Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kdesvn-2.1.0/src/commandline_part.h Examining data/kdesvn-2.1.0/src/kdesvnview.cpp Examining data/kdesvn-2.1.0/src/settings/cmdexecsettings_impl.h Examining data/kdesvn-2.1.0/src/settings/diffmergesettings_impl.h Examining data/kdesvn-2.1.0/src/settings/subversionsettings_impl.cpp Examining data/kdesvn-2.1.0/src/settings/polling_settings_impl.h Examining data/kdesvn-2.1.0/src/settings/cmdexecsettings_impl.cpp Examining data/kdesvn-2.1.0/src/settings/revisiontreesettingsdlg_impl.cpp Examining data/kdesvn-2.1.0/src/settings/dispcolorsettings_impl.h Examining data/kdesvn-2.1.0/src/settings/revisiontreesettingsdlg_impl.h Examining data/kdesvn-2.1.0/src/settings/dispcolorsettings_impl.cpp Examining data/kdesvn-2.1.0/src/settings/displaysettings_impl.h Examining data/kdesvn-2.1.0/src/settings/polling_settings_impl.cpp Examining data/kdesvn-2.1.0/src/settings/subversionsettings_impl.h Examining data/kdesvn-2.1.0/src/settings/diffmergesettings_impl.cpp Examining data/kdesvn-2.1.0/src/settings/displaysettings_impl.cpp Examining data/kdesvn-2.1.0/src/kdesvn_part.cpp Examining data/kdesvn-2.1.0/src/urldlg.cpp Examining data/kdesvn-2.1.0/src/kdesvn.cpp Examining data/kdesvn-2.1.0/src/commandline_part.cpp Examining data/kdesvn-2.1.0/src/kdesvnd/kdesvnd_listener.h Examining data/kdesvn-2.1.0/src/kdesvnd/kdesvnd_listener.cpp Examining data/kdesvn-2.1.0/src/kdesvnd/kdesvnd.h Examining data/kdesvn-2.1.0/src/kdesvnd/ksvnjobview.h Examining data/kdesvn-2.1.0/src/kdesvnd/ksvnjobview.cpp Examining data/kdesvn-2.1.0/src/kdesvnd/kdesvnd.cpp Examining data/kdesvn-2.1.0/src/askpass/kdesvn-askpass.cpp Examining data/kdesvn-2.1.0/src/commandline.cpp Examining data/kdesvn-2.1.0/src/kdesvn_part.h Examining data/kdesvn-2.1.0/src/urldlg.h Examining data/kdesvn-2.1.0/src/helpers/windowgeometryhelper.h Examining data/kdesvn-2.1.0/src/helpers/ktranslateurl.h Examining data/kdesvn-2.1.0/src/helpers/windowgeometryhelper.cpp Examining data/kdesvn-2.1.0/src/helpers/kdesvn_debug.cpp Examining data/kdesvn-2.1.0/src/helpers/sshagent.h Examining data/kdesvn-2.1.0/src/helpers/sshagent.cpp Examining data/kdesvn-2.1.0/src/helpers/stringhelper.h Examining data/kdesvn-2.1.0/src/helpers/ktranslateurl.cpp Examining data/kdesvn-2.1.0/src/helpers/kdesvn_debug.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/authdialogimpl.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/diffbrowser.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/commitmsg_impl.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/depthselector.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/ksvndialog.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/diffsyntax.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/authdialogwidget.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/deleteform.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/revertform.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/revertform.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/deleteform.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/encodingselector_impl.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/pwstorage.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/ssltrustprompt.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/encodingselector_impl.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/authdialogwidget.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/commitmsg_impl.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/diffsyntax.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/ssltrustprompt.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/diffbrowser.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/ksvndialog.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/depthselector.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/pwstorage.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/authdialogimpl.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/models/commitmodel.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/models/commitmodelhelper.