Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cmst-2019.01.13/apps/cmstapp/code/agent/agent.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/agent/agent.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/agent/agent_dialog.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/agent/agent_dialog.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/control_box/controlbox.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/control_box/controlbox.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/counter/counter.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/counter/counter.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/iconman/iconman.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/iconman/iconman.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/main.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/notify/notify.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/notify/notify.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/peditor/peditor.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/peditor/peditor.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/provisioning/prov_ed.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/provisioning/prov_ed.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/scrollbox/scrollbox.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/scrollbox/scrollbox.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/shared/shared.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/shared/shared.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/trstring/tr_strings.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/trstring/tr_strings.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/vpn_agent/vpnagent.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/vpn_agent/vpnagent.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/vpn_agent/vpnagent_adaptor.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/vpn_agent/vpnagent_adaptor.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/vpn_agent/vpnagent_dialog.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/vpn_agent/vpnagent_dialog.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/vpn_agent/vpnagent_interface.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/vpn_agent/vpnagent_interface.h
Examining data/cmst-2019.01.13/apps/cmstapp/code/vpn_prov_ed/vpn_ed.cpp
Examining data/cmst-2019.01.13/apps/cmstapp/code/vpn_prov_ed/vpn_ed.h
Examining data/cmst-2019.01.13/apps/resource.h
Examining data/cmst-2019.01.13/apps/rootapp/code/main.cpp
Examining data/cmst-2019.01.13/apps/rootapp/code/roothelper/roothelper.cpp
Examining data/cmst-2019.01.13/apps/rootapp/code/roothelper/roothelper.h
FINAL RESULTS:
data/cmst-2019.01.13/apps/cmstapp/code/control_box/controlbox.cpp:128:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::setDefault(QLocale::system() );
data/cmst-2019.01.13/apps/cmstapp/code/main.cpp:158:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qtTranslator.load("qt_" + QLocale::system().name(),
data/cmst-2019.01.13/apps/cmstapp/code/main.cpp:163:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (cmstTranslator.load("cmst_" + QLocale::system().name(), ":/translations/translations" ) ) {
data/cmst-2019.01.13/apps/cmstapp/code/agent/agent.cpp:154:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!logfile.open(QIODevice::WriteOnly | QIODevice::Text)) b_loginputrequest = false;
data/cmst-2019.01.13/apps/cmstapp/code/control_box/controlbox.cpp:166:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f0.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/cmst-2019.01.13/apps/cmstapp/code/control_box/controlbox.cpp:180:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f1.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/cmst-2019.01.13/apps/cmstapp/code/control_box/controlbox.cpp:2040:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f0.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/cmst-2019.01.13/apps/cmstapp/code/control_box/controlbox.cpp:2833:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/cmst-2019.01.13/apps/cmstapp/code/iconman/iconman.cpp:64:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f1.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/cmst-2019.01.13/apps/cmstapp/code/iconman/iconman.cpp:268:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f0.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/cmst-2019.01.13/apps/cmstapp/code/iconman/iconman.cpp:317:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
src.open(QIODevice::ReadOnly);
data/cmst-2019.01.13/apps/cmstapp/code/notify/notify.cpp:179:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tempfileicon->open() ) {
data/cmst-2019.01.13/apps/cmstapp/code/provisioning/prov_ed.cpp:444:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/cmst-2019.01.13/apps/cmstapp/code/vpn_agent/vpnagent.cpp:142:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!logfile.open(QIODevice::WriteOnly | QIODevice::Text)) b_loginputrequest = false;
data/cmst-2019.01.13/apps/cmstapp/code/vpn_prov_ed/vpn_ed.cpp:794:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (sourcefile.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/cmst-2019.01.13/apps/cmstapp/code/vpn_prov_ed/vpn_ed.cpp:818:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (outfile.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/cmst-2019.01.13/apps/cmstapp/code/vpn_prov_ed/vpn_ed.cpp:863:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (outfile.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/cmst-2019.01.13/apps/cmstapp/code/vpn_prov_ed/vpn_ed.cpp:906:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (outfile.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/cmst-2019.01.13/apps/rootapp/code/roothelper/roothelper.cpp:106:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! infile.open(QIODevice::ReadOnly | QIODevice::Text))
data/cmst-2019.01.13/apps/rootapp/code/roothelper/roothelper.cpp:137:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (! outfile.open(QIODevice::WriteOnly | QIODevice::Text))
ANALYSIS SUMMARY:
Hits = 20
Lines analyzed = 9463 in approximately 0.35 seconds (26795 lines/second)
Physical Source Lines of Code (SLOC) = 6032
Hits@level = [0] 6 [1] 0 [2] 17 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 26 [1+] 20 [2+] 20 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 4.31034 [1+] 3.31565 [2+] 3.31565 [3+] 0.497347 [4+] 0.497347 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.