Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/dianara-1.4.2/src/fontpicker.h Examining data/dianara-1.4.2/src/mischelpers.h Examining data/dianara-1.4.2/src/userposts.h Examining data/dianara-1.4.2/src/colorpicker.cpp Examining data/dianara-1.4.2/src/downloadwidget.h Examining data/dianara-1.4.2/src/profileeditor.h Examining data/dianara-1.4.2/src/post.h Examining data/dianara-1.4.2/src/globalobject.cpp Examining data/dianara-1.4.2/src/logviewer.cpp Examining data/dianara-1.4.2/src/asobject.cpp Examining data/dianara-1.4.2/src/logviewer.h Examining data/dianara-1.4.2/src/configdialog.cpp Examining data/dianara-1.4.2/src/emailchanger.cpp Examining data/dianara-1.4.2/src/notifications.h Examining data/dianara-1.4.2/src/hclabel.h Examining data/dianara-1.4.2/src/draftsmanager.cpp Examining data/dianara-1.4.2/src/filtereditor.h Examining data/dianara-1.4.2/src/pumpcontroller.h Examining data/dianara-1.4.2/src/contactlist.h Examining data/dianara-1.4.2/src/helpwidget.cpp Examining data/dianara-1.4.2/src/userposts.cpp Examining data/dianara-1.4.2/src/audienceselector.cpp Examining data/dianara-1.4.2/src/avatarbutton.h Examining data/dianara-1.4.2/src/configdialog.h Examining data/dianara-1.4.2/src/contactcard.h Examining data/dianara-1.4.2/src/minorfeed.cpp Examining data/dianara-1.4.2/src/ivgraphicsview.h Examining data/dianara-1.4.2/src/ivgraphicsview.cpp Examining data/dianara-1.4.2/src/fontpicker.cpp Examining data/dianara-1.4.2/src/helpwidget.h Examining data/dianara-1.4.2/src/proxydialog.h Examining data/dianara-1.4.2/src/timestamp.h Examining data/dianara-1.4.2/src/asactivity.h Examining data/dianara-1.4.2/src/filtermatcheswidget.cpp Examining data/dianara-1.4.2/src/notifications.cpp Examining data/dianara-1.4.2/src/asobject.h Examining data/dianara-1.4.2/src/composer.cpp Examining data/dianara-1.4.2/src/audienceselector.h Examining data/dianara-1.4.2/src/filtereditor.cpp Examining data/dianara-1.4.2/src/proxydialog.cpp Examining data/dianara-1.4.2/src/datafile.h Examining data/dianara-1.4.2/src/commenterblock.h Examining data/dianara-1.4.2/src/imageviewer.cpp Examining data/dianara-1.4.2/src/comment.cpp Examining data/dianara-1.4.2/src/pageselector.cpp Examining data/dianara-1.4.2/src/mischelpers.cpp Examining data/dianara-1.4.2/src/mainwindow.cpp Examining data/dianara-1.4.2/src/timeline.cpp Examining data/dianara-1.4.2/src/siteuserslist.h Examining data/dianara-1.4.2/src/commenterblock.cpp Examining data/dianara-1.4.2/src/bannernotification.h Examining data/dianara-1.4.2/src/comment.h Examining data/dianara-1.4.2/src/colorpicker.h Examining data/dianara-1.4.2/src/firstrunwizard.cpp Examining data/dianara-1.4.2/src/groupsmanager.cpp Examining data/dianara-1.4.2/src/asactivity.cpp Examining data/dianara-1.4.2/src/minorfeeditem.h Examining data/dianara-1.4.2/src/accountdialog.cpp Examining data/dianara-1.4.2/src/filtermatcheswidget.h Examining data/dianara-1.4.2/src/draftsmanager.h Examining data/dianara-1.4.2/src/minorfeed.h Examining data/dianara-1.4.2/src/firstrunwizard.h Examining data/dianara-1.4.2/src/globalobject.h Examining data/dianara-1.4.2/src/filterchecker.cpp Examining data/dianara-1.4.2/src/siteuserslist.cpp Examining data/dianara-1.4.2/src/minorfeeditem.cpp Examining data/dianara-1.4.2/src/mainwindow.h Examining data/dianara-1.4.2/src/groupsmanager.h Examining data/dianara-1.4.2/src/asperson.cpp Examining data/dianara-1.4.2/src/bannernotification.cpp Examining data/dianara-1.4.2/src/accountdialog.h Examining data/dianara-1.4.2/src/publisher.h Examining data/dianara-1.4.2/src/peoplewidget.h Examining data/dianara-1.4.2/src/composer.h Examining data/dianara-1.4.2/src/timestamp.cpp Examining data/dianara-1.4.2/src/listsmanager.cpp Examining data/dianara-1.4.2/src/pageselector.h Examining data/dianara-1.4.2/src/contactcard.cpp Examining data/dianara-1.4.2/src/contactmanager.cpp Examining data/dianara-1.4.2/src/contactlist.cpp Examining data/dianara-1.4.2/src/datafile.cpp Examining data/dianara-1.4.2/src/timeline.h Examining data/dianara-1.4.2/src/contactmanager.h Examining data/dianara-1.4.2/src/peoplewidget.cpp Examining data/dianara-1.4.2/src/publisher.cpp Examining data/dianara-1.4.2/src/pumpcontroller.cpp Examining data/dianara-1.4.2/src/filterchecker.h Examining data/dianara-1.4.2/src/hclabel.cpp Examining data/dianara-1.4.2/src/avatarbutton.cpp Examining data/dianara-1.4.2/src/asperson.h Examining data/dianara-1.4.2/src/listsmanager.h Examining data/dianara-1.4.2/src/main.cpp Examining data/dianara-1.4.2/src/emailchanger.h Examining data/dianara-1.4.2/src/post.cpp Examining data/dianara-1.4.2/src/imageviewer.h Examining data/dianara-1.4.2/src/profileeditor.cpp Examining data/dianara-1.4.2/src/downloadwidget.cpp Examining data/dianara-1.4.2/src/dbusinterface.cpp Examining data/dianara-1.4.2/src/dbusinterface.h