Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kalarmcal-20.08.2/autotests/kadatetimetest.h
Examining data/kalarmcal-20.08.2/autotests/kaeventtest.h
Examining data/kalarmcal-20.08.2/autotests/kaeventtest.cpp
Examining data/kalarmcal-20.08.2/autotests/kadatetimetest.cpp
Examining data/kalarmcal-20.08.2/serializers/kaeventformatter.cpp
Examining data/kalarmcal-20.08.2/serializers/akonadi_serializer_kalarm.h
Examining data/kalarmcal-20.08.2/serializers/akonadi_serializer_kalarm.cpp
Examining data/kalarmcal-20.08.2/serializers/kaeventformatter.h
Examining data/kalarmcal-20.08.2/src/repetition.h
Examining data/kalarmcal-20.08.2/src/alarmtext.h
Examining data/kalarmcal-20.08.2/src/alarmtext.cpp
Examining data/kalarmcal-20.08.2/src/kadatetime.h
Examining data/kalarmcal-20.08.2/src/kadatetime.cpp
Examining data/kalarmcal-20.08.2/src/karecurrence.cpp
Examining data/kalarmcal-20.08.2/src/collectionattribute.cpp
Examining data/kalarmcal-20.08.2/src/version.cpp
Examining data/kalarmcal-20.08.2/src/collectionattribute.h
Examining data/kalarmcal-20.08.2/src/kaevent.cpp
Examining data/kalarmcal-20.08.2/src/akonadi.h
Examining data/kalarmcal-20.08.2/src/eventattribute.h
Examining data/kalarmcal-20.08.2/src/datetime.cpp
Examining data/kalarmcal-20.08.2/src/datetime.h
Examining data/kalarmcal-20.08.2/src/compatibilityattribute.h
Examining data/kalarmcal-20.08.2/src/version.h
Examining data/kalarmcal-20.08.2/src/karecurrence.h
Examining data/kalarmcal-20.08.2/src/kacalendar.h
Examining data/kalarmcal-20.08.2/src/kacalendar.cpp
Examining data/kalarmcal-20.08.2/src/identities.cpp
Examining data/kalarmcal-20.08.2/src/eventattribute.cpp
Examining data/kalarmcal-20.08.2/src/compatibilityattribute.cpp
Examining data/kalarmcal-20.08.2/src/identities.h
Examining data/kalarmcal-20.08.2/src/repetition.cpp
Examining data/kalarmcal-20.08.2/src/akonadi.cpp
Examining data/kalarmcal-20.08.2/src/kaevent.h
FINAL RESULTS:
data/kalarmcal-20.08.2/src/kacalendar.cpp:189:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/kalarmcal-20.08.2/autotests/kadatetimetest.cpp:1666:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
void KADateTimeTest::equal()
data/kalarmcal-20.08.2/autotests/kadatetimetest.h:28:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
void equal();
ANALYSIS SUMMARY:
Hits = 3
Lines analyzed = 23229 in approximately 0.67 seconds (34919 lines/second)
Physical Source Lines of Code (SLOC) = 16489
Hits@level = [0] 0 [1] 2 [2] 1 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 3 [1+] 3 [2+] 1 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.181939 [1+] 0.181939 [2+] 0.0606465 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.