Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/httraqt-1.4.9/sources/options/optionsproxy.cpp
Examining data/httraqt-1.4.9/sources/options/optionsbuild.cpp
Examining data/httraqt-1.4.9/sources/options/OptionsDialog.cpp
Examining data/httraqt-1.4.9/sources/options/optionslimits.cpp
Examining data/httraqt-1.4.9/sources/options/BuildStringDialog.cpp
Examining data/httraqt-1.4.9/sources/options/optionsspider.cpp
Examining data/httraqt-1.4.9/sources/options/optionslinks.cpp
Examining data/httraqt-1.4.9/sources/options/optionsrulez.cpp
Examining data/httraqt-1.4.9/sources/options/optionslog.cpp
Examining data/httraqt-1.4.9/sources/options/optionsmime.cpp
Examining data/httraqt-1.4.9/sources/options/includes/optionsproxy.h
Examining data/httraqt-1.4.9/sources/options/includes/optionsrulez.h
Examining data/httraqt-1.4.9/sources/options/includes/OptionsDialog.h
Examining data/httraqt-1.4.9/sources/options/includes/optionsbrowser.h
Examining data/httraqt-1.4.9/sources/options/includes/optionslimits.h
Examining data/httraqt-1.4.9/sources/options/includes/optionsmime.h
Examining data/httraqt-1.4.9/sources/options/includes/optionsexperts.h
Examining data/httraqt-1.4.9/sources/options/includes/BuildStringDialog.h
Examining data/httraqt-1.4.9/sources/options/includes/optionsspider.h
Examining data/httraqt-1.4.9/sources/options/includes/optionslinks.h
Examining data/httraqt-1.4.9/sources/options/includes/optionsbuild.h
Examining data/httraqt-1.4.9/sources/options/includes/optionslog.h
Examining data/httraqt-1.4.9/sources/options/includes/optionsflow.h
Examining data/httraqt-1.4.9/sources/options/optionsbrowser.cpp
Examining data/httraqt-1.4.9/sources/options/optionsexperts.cpp
Examining data/httraqt-1.4.9/sources/options/optionsflow.cpp
Examining data/httraqt-1.4.9/sources/main/httraqt.cpp
Examining data/httraqt-1.4.9/sources/main/StartTab.cpp
Examining data/httraqt-1.4.9/sources/main/main.cpp
Examining data/httraqt-1.4.9/sources/main/InsertUrlDialog.cpp
Examining data/httraqt-1.4.9/sources/main/ProgressTab.cpp
Examining data/httraqt-1.4.9/sources/main/buttonPanel.cpp
Examining data/httraqt-1.4.9/sources/main/htinterface.cpp
Examining data/httraqt-1.4.9/sources/main/AboutDialog.cpp
Examining data/httraqt-1.4.9/sources/main/translator.cpp
Examining data/httraqt-1.4.9/sources/main/ConfirmTab.cpp
Examining data/httraqt-1.4.9/sources/main/options.cpp
Examining data/httraqt-1.4.9/sources/main/NewProjTab.cpp
Examining data/httraqt-1.4.9/sources/main/includes/AboutDialog.h
Examining data/httraqt-1.4.9/sources/main/includes/htinterface.h
Examining data/httraqt-1.4.9/sources/main/includes/NewProjTab.h
Examining data/httraqt-1.4.9/sources/main/includes/InsertUrlDialog.h
Examining data/httraqt-1.4.9/sources/main/includes/buttonPanel.h
Examining data/httraqt-1.4.9/sources/main/includes/translator.h
Examining data/httraqt-1.4.9/sources/main/includes/StartTab.h
Examining data/httraqt-1.4.9/sources/main/includes/httraqt.h
Examining data/httraqt-1.4.9/sources/main/includes/OptionsTab.h
Examining data/httraqt-1.4.9/sources/main/includes/ConfirmTab.h
Examining data/httraqt-1.4.9/sources/main/includes/FinalTab.h
Examining data/httraqt-1.4.9/sources/main/includes/options.h
Examining data/httraqt-1.4.9/sources/main/includes/ProgressTab.h
Examining data/httraqt-1.4.9/sources/main/FinalTab.cpp
Examining data/httraqt-1.4.9/sources/main/OptionsTab.cpp
Examining data/httraqt-1.4.9/sources/version.h

FINAL RESULTS:

data/httraqt-1.4.9/sources/main/AboutDialog.cpp:59:32:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    QString outStr = QString().sprintf(PROGRAM_FULL_NAME, HTTQTVERSION) + "<br>" + str2 + "<br><br>" + str4;
data/httraqt-1.4.9/sources/main/NewProjTab.cpp:225:24:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sSheet = QString().sprintf("font-size: %dpt", sz);
data/httraqt-1.4.9/sources/main/NewProjTab.cpp:229:28:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        sSheet = QString().sprintf("font-size: %dpx", sz);
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:210:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        lnk.sprintf("%d/%d (+%d)", parent->SInfo.lien_n, parent->SInfo.lien_tot - 1, parent->SInfo.stat_back);
