Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/caneda-0.3.1/docs/codingstyle.h Examining data/caneda-0.3.1/docs/documentsformat.h Examining data/caneda-0.3.1/docs/documentviewframework.h Examining data/caneda-0.3.1/docs/doxygenindex.h Examining data/caneda-0.3.1/docs/modelsformat.h Examining data/caneda-0.3.1/src/actionmanager.cpp Examining data/caneda-0.3.1/src/actionmanager.h Examining data/caneda-0.3.1/src/chartitem.cpp Examining data/caneda-0.3.1/src/chartitem.h Examining data/caneda-0.3.1/src/chartscene.cpp Examining data/caneda-0.3.1/src/chartscene.h Examining data/caneda-0.3.1/src/chartview.cpp Examining data/caneda-0.3.1/src/chartview.h Examining data/caneda-0.3.1/src/component.cpp Examining data/caneda-0.3.1/src/component.h Examining data/caneda-0.3.1/src/dialogs/aboutdialog.cpp Examining data/caneda-0.3.1/src/dialogs/aboutdialog.h Examining data/caneda-0.3.1/src/dialogs/chartsdialog.cpp Examining data/caneda-0.3.1/src/dialogs/chartsdialog.h Examining data/caneda-0.3.1/src/dialogs/exportdialog.cpp Examining data/caneda-0.3.1/src/dialogs/exportdialog.h Examining data/caneda-0.3.1/src/dialogs/filenewdialog.cpp Examining data/caneda-0.3.1/src/dialogs/filenewdialog.h Examining data/caneda-0.3.1/src/dialogs/messagewidget.cpp Examining data/caneda-0.3.1/src/dialogs/messagewidget.h Examining data/caneda-0.3.1/src/dialogs/portsymboldialog.cpp Examining data/caneda-0.3.1/src/dialogs/portsymboldialog.h Examining data/caneda-0.3.1/src/dialogs/printdialog.cpp Examining data/caneda-0.3.1/src/dialogs/printdialog.h Examining data/caneda-0.3.1/src/dialogs/projectfilenewdialog.cpp Examining data/caneda-0.3.1/src/dialogs/projectfilenewdialog.h Examining data/caneda-0.3.1/src/dialogs/projectfileopendialog.cpp Examining data/caneda-0.3.1/src/dialogs/projectfileopendialog.h Examining data/caneda-0.3.1/src/dialogs/propertydialog.cpp Examining data/caneda-0.3.1/src/dialogs/propertydialog.h Examining data/caneda-0.3.1/src/dialogs/savedocumentsdialog.cpp Examining data/caneda-0.3.1/src/dialogs/savedocumentsdialog.h Examining data/caneda-0.3.1/src/dialogs/settingsdialog.cpp Examining data/caneda-0.3.1/src/dialogs/settingsdialog.h Examining data/caneda-0.3.1/src/dialogs/shortcutsdialog.cpp Examining data/caneda-0.3.1/src/dialogs/shortcutsdialog.h Examining data/caneda-0.3.1/src/documentviewmanager.cpp Examining data/caneda-0.3.1/src/documentviewmanager.h Examining data/caneda-0.3.1/src/fileformats.cpp Examining data/caneda-0.3.1/src/fileformats.h Examining data/caneda-0.3.1/src/folderbrowser.cpp Examining data/caneda-0.3.1/src/folderbrowser.h Examining data/caneda-0.3.1/src/global.cpp Examining data/caneda-0.3.1/src/global.h Examining data/caneda-0.3.1/src/graphicsitem.cpp Examining data/caneda-0.3.1/src/graphicsitem.h Examining data/caneda-0.3.1/src/graphicsscene.cpp Examining data/caneda-0.3.1/src/graphicsscene.h Examining data/caneda-0.3.1/src/graphicsview.cpp Examining data/caneda-0.3.1/src/graphicsview.h Examining data/caneda-0.3.1/src/icontext.cpp Examining data/caneda-0.3.1/src/icontext.h Examining data/caneda-0.3.1/src/idocument.cpp Examining data/caneda-0.3.1/src/idocument.h Examining data/caneda-0.3.1/src/iview.cpp Examining data/caneda-0.3.1/src/iview.h Examining data/caneda-0.3.1/src/library.cpp Examining data/caneda-0.3.1/src/library.h Examining data/caneda-0.3.1/src/main.cpp Examining data/caneda-0.3.1/src/mainwindow.cpp Examining data/caneda-0.3.1/src/mainwindow.h Examining data/caneda-0.3.1/src/modelviewhelpers.cpp Examining data/caneda-0.3.1/src/modelviewhelpers.h Examining data/caneda-0.3.1/src/paintings/arrow.cpp Examining data/caneda-0.3.1/src/paintings/arrow.h Examining data/caneda-0.3.1/src/paintings/ellipse.cpp Examining data/caneda-0.3.1/src/paintings/ellipse.h Examining data/caneda-0.3.1/src/paintings/ellipsearc.cpp Examining data/caneda-0.3.1/src/paintings/ellipsearc.h Examining data/caneda-0.3.1/src/paintings/graphicline.cpp Examining data/caneda-0.3.1/src/paintings/graphicline.h Examining data/caneda-0.3.1/src/paintings/graphictext.cpp Examining data/caneda-0.3.1/src/paintings/graphictext.h