Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dtkcore-5.2.2.5/examples/expintf-example/main.cpp
Examining data/dtkcore-5.2.2.5/src/base/dobject.cpp
Examining data/dtkcore-5.2.2.5/src/base/dobject.h
Examining data/dtkcore-5.2.2.5/src/base/dsingleton.h
Examining data/dtkcore-5.2.2.5/src/base/private/dobject_p.h
Examining data/dtkcore-5.2.2.5/src/ddesktopentry.cpp
Examining data/dtkcore-5.2.2.5/src/ddesktopentry.h
Examining data/dtkcore-5.2.2.5/src/dsecurestring.cpp
Examining data/dtkcore-5.2.2.5/src/dsecurestring.h
Examining data/dtkcore-5.2.2.5/src/dsysinfo.cpp
Examining data/dtkcore-5.2.2.5/src/dsysinfo.h
Examining data/dtkcore-5.2.2.5/src/dtkcore_global.h
Examining data/dtkcore-5.2.2.5/src/filesystem/dbasefilewatcher.cpp
Examining data/dtkcore-5.2.2.5/src/filesystem/dbasefilewatcher.h
Examining data/dtkcore-5.2.2.5/src/filesystem/dfilesystemwatcher.h
Examining data/dtkcore-5.2.2.5/src/filesystem/dfilesystemwatcher_dummy.cpp
Examining data/dtkcore-5.2.2.5/src/filesystem/dfilesystemwatcher_linux.cpp
Examining data/dtkcore-5.2.2.5/src/filesystem/dfilesystemwatcher_win.cpp
Examining data/dtkcore-5.2.2.5/src/filesystem/dfilewatcher.cpp
Examining data/dtkcore-5.2.2.5/src/filesystem/dfilewatcher.h
Examining data/dtkcore-5.2.2.5/src/filesystem/dfilewatchermanager.cpp
Examining data/dtkcore-5.2.2.5/src/filesystem/dfilewatchermanager.h
Examining data/dtkcore-5.2.2.5/src/filesystem/dpathbuf.cpp
Examining data/dtkcore-5.2.2.5/src/filesystem/dpathbuf.h
Examining data/dtkcore-5.2.2.5/src/filesystem/dstandardpaths.cpp
Examining data/dtkcore-5.2.2.5/src/filesystem/dstandardpaths.h
Examining data/dtkcore-5.2.2.5/src/filesystem/dtrashmanager.h
Examining data/dtkcore-5.2.2.5/src/filesystem/dtrashmanager_dummy.cpp
Examining data/dtkcore-5.2.2.5/src/filesystem/dtrashmanager_linux.cpp
Examining data/dtkcore-5.2.2.5/src/filesystem/private/dbasefilewatcher_p.h
Examining data/dtkcore-5.2.2.5/src/filesystem/private/dfilesystemwatcher_dummy_p.h
Examining data/dtkcore-5.2.2.5/src/filesystem/private/dfilesystemwatcher_linux_p.h
Examining data/dtkcore-5.2.2.5/src/filesystem/private/dfilesystemwatcher_win_p.h
Examining data/dtkcore-5.2.2.5/src/log/AbstractAppender.cpp
Examining data/dtkcore-5.2.2.5/src/log/AbstractAppender.h
Examining data/dtkcore-5.2.2.5/src/log/AbstractStringAppender.cpp
Examining data/dtkcore-5.2.2.5/src/log/AbstractStringAppender.h
Examining data/dtkcore-5.2.2.5/src/log/ConsoleAppender.cpp
Examining data/dtkcore-5.2.2.5/src/log/ConsoleAppender.h
Examining data/dtkcore-5.2.2.5/src/log/CuteLogger_global.h
Examining data/dtkcore-5.2.2.5/src/log/FileAppender.cpp
Examining data/dtkcore-5.2.2.5/src/log/FileAppender.h
Examining data/dtkcore-5.2.2.5/src/log/LogManager.cpp
Examining data/dtkcore-5.2.2.5/src/log/LogManager.h
Examining data/dtkcore-5.2.2.5/src/log/Logger.cpp
Examining data/dtkcore-5.2.2.5/src/log/Logger.h
Examining data/dtkcore-5.2.2.5/src/log/OutputDebugAppender.cpp
Examining data/dtkcore-5.2.2.5/src/log/OutputDebugAppender.h
Examining data/dtkcore-5.2.2.5/src/log/RollingFileAppender.cpp
Examining data/dtkcore-5.2.2.5/src/log/RollingFileAppender.h
Examining data/dtkcore-5.2.2.5/src/settings/backend/gsettingsbackend.cpp
Examining data/dtkcore-5.2.2.5/src/settings/backend/gsettingsbackend.h
Examining data/dtkcore-5.2.2.5/src/settings/backend/qsettingbackend.cpp
Examining data/dtkcore-5.2.2.5/src/settings/backend/qsettingbackend.h
Examining data/dtkcore-5.2.2.5/src/settings/dsettings.cpp
Examining data/dtkcore-5.2.2.5/src/settings/dsettings.h
Examining data/dtkcore-5.2.2.5/src/settings/dsettingsbackend.h
Examining data/dtkcore-5.2.2.5/src/settings/dsettingsgroup.cpp
Examining data/dtkcore-5.2.2.5/src/settings/dsettingsgroup.h
Examining data/dtkcore-5.2.2.5/src/settings/dsettingsoption.cpp
Examining data/dtkcore-5.2.2.5/src/settings/dsettingsoption.h
Examining data/dtkcore-5.2.2.5/src/util/dabstractunitformatter.cpp
Examining data/dtkcore-5.2.2.5/src/util/dabstractunitformatter.h
Examining data/dtkcore-5.2.2.5/src/util/ddbussender.cpp
Examining data/dtkcore-5.2.2.5/src/util/ddbussender.h
Examining data/dtkcore-5.2.2.5/src/util/ddisksizeformatter.cpp