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/models/commitmodelfwd.h Examining data/kdesvn-2.1.0/src/ksvnwidgets/models/commitmodelhelper.cpp Examining data/kdesvn-2.1.0/src/ksvnwidgets/models/commitmodel.h Examining data/kdesvn-2.1.0/src/commandline.h Examining data/kdesvn-2.1.0/src/svnfrontend/createrepodlg.h Examining data/kdesvn-2.1.0/src/svnfrontend/EditIgnorePattern.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/itemdisplay.h Examining data/kdesvn-2.1.0/src/svnfrontend/dumprepo_impl.h Examining data/kdesvn-2.1.0/src/svnfrontend/hotcopydlg_impl.h Examining data/kdesvn-2.1.0/src/svnfrontend/mergedlg_impl.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/revgraphview.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/revisiontree.h Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/graphtree_defines.h Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/elogentry.h Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/elogentry.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/revisiontree.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/graphtreelabel.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/revtreewidget.h Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/revgraphview.h Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/pannerview.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/pannerview.h Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/revtreewidget.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/drawparams.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/graphtreelabel.h Examining data/kdesvn-2.1.0/src/svnfrontend/graphtree/drawparams.h Examining data/kdesvn-2.1.0/src/svnfrontend/blamedisplay.h Examining data/kdesvn-2.1.0/src/svnfrontend/editpropsdlg.h Examining data/kdesvn-2.1.0/src/svnfrontend/importdir_logmsg.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/editpropsdlg.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/svnitem.h Examining data/kdesvn-2.1.0/src/svnfrontend/hotcopydlg_impl.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/cacheentry.h Examining data/kdesvn-2.1.0/src/svnfrontend/svntreeview.h Examining data/kdesvn-2.1.0/src/svnfrontend/svntreeview.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/svnlogdlgimp.h Examining data/kdesvn-2.1.0/src/svnfrontend/createrepodlg.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/itemdisplay.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/svnlogdlgimp.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/EditIgnorePattern.h Examining data/kdesvn-2.1.0/src/svnfrontend/stopdlg.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/copymoveview_impl.h Examining data/kdesvn-2.1.0/src/svnfrontend/maintreewidget.h Examining data/kdesvn-2.1.0/src/svnfrontend/blamedisplay.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/opencontextmenu.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/kmultilinedelegate.h Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/watchedprocess.h Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/widgetblockstack.h Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/kmultilinedelegate.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/revisionbuttonimpl.h Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/propertyitem.h Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/rangeinput_impl.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/checkoutinfo_impl.h Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/propertylist.h Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/revisionbuttonimpl.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/propertylist.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/widgetblockstack.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/cursorstack.h Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/rangeinput_impl.h Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/checkoutinfo_impl.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/watchedprocess.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/propertyitem.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/fronthelpers/fronthelpers.h Examining data/kdesvn-2.1.0/src/svnfrontend/dummydisplay.h Examining data/kdesvn-2.1.0/src/svnfrontend/ccontextlistener.h Examining data/kdesvn-2.1.0/src/svnfrontend/ccontextlistener.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/dumprepo_impl.