Examining data/caneda-0.3.1/src/paintings/graphictextdialog.cpp Examining data/caneda-0.3.1/src/paintings/graphictextdialog.h Examining data/caneda-0.3.1/src/paintings/layer.cpp Examining data/caneda-0.3.1/src/paintings/layer.h Examining data/caneda-0.3.1/src/paintings/painting.cpp Examining data/caneda-0.3.1/src/paintings/painting.h Examining data/caneda-0.3.1/src/paintings/rectangle.cpp Examining data/caneda-0.3.1/src/paintings/rectangle.h Examining data/caneda-0.3.1/src/paintings/styledialog.cpp Examining data/caneda-0.3.1/src/paintings/styledialog.h Examining data/caneda-0.3.1/src/port.cpp Examining data/caneda-0.3.1/src/port.h Examining data/caneda-0.3.1/src/portsymbol.cpp Examining data/caneda-0.3.1/src/portsymbol.h Examining data/caneda-0.3.1/src/project.cpp Examining data/caneda-0.3.1/src/project.h Examining data/caneda-0.3.1/src/property.cpp Examining data/caneda-0.3.1/src/property.h Examining data/caneda-0.3.1/src/settings.cpp Examining data/caneda-0.3.1/src/settings.h Examining data/caneda-0.3.1/src/sidebarchartsbrowser.cpp Examining data/caneda-0.3.1/src/sidebarchartsbrowser.h Examining data/caneda-0.3.1/src/sidebaritemsbrowser.cpp Examining data/caneda-0.3.1/src/sidebaritemsbrowser.h Examining data/caneda-0.3.1/src/sidebartextbrowser.cpp Examining data/caneda-0.3.1/src/sidebartextbrowser.h Examining data/caneda-0.3.1/src/statehandler.cpp Examining data/caneda-0.3.1/src/statehandler.h Examining data/caneda-0.3.1/src/syntaxhighlighters.cpp Examining data/caneda-0.3.1/src/syntaxhighlighters.h Examining data/caneda-0.3.1/src/tabs.cpp Examining data/caneda-0.3.1/src/tabs.h Examining data/caneda-0.3.1/src/textedit.cpp Examining data/caneda-0.3.1/src/textedit.h Examining data/caneda-0.3.1/src/tools/gitmanager.cpp Examining data/caneda-0.3.1/src/tools/gitmanager.h Examining data/caneda-0.3.1/src/tools/quickinsert.cpp Examining data/caneda-0.3.1/src/tools/quickinsert.h Examining data/caneda-0.3.1/src/tools/quicklauncher.cpp Examining data/caneda-0.3.1/src/tools/quicklauncher.h Examining data/caneda-0.3.1/src/tools/quickopen.cpp Examining data/caneda-0.3.1/src/tools/quickopen.h Examining data/caneda-0.3.1/src/undocommands.cpp Examining data/caneda-0.3.1/src/undocommands.h Examining data/caneda-0.3.1/src/wire.cpp Examining data/caneda-0.3.1/src/wire.h Examining data/caneda-0.3.1/src/xmlutilities.cpp Examining data/caneda-0.3.1/src/xmlutilities.h FINAL RESULTS: data/caneda-0.3.1/src/global.cpp:85:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QString retVal = QLocale::system().name(); data/caneda-0.3.1/src/main.cpp:39:30: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. translator.load(QLocale::system(), "caneda", "_", Caneda::langDirectory(), ".qm"); data/caneda-0.3.1/src/dialogs/aboutdialog.cpp:47:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if(!file->open(QIODevice::ReadOnly | QIODevice::Text)) { data/caneda-0.3.1/src/documentviewmanager.cpp:167:52: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). IDocument *document = context->open(fileName); data/caneda-0.3.1/src/fileformats.cpp:77:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::WriteOnly | QIODevice::Text)) { data/caneda-0.3.1/src/fileformats.cpp:107:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/caneda-0.3.1/src/fileformats.cpp:529:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::WriteOnly | QIODevice::Text)) { data/caneda-0.3.1/src/fileformats.cpp:554:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/caneda-0.3.1/src/fileformats.cpp:1097:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::WriteOnly | QIODevice::Text)) { data/caneda-0.3.1/src/fileformats.cpp:1127:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/caneda-0.3.1/src/fileformats.cpp:1318:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::WriteOnly | QIODevice::Text)) { data/caneda-0.3.1/src/fileformats.cpp:1727:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!file.open(QIODevice::ReadOnly)) { data/caneda-0.3.1/src/global.cpp:110:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Mnemonic[16]; data/caneda-0.3.1/src/icontext.cpp:261:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). IDocument* LayoutContext::open(const