Examining data/dtkcore-5.2.2.5/src/util/ddisksizeformatter.h
Examining data/dtkcore-5.2.2.5/src/util/dexportedinterface.cpp
Examining data/dtkcore-5.2.2.5/src/util/dexportedinterface.h
Examining data/dtkcore-5.2.2.5/src/util/dfileservices.h
Examining data/dtkcore-5.2.2.5/src/util/dfileservices_dummy.cpp
Examining data/dtkcore-5.2.2.5/src/util/dfileservices_linux.cpp
Examining data/dtkcore-5.2.2.5/src/util/dnotifysender.cpp
Examining data/dtkcore-5.2.2.5/src/util/dnotifysender.h
Examining data/dtkcore-5.2.2.5/src/util/dpinyin.cpp
Examining data/dtkcore-5.2.2.5/src/util/dpinyin.h
Examining data/dtkcore-5.2.2.5/src/util/drecentmanager.cpp
Examining data/dtkcore-5.2.2.5/src/util/drecentmanager.h
Examining data/dtkcore-5.2.2.5/src/util/dthreadutils.cpp
Examining data/dtkcore-5.2.2.5/src/util/dthreadutils.h
Examining data/dtkcore-5.2.2.5/src/util/dtimeunitformatter.cpp
Examining data/dtkcore-5.2.2.5/src/util/dtimeunitformatter.h
Examining data/dtkcore-5.2.2.5/src/util/dutil.h
Examining data/dtkcore-5.2.2.5/src/util/dvtablehook.cpp
Examining data/dtkcore-5.2.2.5/src/util/dvtablehook.h
Examining data/dtkcore-5.2.2.5/tests/ddesktopentry/tst_ddesktopentrytest.cpp
Examining data/dtkcore-5.2.2.5/tests/dthreadutils/tst_dthreadutils.cpp
Examining data/dtkcore-5.2.2.5/tests/dutils/dutiltester.cpp
Examining data/dtkcore-5.2.2.5/tests/dutils/dutiltester.h
Examining data/dtkcore-5.2.2.5/tests/dutils/main.cpp
Examining data/dtkcore-5.2.2.5/tests/dutils/singletontester.cpp
Examining data/dtkcore-5.2.2.5/tests/dutils/singletontester.h
Examining data/dtkcore-5.2.2.5/tests/dvtablehook/tst_dvtablehook.cpp
Examining data/dtkcore-5.2.2.5/tools/deepin-os-release/main.cpp
Examining data/dtkcore-5.2.2.5/tools/settings/main.cpp
FINAL RESULTS:
data/dtkcore-5.2.2.5/src/ddesktopentry.cpp:771:65: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
possibleKeys << QString("%1[%2]").arg(key, QLocale::system().name());
data/dtkcore-5.2.2.5/src/dsysinfo.h:106:75: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
static QString deepinTypeDisplayName(const QLocale &locale = QLocale::system());
data/dtkcore-5.2.2.5/src/dsysinfo.h:115:72: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
static QString uosProductTypeName(const QLocale &locale = QLocale::system());
data/dtkcore-5.2.2.5/src/dsysinfo.h:116:67: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
static QString uosSystemName(const QLocale &locale = QLocale::system());
data/dtkcore-5.2.2.5/src/dsysinfo.h:117:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
static QString uosEditionName(const QLocale &locale = QLocale::system());
data/dtkcore-5.2.2.5/src/dsysinfo.h:130:102: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
static QString distributionOrgName(OrgType type = Distribution, const QLocale &locale = QLocale::system());
data/dtkcore-5.2.2.5/src/log/Logger.cpp:1009:23: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
m_block = QString().vsprintf(msg, va);
data/dtkcore-5.2.2.5/src/log/Logger.cpp:1044:73: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
m_l->write(m_level, m_file, m_line, m_function, m_category, QString().vsprintf(msg, va));
data/dtkcore-5.2.2.5/src/log/Logger.h:148:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)))
data/dtkcore-5.2.2.5/src/log/Logger.h:186:31: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)))
data/dtkcore-5.2.2.5/tests/ddesktopentry/tst_ddesktopentrytest.cpp:94:61: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
~RestoreLocale() { QLocale::setDefault(QLocale::system()); }
data/dtkcore-5.2.2.5/src/ddesktopentry.cpp:36:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char charTraits[256] = {
data/dtkcore-5.2.2.5/src/ddesktopentry.cpp:303:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return file.open(QFile::ReadWrite);
data/dtkcore-5.2.2.5/src/ddesktopentry.cpp:315:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return file.open();
data/dtkcore-5.2.2.5/src/ddesktopentry.cpp:325:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fileInfo.exists() && !file.open(QFile::ReadOnly)) {