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/simple_logcb.h Examining data/kdesvn-2.1.0/src/svnfrontend/background/getinfothread.h Examining data/kdesvn-2.1.0/src/svnfrontend/background/fillcachethread.h Examining data/kdesvn-2.1.0/src/svnfrontend/background/tcontextlistener.h Examining data/kdesvn-2.1.0/src/svnfrontend/background/fillcachethread.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/background/modifiedthread.h Examining data/kdesvn-2.1.0/src/svnfrontend/background/threadcontextlistenerdata.h Examining data/kdesvn-2.1.0/src/svnfrontend/background/svnthread.h Examining data/kdesvn-2.1.0/src/svnfrontend/background/getinfothread.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/background/modifiedthread.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/background/tcontextlistener.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/background/svnthread.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/svnactions.h Examining data/kdesvn-2.1.0/src/svnfrontend/maintreewidget.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/svnactions.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/importdir_logmsg.h Examining data/kdesvn-2.1.0/src/svnfrontend/commandexec.h Examining data/kdesvn-2.1.0/src/svnfrontend/propertiesdlg.h Examining data/kdesvn-2.1.0/src/svnfrontend/commandexec.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/mergedlg_impl.h Examining data/kdesvn-2.1.0/src/svnfrontend/dummydisplay.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/loaddmpdlg_impl.h Examining data/kdesvn-2.1.0/src/svnfrontend/svnitem.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/frontendtypes.h Examining data/kdesvn-2.1.0/src/svnfrontend/propertiesdlg.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/opencontextmenu.h Examining data/kdesvn-2.1.0/src/svnfrontend/stopdlg.h Examining data/kdesvn-2.1.0/src/svnfrontend/copymoveview_impl.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/loaddmpdlg_impl.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/models/svnsortfilter.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/models/svnitemmodel.h Examining data/kdesvn-2.1.0/src/svnfrontend/models/svnsortfilter.h Examining data/kdesvn-2.1.0/src/svnfrontend/models/svndirsortfilter.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/models/svndirsortfilter.h Examining data/kdesvn-2.1.0/src/svnfrontend/models/svnitemmodelfwd.h Examining data/kdesvn-2.1.0/src/svnfrontend/models/logmodelhelper.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/models/logmodelhelper.h Examining data/kdesvn-2.1.0/src/svnfrontend/models/svnitemnode.h Examining data/kdesvn-2.1.0/src/svnfrontend/models/logitemmodel.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/models/logitemmodel.h Examining data/kdesvn-2.1.0/src/svnfrontend/models/svnitemnode.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/models/svnitemmodel.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/database/dbsettings.h Examining data/kdesvn-2.1.0/src/svnfrontend/database/dboverview.h Examining data/kdesvn-2.1.0/src/svnfrontend/database/dbsettings.cpp Examining data/kdesvn-2.1.0/src/svnfrontend/database/dboverview.cpp Examining data/kdesvn-2.1.0/src/main.cpp Examining data/kdesvn-2.1.0/src/kdesvnview.h Examining data/kdesvn-2.1.0/src/svnqt/repositorylistener.cpp Examining data/kdesvn-2.1.0/src/svnqt/lock_entry.cpp Examining data/kdesvn-2.1.0/src/svnqt/dirent.h Examining data/kdesvn-2.1.0/src/svnqt/client_cat.cpp Examining data/kdesvn-2.1.0/src/svnqt/repositorydata.h Examining data/kdesvn-2.1.0/src/svnqt/client_status.cpp Examining data/kdesvn-2.1.0/src/svnqt/entry.cpp Examining data/kdesvn-2.1.0/src/svnqt/client.cpp Examining data/kdesvn-2.1.0/src/svnqt/entry.h Examining data/kdesvn-2.1.0/src/svnqt/client_impl.cpp Examining data/kdesvn-2.1.0/src/svnqt/diffoptions.h Examining data/kdesvn-2.1.0/src/svnqt/diff_data.h Examining data/kdesvn-2.1.0/src/svnqt/client_lock.cpp Examining data/kdesvn-2.1.0/src/svnqt/client_parameter.h Examining data/kdesvn-2.1.0/src/svnqt/client_parameter.cpp Examining data/kdesvn-2.1.0/src/svnqt/annotate_line.h Examining data/kdesvn-2.1.0/src/svnqt/helper.h Examining data/kdesvn-2.1.0/src/svnqt/conflictresult.h