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:212:13:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        lnk.sprintf("%d/%d", parent->SInfo.lien_n, parent->SInfo.lien_tot - 1);
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:278:35:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            i0->setText(QString().sprintf("%.2f MB", mbytes));       // bytes
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:280:35:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            i0->setText(QString().sprintf("%.4f GB", mbytes / 1024.0));     // bytes
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:300:12:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        st.sprintf("%d (%d)", parent->SInfo.irate, parent->SInfo.rate);
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:316:19:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            tempo.sprintf("%d (%d%%)", parent->SInfo.stat_updated, pc);
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:318:19:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            tempo.sprintf("%d", parent->SInfo.stat_updated);
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:342:31:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                            s.sprintf("%4.1f B", (float)sz);
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:344:31:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                            s.sprintf("%4.1f kB", (float)(sz / 1024.0));
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:346:31:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                            s.sprintf("%4.1f MB", (float)(sz / (1024.0 * 1024.0)));
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:348:31:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                            s.sprintf("%4.1f GB", (float)(sz / (1024.0 * 1024.0 * 1024.0)));
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:477:18:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            info.sprintf("[%d s]", parent->SInfo.stat_time);
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:491:35:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                byteb = QString().sprintf("%.2f MB", parent->SInfo.stat_bytes / (1024.0 * 1024.0));     // bytes
data/httraqt-1.4.9/sources/main/ProgressTab.cpp:493:35:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                byteb = QString().sprintf("%d B", parent->SInfo.stat_bytes);
data/httraqt-1.4.9/sources/main/StartTab.cpp:55:19:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    v = QString().sprintf("%s v.%s (%s)", PROGRAM_NAME, HTTQTVERSION, PROGRAM_DATE);
data/httraqt-1.4.9/sources/main/htinterface.cpp:273:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(chaine, "%s%s", url_address, url_file);
data/httraqt-1.4.9/sources/main/htinterface.cpp:664:21:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                    strcat(tempo, p + 2);
data/httraqt-1.4.9/sources/main/htinterface.cpp:665:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(p, tempo);
data/httraqt-1.4.9/sources/main/htinterface.cpp:672:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(tempo, p + 1);
data/httraqt-1.4.9/sources/main/htinterface.cpp:673:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(p, tempo);  /* wipe "" */
data/httraqt-1.4.9/sources/main/httraqt.cpp:431:35:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    programStyleSheet = QString().sprintf("font-size: %dpt", fontSize);
data/httraqt-1.4.9/sources/main/httraqt.cpp:435:39:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        programStyleSheet = QString().sprintf("font-size: %dpx", fontSize);
data/httraqt-1.4.9/sources/main/httraqt.cpp:1376:29:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    QLocale lSys = QLocale::system();
data/httraqt-1.4.9/sources/main/httraqt.cpp:2038:39:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        programStyleSheet = QString().sprintf("font-size: %dpx", fontSize);
