Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kcalcore-5.74.0/autotests/testrecurrenceexception.cpp
Examining data/kcalcore-5.74.0/autotests/testevent.h
Examining data/kcalcore-5.74.0/autotests/testperson.cpp
Examining data/kcalcore-5.74.0/autotests/testtodo.cpp
Examining data/kcalcore-5.74.0/autotests/testexception.h
Examining data/kcalcore-5.74.0/autotests/testcalendarobserver.h
Examining data/kcalcore-5.74.0/autotests/testincidencerelation.h
Examining data/kcalcore-5.74.0/autotests/testcreateddatecompat.h
Examining data/kcalcore-5.74.0/autotests/testoccurrenceiterator.cpp
Examining data/kcalcore-5.74.0/autotests/testtostring.cpp
Examining data/kcalcore-5.74.0/autotests/testincidencegenerator.h
Examining data/kcalcore-5.74.0/autotests/testfreebusyperiod.h
Examining data/kcalcore-5.74.0/autotests/testrecurrenceexception.h
Examining data/kcalcore-5.74.0/autotests/testrecurtodo.h
Examining data/kcalcore-5.74.0/autotests/testevent.cpp
Examining data/kcalcore-5.74.0/autotests/testincidence.cpp
Examining data/kcalcore-5.74.0/autotests/testattendee.h
Examining data/kcalcore-5.74.0/autotests/testperiod.h
Examining data/kcalcore-5.74.0/autotests/testfreebusy.h
Examining data/kcalcore-5.74.0/autotests/testincidence.h
Examining data/kcalcore-5.74.0/autotests/testfreebusy.cpp
Examining data/kcalcore-5.74.0/autotests/testmemorycalendar.cpp
Examining data/kcalcore-5.74.0/autotests/testcreateddatecompat.cpp
Examining data/kcalcore-5.74.0/autotests/testalarm.cpp
Examining data/kcalcore-5.74.0/autotests/testicaltimezones.cpp
Examining data/kcalcore-5.74.0/autotests/testcustomproperties.cpp
Examining data/kcalcore-5.74.0/autotests/testcalfilter.h
Examining data/kcalcore-5.74.0/autotests/incidencestest.cpp
Examining data/kcalcore-5.74.0/autotests/testperiod.cpp
Examining data/kcalcore-5.74.0/autotests/testattachment.h
Examining data/kcalcore-5.74.0/autotests/testduration.cpp
Examining data/kcalcore-5.74.0/autotests/testrecurrence.cpp
Examining data/kcalcore-5.74.0/autotests/testreadrecurrenceid.h
Examining data/kcalcore-5.74.0/autotests/testfreebusyperiod.cpp
Examining data/kcalcore-5.74.0/autotests/testrecurson.cpp
Examining data/kcalcore-5.74.0/autotests/fbrecurring.cpp
Examining data/kcalcore-5.74.0/autotests/testcalendarobserver.cpp
Examining data/kcalcore-5.74.0/autotests/testdateserialization.cpp
Examining data/kcalcore-5.74.0/autotests/testrecurrencetype.cpp
Examining data/kcalcore-5.74.0/autotests/testperson.h
Examining data/kcalcore-5.74.0/autotests/testfb.cpp
Examining data/kcalcore-5.74.0/autotests/testtodo.h
Examining data/kcalcore-5.74.0/autotests/testcustomproperties.h
Examining data/kcalcore-5.74.0/autotests/testfilestorage.h
Examining data/kcalcore-5.74.0/autotests/testoccurrenceiterator.h
Examining data/kcalcore-5.74.0/autotests/testjournal.h
Examining data/kcalcore-5.74.0/autotests/testcalfilter.cpp
Examining data/kcalcore-5.74.0/autotests/testicalformat.cpp
Examining data/kcalcore-5.74.0/autotests/testalarm.h
Examining data/kcalcore-5.74.0/autotests/testmemorycalendar.h
Examining data/kcalcore-5.74.0/autotests/testincidencerelation.cpp
Examining data/kcalcore-5.74.0/autotests/testduration.h
Examining data/kcalcore-5.74.0/autotests/testattachment.cpp
Examining data/kcalcore-5.74.0/autotests/testreadrecurrenceid.cpp
Examining data/kcalcore-5.74.0/autotests/testicaltimezones.h
Examining data/kcalcore-5.74.0/autotests/testvcalexport.cpp
Examining data/kcalcore-5.74.0/autotests/testrecurprevious.cpp
Examining data/kcalcore-5.74.0/autotests/testjournal.cpp
Examining data/kcalcore-5.74.0/autotests/testtimesininterval.cpp
Examining data/kcalcore-5.74.0/autotests/testdateserialization.h
Examining data/kcalcore-5.74.0/autotests/testfilestorage.cpp
Examining data/kcalcore-5.74.0/autotests/testattendee.cpp
