Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/guidedog-1.3.0/aboutdialog.cpp Examining data/guidedog-1.3.0/aboutdialog.h Examining data/guidedog-1.3.0/commandrunner.cpp Examining data/guidedog-1.3.0/commandrunner.h Examining data/guidedog-1.3.0/guidedog.cpp Examining data/guidedog-1.3.0/guidedog.h Examining data/guidedog-1.3.0/guidedogdoc.cpp Examining data/guidedog-1.3.0/guidedogdoc.h Examining data/guidedog-1.3.0/iprange.cpp Examining data/guidedog-1.3.0/iprange.h Examining data/guidedog-1.3.0/main.cpp Examining data/guidedog-1.3.0/simelineedit.cpp Examining data/guidedog-1.3.0/simelineedit.h FINAL RESULTS: data/guidedog-1.3.0/guidedog.cpp:1616:24: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QTemporaryFile tmpfile; data/guidedog-1.3.0/guidedog.cpp:1618:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (!tmpfile.open()) { data/guidedog-1.3.0/guidedog.cpp:1618:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tmpfile.open()) { data/guidedog-1.3.0/guidedog.cpp:1620:22: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). .arg(tmpfile.fileName()).arg(strerror(tmpfile.error())); data/guidedog-1.3.0/guidedog.cpp:1620:55: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). .arg(tmpfile.fileName()).arg(strerror(tmpfile.error())); data/guidedog-1.3.0/guidedog.cpp:1627:26: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QTextStream out(&tmpfile); data/guidedog-1.3.0/guidedog.cpp:1633:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile.close(); data/guidedog-1.3.0/guidedog.cpp:1634:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile.setPermissions(tmpfile.fileName(), QFileDevice::ReadOwner | QFileDevice::WriteOwner | QFileDevice::ExeOwner data/guidedog-1.3.0/guidedog.cpp:1634:32: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile.setPermissions(tmpfile.fileName(), QFileDevice::ReadOwner | QFileDevice::WriteOwner | QFileDevice::ExeOwner data/guidedog-1.3.0/guidedog.cpp:1644:41: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). cr.pkexecRun(QString("cp -v " + tmpfile.fileName() + " " + SYSTEM_RC_GUIDEDOG + "\n")); data/guidedog-1.3.0/guidedogdoc.cpp:664:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/guidedog-1.3.0/guidedogdoc.cpp:694:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadWrite | QIODevice::Text)) { data/guidedog-1.3.0/guidedogdoc.cpp:537:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rightpart = s.right(s.length() - strlen(parameterlist[i])); data/guidedog-1.3.0/guidedogdoc.cpp:590:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rightpart = s.right(s.length() - strlen(forwardparameterlist[i])); ANALYSIS SUMMARY: Hits = 14 Lines analyzed = 3480 in approximately 0.65 seconds (5335 lines/second) Physical Source Lines of Code (SLOC) = 2118 Hits@level = [0] 0 [1] 2 [2] 12 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 14 [1+] 14 [2+] 12 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 6.61001 [1+] 6.61001 [2+] 5.66572 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.