Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dataquay-0.9.1/dataquay/BasicStore.h Examining data/dataquay-0.9.1/dataquay/Connection.h Examining data/dataquay-0.9.1/dataquay/Node.h Examining data/dataquay-0.9.1/dataquay/PropertyObject.h Examining data/dataquay-0.9.1/dataquay/RDFException.h Examining data/dataquay-0.9.1/dataquay/Store.h Examining data/dataquay-0.9.1/dataquay/Transaction.h Examining data/dataquay-0.9.1/dataquay/TransactionalStore.h Examining data/dataquay-0.9.1/dataquay/Triple.h Examining data/dataquay-0.9.1/dataquay/Uri.h Examining data/dataquay-0.9.1/dataquay/objectmapper/ContainerBuilder.h Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectBuilder.h Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectLoader.h Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectMapper.h Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectMapperDefs.h Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectMapperExceptions.h Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectMapperForwarder.h Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectStorer.h Examining data/dataquay-0.9.1/dataquay/objectmapper/TypeMapping.h Examining data/dataquay-0.9.1/examples/ConnectionLoader.cpp Examining data/dataquay-0.9.1/examples/TransactionalCommand.cpp Examining data/dataquay-0.9.1/examples/TransactionalCommand.h Examining data/dataquay-0.9.1/examples/VariantEncoderExample.cpp Examining data/dataquay-0.9.1/src/Connection.cpp Examining data/dataquay-0.9.1/src/Debug.h Examining data/dataquay-0.9.1/src/Node.cpp Examining data/dataquay-0.9.1/src/PropertyObject.cpp Examining data/dataquay-0.9.1/src/RDFException.cpp Examining data/dataquay-0.9.1/src/Store.cpp Examining data/dataquay-0.9.1/src/Transaction.cpp Examining data/dataquay-0.9.1/src/TransactionalStore.cpp Examining data/dataquay-0.9.1/src/Triple.cpp Examining data/dataquay-0.9.1/src/Uri.cpp Examining data/dataquay-0.9.1/src/acsymbols.c Examining data/dataquay-0.9.1/src/backend/BasicStoreRedland.cpp Examining data/dataquay-0.9.1/src/backend/BasicStoreSord.cpp Examining data/dataquay-0.9.1/src/backend/define-check.cpp Examining data/dataquay-0.9.1/src/objectmapper/ContainerBuilder.cpp Examining data/dataquay-0.9.1/src/objectmapper/ObjectBuilder.cpp Examining data/dataquay-0.9.1/src/objectmapper/ObjectLoader.cpp Examining data/dataquay-0.9.1/src/objectmapper/ObjectMapper.cpp Examining data/dataquay-0.9.1/src/objectmapper/ObjectMapperForwarder.cpp Examining data/dataquay-0.9.1/src/objectmapper/ObjectStorer.cpp Examining data/dataquay-0.9.1/src/objectmapper/TypeMapping.cpp Examining data/dataquay-0.9.1/tests/TestBasicStore.h Examining data/dataquay-0.9.1/tests/TestDatatypes.cpp Examining data/dataquay-0.9.1/tests/TestDatatypes.h Examining data/dataquay-0.9.1/tests/TestImportOptions.h Examining data/dataquay-0.9.1/tests/TestObjectMapper.h Examining data/dataquay-0.9.1/tests/TestObjects.h Examining data/dataquay-0.9.1/tests/TestQtWidgets.cpp Examining data/dataquay-0.9.1/tests/TestTransactionalStore.h Examining data/dataquay-0.9.1/tests/main.cpp FINAL RESULTS: data/dataquay-0.9.1/src/backend/BasicStoreRedland.cpp:76:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (QString("%1").arg(random() + time(0)).toLocal8Bit(), data/dataquay-0.9.1/src/backend/BasicStoreRedland.cpp:95:9: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(0)); data/dataquay-0.9.1/src/backend/BasicStoreSord.cpp:95:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(0)); data/dataquay-0.9.1/src/backend/BasicStoreRedland.cpp:373:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::WriteOnly)) { data/dataquay-0.9.1/src/backend/BasicStoreSord.cpp:373:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::WriteOnly)) { data/dataquay-0.9.1/src/backend/BasicStoreSord.cpp:382:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tf.open(QFile::WriteOnly)) { data/dataquay-0.9.1/tests/TestBasicStore.h:541:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::WriteOnly | QFile::Truncate)); data/dataquay-0.9.1/tests/TestBasicStore.h:636:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::WriteOnly | QFile::Truncate)); data/dataquay-0.9.1/tests/TestBasicStore.h:647:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::WriteOnly | QFile::Truncate)); ANALYSIS SUMMARY: Hits = 9 Lines analyzed = 15423 in approximately 0.45 seconds (33934 lines/second) Physical Source Lines of Code (SLOC) = 8821 Hits@level = [0] 0 [1] 0 [2] 6 [3] 3 [4] 0 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 9 [3+] 3 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.02029 [1+] 1.02029 [2+] 1.02029 [3+] 0.340097 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.