data/httraqt-1.4.9/sources/main/httraqt.cpp:2040:39:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        programStyleSheet = QString().sprintf("font-size: %dpt", fontSize);
data/httraqt-1.4.9/sources/main/httraqt.cpp:2135:51:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                        streamOutput << QString().sprintf("t%03d=", i) << ll << "\r\n";
data/httraqt-1.4.9/sources/main/options.cpp:191:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                fTxt = QString().sprintf("%6.4f", fTmp);
data/httraqt-1.4.9/sources/main/options.cpp:271:38:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                    tTxt = QString().sprintf("%6.4f", tFloat / (1024.0 * 1024.0));
data/httraqt-1.4.9/sources/options/optionsbrowser.cpp:114:31:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                 << QString().sprintf(PROGRAM_FULL_NAME, HTTQTVERSION) + " (offline browser; web mirror utility)";
data/httraqt-1.4.9/sources/options/optionsmime.cpp:75:37:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            ident[i], -1, QString().sprintf("MIMEDefsExt%d", (i + 1)), COMBOBOX, ""
data/httraqt-1.4.9/sources/options/optionsmime.cpp:78:36:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
            mime[i], -1, QString().sprintf("MIMEDefsMime%d", (i + 1)), COMBOBOX, ""
data/httraqt-1.4.9/sources/main/OptionsTab.cpp:232:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!fileName.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/httraqt-1.4.9/sources/main/buttonPanel.cpp:110:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char mask[8] = {0x06, 0x07, 0x07, 0x07, 0x02, 0x06, 0x00};
data/httraqt-1.4.9/sources/main/htinterface.cpp:147:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char commande[1024] ;
data/httraqt-1.4.9/sources/main/htinterface.cpp:272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char chaine[1024] ;
data/httraqt-1.4.9/sources/main/htinterface.cpp:530:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                        char tempo[256];
data/httraqt-1.4.9/sources/main/httraqt.cpp:351:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if (fl.open(QFile::WriteOnly) == true) {
data/httraqt-1.4.9/sources/main/httraqt.cpp:606:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if (fl.open(QFile::WriteOnly) == true) {
data/httraqt-1.4.9/sources/main/httraqt.cpp:713:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempo[8192];
data/httraqt-1.4.9/sources/main/httraqt.cpp:1957:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (fLang.open(QIODevice::ReadOnly)) {      //wird eingelesen
data/httraqt-1.4.9/sources/main/httraqt.cpp:2093:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (fLang.open(QIODevice::ReadOnly)) {      //wird eingelesen
data/httraqt-1.4.9/sources/main/httraqt.cpp:2104:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (langTrFile.open(QIODevice::WriteOnly)) {
data/httraqt-1.4.9/sources/main/translator.cpp:550:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!langFile.open(QIODevice::ReadOnly)) {
data/httraqt-1.4.9/sources/options/OptionsDialog.cpp:98:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pages, p, OPTION_SITES * sizeof(QWidget*));
data/httraqt-1.4.9/sources/main/htinterface.cpp:661:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    char* tempo = (char*)malloc(strlen(p) + 2 + 2);
data/httraqt-1.4.9/sources/main/htinterface.cpp:670:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            char* tempo = (char*)malloc(strlen(p) + 2);
data/httraqt-1.4.9/sources/main/httraqt.cpp:723:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for(i = 0; i < (int) strlen(tempo); i++) {
data/httraqt-1.4.9/sources/main/httraqt.cpp:2534:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (int i = 0; i < (int) strlen(chaine); i++) {

ANALYSIS SUMMARY:

Hits = 51
Lines analyzed = 11789 in approximately 0.30 seconds (38695 lines/second)
Physical Source Lines of Code (SLOC) = 7811
Hits@level = [0]   0 [1]   4 [2]  13 [3]   0 [4]  34 [5]   0
Hits@level+ = [0+]  51 [1+]  51 [2+]  47 [3+]  34 [4+]  34 [5+]   0
Hits/KSLOC@level+ = [0+] 6.52925 [1+] 6.52925 [2+] 6.01716 [3+] 4.35284 [4+] 4.35284 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.