data/dtkcore-5.2.2.5/src/ddesktopentry.cpp:540:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!sf.open(QIODevice::WriteOnly)) {
data/dtkcore-5.2.2.5/src/dsysinfo.cpp:107:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly)) {
data/dtkcore-5.2.2.5/src/dsysinfo.cpp:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/dtkcore-5.2.2.5/src/dsysinfo.cpp:241:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/dtkcore-5.2.2.5/src/dsysinfo.cpp:246:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/dtkcore-5.2.2.5/src/dsysinfo.cpp:382:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly)) {
data/dtkcore-5.2.2.5/src/dsysinfo.cpp:464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/dtkcore-5.2.2.5/src/filesystem/dtrashmanager_linux.cpp:75:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!metadata.open(QIODevice::WriteOnly)) {
data/dtkcore-5.2.2.5/src/log/FileAppender.cpp:77:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
isOpen = m_logFile.open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text);
data/dtkcore-5.2.2.5/src/log/Logger.cpp:406:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(QIODevice::WriteOnly);
data/dtkcore-5.2.2.5/src/settings/dsettings.cpp:315:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
jsonFile.open(QIODevice::ReadOnly);
data/dtkcore-5.2.2.5/src/util/dpinyin.cpp:40:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly))
data/dtkcore-5.2.2.5/src/util/drecentmanager.cpp:68:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadWrite | QIODevice::Text);
data/dtkcore-5.2.2.5/src/util/drecentmanager.cpp:180:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly)) {
data/dtkcore-5.2.2.5/src/util/drecentmanager.cpp:212:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/dtkcore-5.2.2.5/src/util/drecentmanager.cpp:237:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly)) {
data/dtkcore-5.2.2.5/src/util/dvtablehook.cpp:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_vtable, *obj, (vtable_size - 1) * sizeof(quintptr));
data/dtkcore-5.2.2.5/src/util/dvtablehook.cpp:301:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(adr, data, length);
data/dtkcore-5.2.2.5/tests/ddesktopentry/tst_ddesktopentrytest.cpp:73:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/dtkcore-5.2.2.5/tools/settings/main.cpp:128:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
jsonFile.open(QIODevice::ReadOnly);
data/dtkcore-5.2.2.5/tools/settings/main.cpp:180:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly)) {
data/dtkcore-5.2.2.5/tools/settings/main.cpp:282:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outputFile.open(QIODevice::WriteOnly)) {
data/dtkcore-5.2.2.5/src/filesystem/dfilesystemwatcher_linux.cpp:148:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffSize = read(inotifyFd, buffer.data(), buffSize);
data/dtkcore-5.2.2.5/src/log/AbstractStringAppender.cpp:202:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (info.indexOf(operator_call) == pos - (int)strlen(operator_call))
data/dtkcore-5.2.2.5/src/log/AbstractStringAppender.cpp:228:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (info.indexOf(operator_call) == pos - (int)strlen(operator_call) + 1)
data/dtkcore-5.2.2.5/src/log/AbstractStringAppender.cpp:232:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (info.indexOf(operator_lessThan) == pos - (int)strlen(operator_lessThan) + 1)
data/dtkcore-5.2.2.5/src/log/AbstractStringAppender.cpp:236:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (info.indexOf(operator_greaterThan) == pos - (int)strlen(operator_greaterThan) + 1)
data/dtkcore-5.2.2.5/src/log/AbstractStringAppender.cpp:240:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int operatorLength = (int)strlen(operator_lessThanEqual);
ANALYSIS SUMMARY:
Hits = 43
Lines analyzed = 14303 in approximately 3.20 seconds (4473 lines/second)
Physical Source Lines of Code (SLOC) = 7608
Hits@level = [0] 34 [1] 6 [2] 26 [3] 0 [4] 11 [5] 0
Hits@level+ = [0+] 77 [1+] 43 [2+] 37 [3+] 11 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 10.1209 [1+] 5.65195 [2+] 4.8633 [3+] 1.44585 [4+] 1.44585 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.