FINAL RESULTS: data/dianara-1.4.2/src/contactlist.cpp:283:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system() data/dianara-1.4.2/src/contactmanager.cpp:210:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system() data/dianara-1.4.2/src/contactmanager.cpp:215:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system() data/dianara-1.4.2/src/downloadwidget.cpp:306:40: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system().toString(total / 1024))); data/dianara-1.4.2/src/downloadwidget.cpp:309:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system().toString(received / 1024)); data/dianara-1.4.2/src/main.cpp:243:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. languageString = QLocale::system().name(); data/dianara-1.4.2/src/mainwindow.cpp:2646:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system() data/dianara-1.4.2/src/mischelpers.cpp:329:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return QString("%1 %2").arg(QLocale::system().toString(fileSize, 'f', 2)) data/dianara-1.4.2/src/mischelpers.cpp:339:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return QString("%1 x %2").arg(QLocale::system().toString(width)) data/dianara-1.4.2/src/mischelpers.cpp:340:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system().toString(height)); data/dianara-1.4.2/src/pageselector.cpp:179:41: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system().toString(totalPageCount))); data/dianara-1.4.2/src/publisher.cpp:1671:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system() data/dianara-1.4.2/src/publisher.cpp:1673:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system() data/dianara-1.4.2/src/publisher.cpp:1687:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. m_charCounterLabel->setText(QLocale::system().toString(charCount)); data/dianara-1.4.2/src/pumpcontroller.cpp:1794:65: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system() data/dianara-1.4.2/src/pumpcontroller.cpp:1799:65: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system() data/dianara-1.4.2/src/pumpcontroller.cpp:2349:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. + QLocale::system() data/dianara-1.4.2/src/siteuserslist.cpp:156:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. .arg(QLocale::system().toString(totalUsers)) data/dianara-1.4.2/src/timeline.cpp:606:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const QString currentPageString = QLocale::system().toString(currentPage); data/dianara-1.4.2/src/timeline.cpp:607:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const QString totalPagesString = QLocale::system().toString(totalPages); data/dianara-1.4.2/src/timeline.cpp:608:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. const QString totalPostsString = QLocale::system() data/dianara-1.4.2/src/userposts.cpp:157:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QString postCount = QLocale::system().toString(m_timeline->getTotalPosts()); data/dianara-1.4.2/src/contactmanager.cpp:255:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (exportFile.open(QIODevice::WriteOnly)) data/dianara-1.4.2/src/datafile.cpp:30:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!m_dataFile->open(QIODevice::WriteOnly)) data/dianara-1.4.2/src/datafile.cpp:59:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_dataFile->open(QIODevice::ReadOnly); data/dianara-1.4.2/src/datafile.cpp:93:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_dataFile->open(QIODevice::WriteOnly); data/dianara-1.4.2/src/downloadwidget.cpp:167:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_downloadedFile.open(QIODevice::WriteOnly); data/dianara-1.4.2/src/mainwindow.cpp:1700:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dataFile.open(QIODevice::ReadOnly); data/dianara-1.4.2/src/mainwindow.cpp:1733:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dataFile.open(QIODevice::WriteOnly); data/dianara-1.4.2/src/mainwindow.cpp:2993:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). avatarFile.open(QFile::WriteOnly); data/dianara-1.4.2/src/mainwindow.cpp:3023:35: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool fileOpenedOk = imageFile.open(QFile::WriteOnly); data/dianara-1.4.2/src/post.cpp:1200:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mimeBuffer.open(QIODevice::WriteOnly); data/dianara-1.4.2/src/pumpcontroller.cpp:1203:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); ANALYSIS SUMMARY: Hits = 33 Lines analyzed = 35921 in approximately 1.83 seconds (19586 lines/second) Physical Source Lines of Code (SLOC) = 23679 Hits@level = [0] 0 [1] 0 [2] 11 [3] 0 [4] 22 [5] 0 Hits@level+ = [0+] 33 [1+] 33 [2+] 33 [3+] 22 [4+] 22 [5+] 0 Hits/KSLOC@level+ = [0+] 1.39364 [1+] 1.39364 [2+] 1.39364 [3+] 0.929093 [4+] 0.929093 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.