Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gcompris-qt-1.0/platforms/ios/config.h
Examining data/gcompris-qt-1.0/platforms/macosx/config.h
Examining data/gcompris-qt-1.0/src/core/ActivityInfo.cpp
Examining data/gcompris-qt-1.0/src/core/ActivityInfo.h
Examining data/gcompris-qt-1.0/src/core/ActivityInfoTree.cpp
Examining data/gcompris-qt-1.0/src/core/ActivityInfoTree.h
Examining data/gcompris-qt-1.0/src/core/ApplicationAndroid.cpp
Examining data/gcompris-qt-1.0/src/core/ApplicationInfo.cpp
Examining data/gcompris-qt-1.0/src/core/ApplicationInfo.h
Examining data/gcompris-qt-1.0/src/core/ApplicationInfoDefault.cpp
Examining data/gcompris-qt-1.0/src/core/ApplicationSettings.cpp
Examining data/gcompris-qt-1.0/src/core/ApplicationSettings.h
Examining data/gcompris-qt-1.0/src/core/Dataset.cpp
Examining data/gcompris-qt-1.0/src/core/Dataset.h
Examining data/gcompris-qt-1.0/src/core/Directory.cpp
Examining data/gcompris-qt-1.0/src/core/Directory.h
Examining data/gcompris-qt-1.0/src/core/DownloadManager.cpp
Examining data/gcompris-qt-1.0/src/core/DownloadManager.h
Examining data/gcompris-qt-1.0/src/core/File.cpp
Examining data/gcompris-qt-1.0/src/core/File.h
Examining data/gcompris-qt-1.0/src/core/GComprisPlugin.cpp
Examining data/gcompris-qt-1.0/src/core/GComprisPlugin.h
Examining data/gcompris-qt-1.0/src/core/main.cpp
Examining data/gcompris-qt-1.0/src/core/synth/ADSRenvelope.cpp
Examining data/gcompris-qt-1.0/src/core/synth/ADSRenvelope.h
Examining data/gcompris-qt-1.0/src/core/synth/GSynth.cpp
Examining data/gcompris-qt-1.0/src/core/synth/GSynth.h
Examining data/gcompris-qt-1.0/src/core/synth/generator.cpp
Examining data/gcompris-qt-1.0/src/core/synth/generator.h
Examining data/gcompris-qt-1.0/src/core/synth/linearSynthesis.cpp
Examining data/gcompris-qt-1.0/src/core/synth/linearSynthesis.h
Examining data/gcompris-qt-1.0/src/core/synth/modulation.cpp
Examining data/gcompris-qt-1.0/src/core/synth/modulation.h
Examining data/gcompris-qt-1.0/src/core/synth/preset.cpp
Examining data/gcompris-qt-1.0/src/core/synth/preset.h
Examining data/gcompris-qt-1.0/src/core/synth/waveform.cpp
Examining data/gcompris-qt-1.0/src/core/synth/waveform.h
Examining data/gcompris-qt-1.0/tests/core/ActivityInfoTest.cpp
Examining data/gcompris-qt-1.0/tests/core/ApplicationInfoTest.cpp
Examining data/gcompris-qt-1.0/tests/core/ApplicationSettingsMock.h
Examining data/gcompris-qt-1.0/tests/core/ApplicationSettingsTest.cpp
Examining data/gcompris-qt-1.0/tests/core/DatasetTest.cpp
Examining data/gcompris-qt-1.0/tests/core/DirectoryTest.cpp
Examining data/gcompris-qt-1.0/tests/core/DownloadManagerTest.cpp
Examining data/gcompris-qt-1.0/tests/core/FileTest.cpp
FINAL RESULTS:
data/gcompris-qt-1.0/src/core/ApplicationAndroid.cpp:76:28: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
_locale = QLocale::system().name();
data/gcompris-qt-1.0/src/core/ApplicationInfo.cpp:257:28: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
_locale = QLocale::system().name();
data/gcompris-qt-1.0/src/core/ApplicationInfo.h:193:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
_locale = QLocale::system().name();
data/gcompris-qt-1.0/src/core/ApplicationInfoDefault.cpp:56:59: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale l = (_locale == GC_DEFAULT_LOCALE) ? QLocale::system() \
data/gcompris-qt-1.0/src/core/main.cpp:69:35: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
locale = QString(QLocale::system().name() + ".UTF-8");
data/gcompris-qt-1.0/tests/core/ApplicationInfoTest.cpp:133:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale defaultLocale = QLocale::system();
data/gcompris-qt-1.0/src/core/ActivityInfoTree.cpp:234:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QFile::ReadOnly)) {
data/gcompris-qt-1.0/src/core/DownloadManager.cpp:231:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!job->file.open(QIODevice::WriteOnly)) {
data/gcompris-qt-1.0/src/core/DownloadManager.cpp:345:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!job->file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/gcompris-qt-1.0/src/core/DownloadManager.cpp:386:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/gcompris-qt-1.0/src/core/File.cpp:73:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly) ) {
data/gcompris-qt-1.0/src/core/File.cpp:104:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Truncate)) {
data/gcompris-qt-1.0/src/core/File.cpp:128:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Append)) {
data/gcompris-qt-1.0/src/core/main.cpp:42:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/gcompris-qt-1.0/src/core/synth/generator.cpp:54:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(QIODevice::ReadOnly);
data/gcompris-qt-1.0/src/core/synth/generator.cpp:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, m_buffer.constData(), len);
data/gcompris-qt-1.0/tests/core/FileTest.cpp:50:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open(QIODevice::ReadWrite);
data/gcompris-qt-1.0/tests/core/FileTest.cpp:103:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open(QIODevice::ReadWrite);
data/gcompris-qt-1.0/src/core/ActivityInfoTree.cpp:98:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(QQmlProperty::read(object, "section").toString() == "/") {
data/gcompris-qt-1.0/src/core/File.cpp:61:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QString File::read(const QString& name)
data/gcompris-qt-1.0/src/core/File.h:60:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Q_INVOKABLE QString read(const QString& name = QString());
data/gcompris-qt-1.0/tests/core/FileTest.cpp:83:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QVERIFY(file.read(filename).isEmpty());
data/gcompris-qt-1.0/tests/core/FileTest.cpp:110:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(file.read(), fileContent);
data/gcompris-qt-1.0/tests/core/FileTest.cpp:115:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(file.read(), fileContent+appendedText);
ANALYSIS SUMMARY:
Hits = 24
Lines analyzed = 7417 in approximately 0.57 seconds (13020 lines/second)
Physical Source Lines of Code (SLOC) = 4446
Hits@level = [0] 0 [1] 6 [2] 12 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 24 [1+] 24 [2+] 18 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 5.39811 [1+] 5.39811 [2+] 4.04858 [3+] 1.34953 [4+] 1.34953 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.