Examining data/kcalcore-5.74.0/autotests/testtimesininterval.h
Examining data/kcalcore-5.74.0/autotests/testexception.cpp
Examining data/kcalcore-5.74.0/autotests/loadcalendar.cpp
Examining data/kcalcore-5.74.0/autotests/testicalformat.h
Examining data/kcalcore-5.74.0/autotests/readandwrite.cpp
Examining data/kcalcore-5.74.0/autotests/testrecurtodo.cpp
Examining data/kcalcore-5.74.0/src/icaltimezones.cpp
Examining data/kcalcore-5.74.0/src/calstorage.cpp
Examining data/kcalcore-5.74.0/src/memorycalendar.cpp
Examining data/kcalcore-5.74.0/src/vcalformat.cpp
Examining data/kcalcore-5.74.0/src/journal.cpp
Examining data/kcalcore-5.74.0/src/compat.cpp
Examining data/kcalcore-5.74.0/src/period.h
Examining data/kcalcore-5.74.0/src/icalformat.h
Examining data/kcalcore-5.74.0/src/incidencebase.cpp
Examining data/kcalcore-5.74.0/src/attachment.cpp
Examining data/kcalcore-5.74.0/src/duration.cpp
Examining data/kcalcore-5.74.0/src/todo.h
Examining data/kcalcore-5.74.0/src/exceptions.h
Examining data/kcalcore-5.74.0/src/icalformat.cpp
Examining data/kcalcore-5.74.0/src/freebusycache.h
Examining data/kcalcore-5.74.0/src/freebusy.cpp
Examining data/kcalcore-5.74.0/src/filestorage.h
Examining data/kcalcore-5.74.0/src/attachment.h
Examining data/kcalcore-5.74.0/src/attendee.cpp
Examining data/kcalcore-5.74.0/src/freebusycache.cpp
Examining data/kcalcore-5.74.0/src/calendar.cpp
Examining data/kcalcore-5.74.0/src/calfilter.h
Examining data/kcalcore-5.74.0/src/alarm.cpp
Examining data/kcalcore-5.74.0/src/exceptions.cpp
Examining data/kcalcore-5.74.0/src/visitor.cpp
Examining data/kcalcore-5.74.0/src/schedulemessage.h
Examining data/kcalcore-5.74.0/src/incidence.h
Examining data/kcalcore-5.74.0/src/recurrence.h
Examining data/kcalcore-5.74.0/src/calendar.h
Examining data/kcalcore-5.74.0/src/incidence.cpp
Examining data/kcalcore-5.74.0/src/event.cpp
Examining data/kcalcore-5.74.0/src/recurrencehelper_p.h
Examining data/kcalcore-5.74.0/src/visitor.h
Examining data/kcalcore-5.74.0/src/recurrencerule.h
Examining data/kcalcore-5.74.0/src/calformat.cpp
Examining data/kcalcore-5.74.0/src/period.cpp
Examining data/kcalcore-5.74.0/src/icaltimezones_p.h
Examining data/kcalcore-5.74.0/src/person.h
Examining data/kcalcore-5.74.0/src/freebusyperiod.cpp
Examining data/kcalcore-5.74.0/src/calformat.h
Examining data/kcalcore-5.74.0/src/calstorage.h
Examining data/kcalcore-5.74.0/src/alarm.h
Examining data/kcalcore-5.74.0/src/incidencebase.h
Examining data/kcalcore-5.74.0/src/todo.cpp
Examining data/kcalcore-5.74.0/src/customproperties.h
Examining data/kcalcore-5.74.0/src/utils.cpp
Examining data/kcalcore-5.74.0/src/recurrencerule.cpp
Examining data/kcalcore-5.74.0/src/icalformat_p.cpp
Examining data/kcalcore-5.74.0/src/calendar_p.h
Examining data/kcalcore-5.74.0/src/icalformat_p.h
Examining data/kcalcore-5.74.0/src/calfilter.cpp
Examining data/kcalcore-5.74.0/src/freebusyperiod.h
Examining data/kcalcore-5.74.0/src/customproperties.cpp
Examining data/kcalcore-5.74.0/src/memorycalendar.h
Examining data/kcalcore-5.74.0/src/freebusy.h
Examining data/kcalcore-5.74.0/src/recurrence.cpp
Examining data/kcalcore-5.74.0/src/journal.h
Examining data/kcalcore-5.74.0/src/utils_p.h
Examining data/kcalcore-5.74.0/src/person.cpp
Examining data/kcalcore-5.74.0/src/duration.h
Examining data/kcalcore-5.74.0/src/event.h
Examining data/kcalcore-5.74.0/src/vcalformat.h
Examining data/kcalcore-5.74.0/src/sorting.cpp
Examining data/kcalcore-5.74.0/src/occurrenceiterator.cpp
Examining data/kcalcore-5.74.0/src/schedulemessage.cpp
Examining data/kcalcore-5.74.0/src/compat_p.h
Examining data/kcalcore-5.74.0/src/attendee.h
Examining data/kcalcore-5.74.0/src/filestorage.cpp
Examining data/kcalcore-5.74.0/src/person_p.h
Examining data/kcalcore-5.74.0/src/occurrenceiterator.h
