Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/confclerk-0.6.4/src/orm/ormrecord.h Examining data/confclerk-0.6.4/src/gui/dayviewtabcontainer.h Examining data/confclerk-0.6.4/src/gui/urlinputdialog.cpp Examining data/confclerk-0.6.4/src/gui/conflictdialogcontainer.cpp Examining data/confclerk-0.6.4/src/gui/searchhead.cpp Examining data/confclerk-0.6.4/src/gui/conferenceeditor.cpp Examining data/confclerk-0.6.4/src/gui/favtabcontainer.h Examining data/confclerk-0.6.4/src/gui/favtabcontainer.cpp Examining data/confclerk-0.6.4/src/gui/settingsdialog.cpp Examining data/confclerk-0.6.4/src/gui/searchhead.h Examining data/confclerk-0.6.4/src/gui/trackstabcontainer.cpp Examining data/confclerk-0.6.4/src/gui/daynavigatorwidget.cpp Examining data/confclerk-0.6.4/src/gui/conflictsdialog.cpp Examining data/confclerk-0.6.4/src/gui/trackstabcontainer.h Examining data/confclerk-0.6.4/src/gui/settingsdialog.h Examining data/confclerk-0.6.4/src/gui/conflictdialogcontainer.h Examining data/confclerk-0.6.4/src/gui/conflictsdialog.h Examining data/confclerk-0.6.4/src/gui/tabcontainer.cpp Examining data/confclerk-0.6.4/src/gui/roomstabcontainer.cpp Examining data/confclerk-0.6.4/src/gui/errormessage.cpp Examining data/confclerk-0.6.4/src/gui/tabcontainer.h Examining data/confclerk-0.6.4/src/gui/dayviewtabcontainer.cpp Examining data/confclerk-0.6.4/src/gui/roomstabcontainer.h Examining data/confclerk-0.6.4/src/gui/eventdialog.h Examining data/confclerk-0.6.4/src/gui/urlinputdialog.h Examining data/confclerk-0.6.4/src/gui/mainwindow.h Examining data/confclerk-0.6.4/src/gui/mainwindow.cpp Examining data/confclerk-0.6.4/src/gui/daynavigatorwidget.h Examining data/confclerk-0.6.4/src/gui/searchtabcontainer.h Examining data/confclerk-0.6.4/src/gui/eventdialog.cpp Examining data/confclerk-0.6.4/src/gui/conferenceeditor.h Examining data/confclerk-0.6.4/src/gui/errormessage.h Examining data/confclerk-0.6.4/src/gui/searchtabcontainer.cpp Examining data/confclerk-0.6.4/src/sql/schedulexmlparser.h Examining data/confclerk-0.6.4/src/sql/schedulexmlparser.cpp Examining data/confclerk-0.6.4/src/sql/sqlengine.cpp Examining data/confclerk-0.6.4/src/sql/sqlengine.h Examining data/confclerk-0.6.4/src/app/appsettings.h Examining data/confclerk-0.6.4/src/app/main.cpp Examining data/confclerk-0.6.4/src/app/application.cpp Examining data/confclerk-0.6.4/src/app/application.h Examining data/confclerk-0.6.4/src/app/appsettings.cpp Examining data/confclerk-0.6.4/src/test/main.cpp Examining data/confclerk-0.6.4/src/test/mvc/eventtest.h Examining data/confclerk-0.6.4/src/test/mvc/eventtest.cpp Examining data/confclerk-0.6.4/src/alarm/alarm.cpp Examining data/confclerk-0.6.4/src/alarm/alarm.h Examining data/confclerk-0.6.4/src/mvc/delegate.h Examining data/confclerk-0.6.4/src/mvc/treeview.cpp Examining data/confclerk-0.6.4/src/mvc/event.h Examining data/confclerk-0.6.4/src/mvc/eventmodel.cpp Examining data/confclerk-0.6.4/src/mvc/room.h Examining data/confclerk-0.6.4/src/mvc/treeview.h Examining data/confclerk-0.6.4/src/mvc/eventmodel.h Examining data/confclerk-0.6.4/src/mvc/delegate.cpp Examining data/confclerk-0.6.4/src/mvc/room.cpp Examining data/confclerk-0.6.4/src/mvc/track.h Examining data/confclerk-0.6.4/src/mvc/track.cpp Examining data/confclerk-0.6.4/src/mvc/conference.h Examining data/confclerk-0.6.4/src/mvc/conferencemodel.h Examining data/confclerk-0.6.4/src/mvc/event.cpp Examining data/confclerk-0.6.4/src/mvc/conferencemodel.cpp Examining data/confclerk-0.6.4/src/mvc/conference.cpp FINAL RESULTS: data/confclerk-0.6.4/src/gui/mainwindow.cpp:59:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sqlEngine->open(); data/confclerk-0.6.4/src/gui/mainwindow.cpp:473:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/confclerk-0.6.4/src/sql/sqlengine.cpp:54:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void SqlEngine::open() { data/confclerk-0.6.4/src/sql/sqlengine.cpp:63:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). db.open(); data/confclerk-0.6.4/src/sql/sqlengine.cpp:124:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly | QIODevice::Text); data/confclerk-0.6.4/src/sql/sqlengine.h:41:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(); ///< emits a database error if failed. data/confclerk-0.6.4/src/test/mvc/eventtest.cpp:34:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(db.open()); ANALYSIS SUMMARY: Hits = 7 Lines analyzed = 6083 in approximately 0.27 seconds (22910 lines/second) Physical Source Lines of Code (SLOC) = 3749 Hits@level = [0] 0 [1] 0 [2] 7 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 7 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.86716 [1+] 1.86716 [2+] 1.86716 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.