Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dianara-1.4.2/src/fontpicker.h
Examining data/dianara-1.4.2/src/mischelpers.h
Examining data/dianara-1.4.2/src/userposts.h
Examining data/dianara-1.4.2/src/colorpicker.cpp
Examining data/dianara-1.4.2/src/downloadwidget.h
Examining data/dianara-1.4.2/src/profileeditor.h
Examining data/dianara-1.4.2/src/post.h
Examining data/dianara-1.4.2/src/globalobject.cpp
Examining data/dianara-1.4.2/src/logviewer.cpp
Examining data/dianara-1.4.2/src/asobject.cpp
Examining data/dianara-1.4.2/src/logviewer.h
Examining data/dianara-1.4.2/src/configdialog.cpp
Examining data/dianara-1.4.2/src/emailchanger.cpp
Examining data/dianara-1.4.2/src/notifications.h
Examining data/dianara-1.4.2/src/hclabel.h
Examining data/dianara-1.4.2/src/draftsmanager.cpp
Examining data/dianara-1.4.2/src/filtereditor.h
Examining data/dianara-1.4.2/src/pumpcontroller.h
Examining data/dianara-1.4.2/src/contactlist.h
Examining data/dianara-1.4.2/src/helpwidget.cpp
Examining data/dianara-1.4.2/src/userposts.cpp
Examining data/dianara-1.4.2/src/audienceselector.cpp
Examining data/dianara-1.4.2/src/avatarbutton.h
Examining data/dianara-1.4.2/src/configdialog.h
Examining data/dianara-1.4.2/src/contactcard.h
Examining data/dianara-1.4.2/src/minorfeed.cpp
Examining data/dianara-1.4.2/src/ivgraphicsview.h
Examining data/dianara-1.4.2/src/ivgraphicsview.cpp
Examining data/dianara-1.4.2/src/fontpicker.cpp
Examining data/dianara-1.4.2/src/helpwidget.h
Examining data/dianara-1.4.2/src/proxydialog.h
Examining data/dianara-1.4.2/src/timestamp.h
Examining data/dianara-1.4.2/src/asactivity.h
Examining data/dianara-1.4.2/src/filtermatcheswidget.cpp
Examining data/dianara-1.4.2/src/notifications.cpp
Examining data/dianara-1.4.2/src/asobject.h
Examining data/dianara-1.4.2/src/composer.cpp
Examining data/dianara-1.4.2/src/audienceselector.h
Examining data/dianara-1.4.2/src/filtereditor.cpp
Examining data/dianara-1.4.2/src/proxydialog.cpp
Examining data/dianara-1.4.2/src/datafile.h
Examining data/dianara-1.4.2/src/commenterblock.h
Examining data/dianara-1.4.2/src/imageviewer.cpp
Examining data/dianara-1.4.2/src/comment.cpp
Examining data/dianara-1.4.2/src/pageselector.cpp
Examining data/dianara-1.4.2/src/mischelpers.cpp
Examining data/dianara-1.4.2/src/mainwindow.cpp
Examining data/dianara-1.4.2/src/timeline.cpp
Examining data/dianara-1.4.2/src/siteuserslist.h
Examining data/dianara-1.4.2/src/commenterblock.cpp
Examining data/dianara-1.4.2/src/bannernotification.h
Examining data/dianara-1.4.2/src/comment.h
Examining data/dianara-1.4.2/src/colorpicker.h
Examining data/dianara-1.4.2/src/firstrunwizard.cpp
Examining data/dianara-1.4.2/src/groupsmanager.cpp
Examining data/dianara-1.4.2/src/asactivity.cpp
Examining data/dianara-1.4.2/src/minorfeeditem.h
Examining data/dianara-1.4.2/src/accountdialog.cpp
Examining data/dianara-1.4.2/src/filtermatcheswidget.h
Examining data/dianara-1.4.2/src/draftsmanager.h
Examining data/dianara-1.4.2/src/minorfeed.h
Examining data/dianara-1.4.2/src/firstrunwizard.h
Examining data/dianara-1.4.2/src/globalobject.h
Examining data/dianara-1.4.2/src/filterchecker.cpp
Examining data/dianara-1.4.2/src/siteuserslist.cpp
Examining data/dianara-1.4.2/src/minorfeeditem.cpp
Examining data/dianara-1.4.2/src/mainwindow.h
Examining data/dianara-1.4.2/src/groupsmanager.h
Examining data/dianara-1.4.2/src/asperson.cpp
Examining data/dianara-1.4.2/src/bannernotification.cpp
Examining data/dianara-1.4.2/src/accountdialog.h
Examining data/dianara-1.4.2/src/publisher.h
Examining data/dianara-1.4.2/src/peoplewidget.h
Examining data/dianara-1.4.2/src/composer.h
Examining data/dianara-1.4.2/src/timestamp.cpp
Examining data/dianara-1.4.2/src/listsmanager.cpp
Examining data/dianara-1.4.2/src/pageselector.h
Examining data/dianara-1.4.2/src/contactcard.cpp
Examining data/dianara-1.4.2/src/contactmanager.cpp
Examining data/dianara-1.4.2/src/contactlist.cpp
Examining data/dianara-1.4.2/src/datafile.cpp
Examining data/dianara-1.4.2/src/timeline.h
Examining data/dianara-1.4.2/src/contactmanager.h
Examining data/dianara-1.4.2/src/peoplewidget.cpp
Examining data/dianara-1.4.2/src/publisher.cpp
Examining data/dianara-1.4.2/src/pumpcontroller.cpp
Examining data/dianara-1.4.2/src/filterchecker.h
Examining data/dianara-1.4.2/src/hclabel.cpp
Examining data/dianara-1.4.2/src/avatarbutton.cpp
Examining data/dianara-1.4.2/src/asperson.h
Examining data/dianara-1.4.2/src/listsmanager.h
Examining data/dianara-1.4.2/src/main.cpp
Examining data/dianara-1.4.2/src/emailchanger.h
Examining data/dianara-1.4.2/src/post.cpp
Examining data/dianara-1.4.2/src/imageviewer.h
Examining data/dianara-1.4.2/src/profileeditor.cpp
Examining data/dianara-1.4.2/src/downloadwidget.cpp
Examining data/dianara-1.4.2/src/dbusinterface.cpp
Examining data/dianara-1.4.2/src/dbusinterface.h