Examining data/kcalcore-5.74.0/src/sorting.h
FINAL RESULTS:
data/kcalcore-5.74.0/autotests/testfilestorage.cpp:52:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(fs.open());
data/kcalcore-5.74.0/autotests/testfilestorage.cpp:84:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(fs.open());
data/kcalcore-5.74.0/autotests/testfilestorage.cpp:87:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(fs.open());
data/kcalcore-5.74.0/autotests/testfilestorage.cpp:94:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(fs.open());
data/kcalcore-5.74.0/autotests/testfilestorage.cpp:119:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(fs.open());
data/kcalcore-5.74.0/autotests/testfilestorage.cpp:126:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(otherFs.open());
data/kcalcore-5.74.0/autotests/testfilestorage.cpp:142:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::ReadOnly | QIODevice::Text));
data/kcalcore-5.74.0/autotests/testicalformat.cpp:63:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::ReadOnly | QIODevice::Text));
data/kcalcore-5.74.0/autotests/testreadrecurrenceid.cpp:22:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::ReadOnly));
data/kcalcore-5.74.0/autotests/testreadrecurrenceid.cpp:40:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::ReadOnly));
data/kcalcore-5.74.0/autotests/testreadrecurrenceid.cpp:73:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::ReadOnly));
data/kcalcore-5.74.0/autotests/testrecurprevious.cpp:59:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fn.isEmpty() && outfile.open(QIODevice::WriteOnly)) {
data/kcalcore-5.74.0/autotests/testrecurrence.cpp:53:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fn.isEmpty() && outfile.open(QIODevice::WriteOnly)) {
data/kcalcore-5.74.0/autotests/testrecurrencetype.cpp:52:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fn.isEmpty() && outfile.open(QIODevice::WriteOnly)) {
data/kcalcore-5.74.0/autotests/testrecurson.cpp:58:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fn.isEmpty() && outfile.open(QIODevice::WriteOnly)) {
data/kcalcore-5.74.0/src/calstorage.h:60:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open() = 0;
data/kcalcore-5.74.0/src/filestorage.cpp:82:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool FileStorage::open()
data/kcalcore-5.74.0/src/filestorage.h:96:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Q_REQUIRED_RESULT bool open() override;
data/kcalcore-5.74.0/src/icalformat.cpp:75:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/kcalcore-5.74.0/src/icalformat.cpp:113:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly)) {
data/kcalcore-5.74.0/src/vcalformat.cpp:295:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
anEvent->setPriority(atoi(s));
data/kcalcore-5.74.0/src/vcalformat.cpp:661:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
anEvent->setRevision(atoi(s));
data/kcalcore-5.74.0/src/vcalformat.cpp:1140:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
anEvent->setPriority(atoi(s));
data/kcalcore-5.74.0/src/vcalformat.cpp:1149:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(s);
data/kcalcore-5.74.0/autotests/testrecurtodo.cpp:117:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) {
data/kcalcore-5.74.0/autotests/testrecurtodo.cpp:123:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
QVERIFY(equal);
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 36767 in approximately 0.99 seconds (37256 lines/second)
Physical Source Lines of Code (SLOC) = 22588
Hits@level = [0] 0 [1] 2 [2] 24 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 26 [1+] 26 [2+] 24 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.15105 [1+] 1.15105 [2+] 1.06251 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.