QString &fileName, data/caneda-0.3.1/src/icontext.cpp:384:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). IDocument* SchematicContext::open(const QString &fileName, data/caneda-0.3.1/src/icontext.cpp:458:35: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). IDocument* SimulationContext::open(const QString &fileName, data/caneda-0.3.1/src/icontext.cpp:551:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). IDocument* SymbolContext::open(const QString &fileName, data/caneda-0.3.1/src/icontext.cpp:636:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). IDocument* TextContext::open(const QString& fileName, QString *errorMessage) data/caneda-0.3.1/src/icontext.h:71:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual IDocument* open(const QString& filename, QString *errorMessage = 0) = 0; data/caneda-0.3.1/src/icontext.h:116:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual IDocument* open(const QString &fileName, QString *errorMessage = 0); data/caneda-0.3.1/src/icontext.h:161:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual IDocument* open(const QString &fileName, QString *errorMessage = 0); data/caneda-0.3.1/src/icontext.h:206:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual IDocument* open(const QString &fileName, QString *errorMessage = 0); data/caneda-0.3.1/src/icontext.h:250:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual IDocument* open(const QString &fileName, QString *errorMessage = 0); data/caneda-0.3.1/src/icontext.h:294:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual IDocument* open(const QString& filename, QString *errorMessage = 0); data/caneda-0.3.1/src/idocument.cpp:1762:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/caneda-0.3.1/src/idocument.cpp:1804:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) { data/caneda-0.3.1/src/library.cpp:73:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(file.open(QIODevice::ReadOnly)) { data/caneda-0.3.1/src/mainwindow.cpp:154:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(str); data/caneda-0.3.1/src/mainwindow.cpp:217:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void MainWindow::open(QString fileName) data/caneda-0.3.1/src/mainwindow.cpp:249:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(filename); data/caneda-0.3.1/src/mainwindow.cpp:265:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(action->data().toString()); data/caneda-0.3.1/src/mainwindow.cpp:342:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(fileName); // The document was saved ok, now reopen the document to load text highlighting data/caneda-0.3.1/src/mainwindow.cpp:752:73: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). connect(quickBrowser, SIGNAL(itemSelected(QString)), this, SLOT(open(QString))); data/caneda-0.3.1/src/mainwindow.cpp:942:51: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). connect(action, SIGNAL(triggered()), SLOT(open())); data/caneda-0.3.1/src/mainwindow.cpp:1617:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SLOT(open(QString))); data/caneda-0.3.1/src/mainwindow.cpp:1632:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). SLOT(open(QString))); data/caneda-0.3.1/src/mainwindow.h:72:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(QString fileName = QString()); data/caneda-0.3.1/src/project.cpp:251:53: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QScopedPointer<IDocument> document(context->open(sourceFileName, &errorMessage)); data/caneda-0.3.1/src/sidebartextbrowser.cpp:117:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) { ANALYSIS SUMMARY: Hits = 39 Lines analyzed = 31761 in approximately 0.89 seconds (35668 lines/second) Physical Source Lines of Code (SLOC) = 17480 Hits@level = [0] 0 [1] 0 [2] 37 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 39 [1+] 39 [2+] 39 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 2.23112 [1+] 2.23112 [2+] 2.23112 [3+] 0.114416 [4+] 0.114416 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.