FINAL RESULTS:
data/dianara-1.4.2/src/contactlist.cpp:283:52: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system()
data/dianara-1.4.2/src/contactmanager.cpp:210:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system()
data/dianara-1.4.2/src/contactmanager.cpp:215:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system()
data/dianara-1.4.2/src/downloadwidget.cpp:306:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system().toString(total / 1024)));
data/dianara-1.4.2/src/downloadwidget.cpp:309:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system().toString(received / 1024));
data/dianara-1.4.2/src/main.cpp:243:35: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
languageString = QLocale::system().name();
data/dianara-1.4.2/src/mainwindow.cpp:2646:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system()
data/dianara-1.4.2/src/mischelpers.cpp:329:42: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QString("%1 %2").arg(QLocale::system().toString(fileSize, 'f', 2))
data/dianara-1.4.2/src/mischelpers.cpp:339:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QString("%1 x %2").arg(QLocale::system().toString(width))
data/dianara-1.4.2/src/mischelpers.cpp:340:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system().toString(height));
data/dianara-1.4.2/src/pageselector.cpp:179:41: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system().toString(totalPageCount)));
data/dianara-1.4.2/src/publisher.cpp:1671:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system()
data/dianara-1.4.2/src/publisher.cpp:1673:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system()
data/dianara-1.4.2/src/publisher.cpp:1687:42: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_charCounterLabel->setText(QLocale::system().toString(charCount));
data/dianara-1.4.2/src/pumpcontroller.cpp:1794:65: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system()
data/dianara-1.4.2/src/pumpcontroller.cpp:1799:65: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system()
data/dianara-1.4.2/src/pumpcontroller.cpp:2349:52: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
+ QLocale::system()
data/dianara-1.4.2/src/siteuserslist.cpp:156:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
.arg(QLocale::system().toString(totalUsers))
data/dianara-1.4.2/src/timeline.cpp:606:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const QString currentPageString = QLocale::system().toString(currentPage);
data/dianara-1.4.2/src/timeline.cpp:607:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const QString totalPagesString = QLocale::system().toString(totalPages);
data/dianara-1.4.2/src/timeline.cpp:608:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const QString totalPostsString = QLocale::system()
data/dianara-1.4.2/src/userposts.cpp:157:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString postCount = QLocale::system().toString(m_timeline->getTotalPosts());
data/dianara-1.4.2/src/contactmanager.cpp:255:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (exportFile.open(QIODevice::WriteOnly))
data/dianara-1.4.2/src/datafile.cpp:30:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_dataFile->open(QIODevice::WriteOnly))
data/dianara-1.4.2/src/datafile.cpp:59:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_dataFile->open(QIODevice::ReadOnly);
data/dianara-1.4.2/src/datafile.cpp:93:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_dataFile->open(QIODevice::WriteOnly);
data/dianara-1.4.2/src/downloadwidget.cpp:167:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_downloadedFile.open(QIODevice::WriteOnly);
data/dianara-1.4.2/src/mainwindow.cpp:1700:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dataFile.open(QIODevice::ReadOnly);
data/dianara-1.4.2/src/mainwindow.cpp:1733:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dataFile.open(QIODevice::WriteOnly);
data/dianara-1.4.2/src/mainwindow.cpp:2993:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
avatarFile.open(QFile::WriteOnly);
data/dianara-1.4.2/src/mainwindow.cpp:3023:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool fileOpenedOk = imageFile.open(QFile::WriteOnly);
data/dianara-1.4.2/src/post.cpp:1200:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mimeBuffer.open(QIODevice::WriteOnly);
data/dianara-1.4.2/src/pumpcontroller.cpp:1203:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
ANALYSIS SUMMARY:
Hits = 33
Lines analyzed = 35921 in approximately 1.83 seconds (19586 lines/second)
Physical Source Lines of Code (SLOC) = 23679
Hits@level = [0] 0 [1] 0 [2] 11 [3] 0 [4] 22 [5] 0
Hits@level+ = [0+] 33 [1+] 33 [2+] 33 [3+] 22 [4+] 22 [5+] 0
Hits/KSLOC@level+ = [0+] 1.39364 [1+] 1.39364 [2+] 1.39364 [3+] 0.929093 [4+] 0.929093 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.