5.19.5/src/sendfile/pages/selectdevicepage.h
Examining data/bluedevil-5.19.5/src/sendfile/pages/selectdeviceandfilespage.cpp
Examining data/bluedevil-5.19.5/src/sendfile/pages/selectfilespage.h
Examining data/bluedevil-5.19.5/src/sendfile/pages/connectingpage.h
Examining data/bluedevil-5.19.5/src/sendfile/pages/selectdeviceandfilespage.h
Examining data/bluedevil-5.19.5/src/sendfile/pages/failpage.h
Examining data/bluedevil-5.19.5/src/sendfile/pages/selectfilespage.cpp
Examining data/bluedevil-5.19.5/src/sendfile/pages/failpage.cpp
Examining data/bluedevil-5.19.5/src/sendfile/pages/selectdevicepage.cpp
Examining data/bluedevil-5.19.5/src/sendfile/pages/connectingpage.cpp
Examining data/bluedevil-5.19.5/src/sendfile/discoverwidget.h
Examining data/bluedevil-5.19.5/src/sendfile/sendfilesjob.cpp
Examining data/bluedevil-5.19.5/src/wizard/wizardagent.h
Examining data/bluedevil-5.19.5/src/wizard/debug_p.h
Examining data/bluedevil-5.19.5/src/wizard/debug_p.cpp
Examining data/bluedevil-5.19.5/src/wizard/wizardagent.cpp
Examining data/bluedevil-5.19.5/src/wizard/main.cpp
Examining data/bluedevil-5.19.5/src/wizard/pages/fail.h
Examining data/bluedevil-5.19.5/src/wizard/pages/connect.cpp
Examining data/bluedevil-5.19.5/src/wizard/pages/discover.cpp
Examining data/bluedevil-5.19.5/src/wizard/pages/success.cpp
Examining data/bluedevil-5.19.5/src/wizard/pages/discover.h
Examining data/bluedevil-5.19.5/src/wizard/pages/success.h
Examining data/bluedevil-5.19.5/src/wizard/pages/fail.cpp
Examining data/bluedevil-5.19.5/src/wizard/pages/pairing.cpp
Examining data/bluedevil-5.19.5/src/wizard/pages/pairing.h
Examining data/bluedevil-5.19.5/src/wizard/pages/connect.h
Examining data/bluedevil-5.19.5/src/wizard/bluewizard.cpp
Examining data/bluedevil-5.19.5/src/wizard/bluewizard.h
Examining data/bluedevil-5.19.5/src/kcmodule/adapters/adapters.h
Examining data/bluedevil-5.19.5/src/kcmodule/adapters/adapters.cpp
Examining data/bluedevil-5.19.5/src/kcmodule/devices/devices.h
Examining data/bluedevil-5.19.5/src/kcmodule/devices/devicedetails.cpp
Examining data/bluedevil-5.19.5/src/kcmodule/devices/devices.cpp
Examining data/bluedevil-5.19.5/src/kcmodule/devices/devicedetails.h
Examining data/bluedevil-5.19.5/src/kcmodule/common/systemcheck.cpp
Examining data/bluedevil-5.19.5/src/kcmodule/common/systemcheck.h
Examining data/bluedevil-5.19.5/src/kcmodule/global/global.cpp
Examining data/bluedevil-5.19.5/src/kcmodule/global/global.h
Examining data/bluedevil-5.19.5/src/applet/plugin/notify.cpp
Examining data/bluedevil-5.19.5/src/applet/plugin/launchapp.h
Examining data/bluedevil-5.19.5/src/applet/plugin/devicesproxymodel.cpp
Examining data/bluedevil-5.19.5/src/applet/plugin/bluetoothplugin.h
Examining data/bluedevil-5.19.5/src/applet/plugin/notify.h
Examining data/bluedevil-5.19.5/src/applet/plugin/devicesproxymodel.h
Examining data/bluedevil-5.19.5/src/applet/plugin/launchapp.cpp
Examining data/bluedevil-5.19.5/src/applet/plugin/bluetoothplugin.cpp
FINAL RESULTS:
data/bluedevil-5.19.5/src/wizard/wizardagent.cpp:59:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
m_pin = QString::number(KRandom::random());
data/bluedevil-5.19.5/src/wizard/wizardagent.cpp:112:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
m_pin = QString::number(KRandom::random()).left(num);
data/bluedevil-5.19.5/src/kio/obexftp/kioobexftp.cpp:203:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/bluedevil-5.19.5/src/wizard/wizardagent.cpp:66:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
ANALYSIS SUMMARY:
Hits = 4
Lines analyzed = 8535 in approximately 0.82 seconds (10453 lines/second)
Physical Source Lines of Code (SLOC) = 5181
Hits@level = [0] 2 [1] 0 [2] 2 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 6 [1+] 4 [2+] 4 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.15808 [1+] 0.772052 [2+] 0.772052 [3+] 0.386026 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.