Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dataquay-0.9.1/dataquay/BasicStore.h
Examining data/dataquay-0.9.1/dataquay/Connection.h
Examining data/dataquay-0.9.1/dataquay/Node.h
Examining data/dataquay-0.9.1/dataquay/PropertyObject.h
Examining data/dataquay-0.9.1/dataquay/RDFException.h
Examining data/dataquay-0.9.1/dataquay/Store.h
Examining data/dataquay-0.9.1/dataquay/Transaction.h
Examining data/dataquay-0.9.1/dataquay/TransactionalStore.h
Examining data/dataquay-0.9.1/dataquay/Triple.h
Examining data/dataquay-0.9.1/dataquay/Uri.h
Examining data/dataquay-0.9.1/dataquay/objectmapper/ContainerBuilder.h
Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectBuilder.h
Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectLoader.h
Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectMapper.h
Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectMapperDefs.h
Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectMapperExceptions.h
Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectMapperForwarder.h
Examining data/dataquay-0.9.1/dataquay/objectmapper/ObjectStorer.h
Examining data/dataquay-0.9.1/dataquay/objectmapper/TypeMapping.h
Examining data/dataquay-0.9.1/examples/ConnectionLoader.cpp
Examining data/dataquay-0.9.1/examples/TransactionalCommand.cpp
Examining data/dataquay-0.9.1/examples/TransactionalCommand.h
Examining data/dataquay-0.9.1/examples/VariantEncoderExample.cpp
Examining data/dataquay-0.9.1/src/Connection.cpp
Examining data/dataquay-0.9.1/src/Debug.h
Examining data/dataquay-0.9.1/src/Node.cpp
Examining data/dataquay-0.9.1/src/PropertyObject.cpp
Examining data/dataquay-0.9.1/src/RDFException.cpp
Examining data/dataquay-0.9.1/src/Store.cpp
Examining data/dataquay-0.9.1/src/Transaction.cpp
Examining data/dataquay-0.9.1/src/TransactionalStore.cpp
Examining data/dataquay-0.9.1/src/Triple.cpp
Examining data/dataquay-0.9.1/src/Uri.cpp
Examining data/dataquay-0.9.1/src/acsymbols.c
Examining data/dataquay-0.9.1/src/backend/BasicStoreRedland.cpp
Examining data/dataquay-0.9.1/src/backend/BasicStoreSord.cpp
Examining data/dataquay-0.9.1/src/backend/define-check.cpp
Examining data/dataquay-0.9.1/src/objectmapper/ContainerBuilder.cpp
Examining data/dataquay-0.9.1/src/objectmapper/ObjectBuilder.cpp
Examining data/dataquay-0.9.1/src/objectmapper/ObjectLoader.cpp
Examining data/dataquay-0.9.1/src/objectmapper/ObjectMapper.cpp
Examining data/dataquay-0.9.1/src/objectmapper/ObjectMapperForwarder.cpp
Examining data/dataquay-0.9.1/src/objectmapper/ObjectStorer.cpp
Examining data/dataquay-0.9.1/src/objectmapper/TypeMapping.cpp
Examining data/dataquay-0.9.1/tests/TestBasicStore.h
Examining data/dataquay-0.9.1/tests/TestDatatypes.cpp
Examining data/dataquay-0.9.1/tests/TestDatatypes.h
Examining data/dataquay-0.9.1/tests/TestImportOptions.h
Examining data/dataquay-0.9.1/tests/TestObjectMapper.h
Examining data/dataquay-0.9.1/tests/TestObjects.h
Examining data/dataquay-0.9.1/tests/TestQtWidgets.cpp
Examining data/dataquay-0.9.1/tests/TestTransactionalStore.h
Examining data/dataquay-0.9.1/tests/main.cpp
FINAL RESULTS:
data/dataquay-0.9.1/src/backend/BasicStoreRedland.cpp:76:33: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(QString("%1").arg(random() + time(0)).toLocal8Bit(),
data/dataquay-0.9.1/src/backend/BasicStoreRedland.cpp:95:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(0));
data/dataquay-0.9.1/src/backend/BasicStoreSord.cpp:95:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(0));
data/dataquay-0.9.1/src/backend/BasicStoreRedland.cpp:373:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::WriteOnly)) {
data/dataquay-0.9.1/src/backend/BasicStoreSord.cpp:373:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::WriteOnly)) {
data/dataquay-0.9.1/src/backend/BasicStoreSord.cpp:382:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tf.open(QFile::WriteOnly)) {
data/dataquay-0.9.1/tests/TestBasicStore.h:541:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::WriteOnly | QFile::Truncate));
data/dataquay-0.9.1/tests/TestBasicStore.h:636:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::WriteOnly | QFile::Truncate));
data/dataquay-0.9.1/tests/TestBasicStore.h:647:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::WriteOnly | QFile::Truncate));
ANALYSIS SUMMARY:
Hits = 9
Lines analyzed = 15423 in approximately 0.45 seconds (33934 lines/second)
Physical Source Lines of Code (SLOC) = 8821
Hits@level = [0] 0 [1] 0 [2] 6 [3] 3 [4] 0 [5] 0
Hits@level+ = [0+] 9 [1+] 9 [2+] 9 [3+] 3 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.02029 [1+] 1.02029 [2+] 1.02029 [3+] 0.340097 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.