Examining data/kdesvn-2.1.0/src/svnqt/lock_entry.h Examining data/kdesvn-2.1.0/src/svnqt/client_impl.h Examining data/kdesvn-2.1.0/src/svnqt/context.cpp Examining data/kdesvn-2.1.0/src/svnqt/conflictdescription.cpp Examining data/kdesvn-2.1.0/src/svnqt/diffoptions.cpp Examining data/kdesvn-2.1.0/src/svnqt/conflictresult.cpp Examining data/kdesvn-2.1.0/src/svnqt/client_annotate_parameter.h Examining data/kdesvn-2.1.0/src/svnqt/revision.h Examining data/kdesvn-2.1.0/src/svnqt/reposnotify.cpp Examining data/kdesvn-2.1.0/src/svnqt/svnstream.cpp Examining data/kdesvn-2.1.0/src/svnqt/client.h Examining data/kdesvn-2.1.0/src/svnqt/testmain.cpp Examining data/kdesvn-2.1.0/src/svnqt/exception.cpp Examining data/kdesvn-2.1.0/src/svnqt/client_commit_parameter.cpp Examining data/kdesvn-2.1.0/src/svnqt/client_modify.cpp Examining data/kdesvn-2.1.0/src/svnqt/apr.cpp Examining data/kdesvn-2.1.0/src/svnqt/dirent.cpp Examining data/kdesvn-2.1.0/src/svnqt/version_check.cpp Examining data/kdesvn-2.1.0/src/svnqt/svnstream.h Examining data/kdesvn-2.1.0/src/svnqt/pool.h Examining data/kdesvn-2.1.0/src/svnqt/reposnotify.h Examining data/kdesvn-2.1.0/src/svnqt/svnfilestream.h Examining data/kdesvn-2.1.0/src/svnqt/context.h Examining data/kdesvn-2.1.0/src/svnqt/version_check.h Examining data/kdesvn-2.1.0/src/svnqt/commititem.h Examining data/kdesvn-2.1.0/src/svnqt/status.cpp Examining data/kdesvn-2.1.0/src/svnqt/path.cpp Examining data/kdesvn-2.1.0/src/svnqt/path.h Examining data/kdesvn-2.1.0/src/svnqt/info_entry.h Examining data/kdesvn-2.1.0/src/svnqt/stringarray.cpp Examining data/kdesvn-2.1.0/src/svnqt/targets.cpp Examining data/kdesvn-2.1.0/src/svnqt/revision.cpp Examining data/kdesvn-2.1.0/src/svnqt/url.h Examining data/kdesvn-2.1.0/src/svnqt/client_parameter_macros.h Examining data/kdesvn-2.1.0/src/svnqt/exception.h Examining data/kdesvn-2.1.0/src/svnqt/conflictdescription.h Examining data/kdesvn-2.1.0/src/svnqt/client_property.cpp Examining data/kdesvn-2.1.0/src/svnqt/diff_data.cpp Examining data/kdesvn-2.1.0/src/svnqt/repositorylistener.h Examining data/kdesvn-2.1.0/src/svnqt/client_annotate_parameter.cpp Examining data/kdesvn-2.1.0/src/svnqt/commititem.cpp Examining data/kdesvn-2.1.0/src/svnqt/svnfilestream.cpp Examining data/kdesvn-2.1.0/src/svnqt/cache/LogCache.h Examining data/kdesvn-2.1.0/src/svnqt/cache/ReposLog.h Examining data/kdesvn-2.1.0/src/svnqt/cache/DatabaseException.h Examining data/kdesvn-2.1.0/src/svnqt/cache/test/sqlite.cpp Examining data/kdesvn-2.1.0/src/svnqt/cache/DatabaseException.cpp Examining data/kdesvn-2.1.0/src/svnqt/cache/LogCache.cpp Examining data/kdesvn-2.1.0/src/svnqt/cache/ReposConfig.h Examining data/kdesvn-2.1.0/src/svnqt/cache/ReposLog.cpp Examining data/kdesvn-2.1.0/src/svnqt/cache/ReposConfig.cpp Examining data/kdesvn-2.1.0/src/svnqt/repository.cpp Examining data/kdesvn-2.1.0/src/svnqt/context_listener.h Examining data/kdesvn-2.1.0/src/svnqt/tests/testlistener.h Examining data/kdesvn-2.1.0/src/svnqt/tests/crepo.cpp Examining data/kdesvn-2.1.0/src/svnqt/tests/lsdir.cpp Examining data/kdesvn-2.1.0/src/svnqt/tests/ckpath.cpp Examining data/kdesvn-2.1.0/src/svnqt/log_entry.h Examining data/kdesvn-2.1.0/src/svnqt/repository.h Examining data/kdesvn-2.1.0/src/svnqt/annotate_line.cpp Examining data/kdesvn-2.1.0/src/svnqt/client_update_parameter.cpp Examining data/kdesvn-2.1.0/src/svnqt/url.cpp Examining data/kdesvn-2.1.0/src/svnqt/svnqttypes.h Examining data/kdesvn-2.1.0/src/svnqt/client_diff.cpp Examining data/kdesvn-2.1.0/src/svnqt/pool.cpp Examining data/kdesvn-2.1.0/src/svnqt/apr.h Examining data/kdesvn-2.1.0/src/svnqt/datetime.h Examining data/kdesvn-2.1.0/src/svnqt/repoparameter.h Examining data/kdesvn-2.1.0/src/svnqt/client_ls.cpp Examining data/kdesvn-2.1.0/src/svnqt/status.h Examining data/kdesvn-2.1.0/src/svnqt/repositorydata.cpp Examining data/kdesvn-2.1.0/src/svnqt/client_commit_parameter.h Examining data/kdesvn-2.1.0/src/svnqt/contextdata.h Examining data/kdesvn-2.1.0/src/svnqt/client_annotate.cpp Examining data/kdesvn-2.1.0/src/svnqt/stringarray.h Examining data/kdesvn-2.1.0/src/svnqt/log_entry.cpp Examining data/kdesvn-2.1.0/src/svnqt/targets.h Examining data/kdesvn-2.1.0/src/svnqt/client_update_parameter.h Examining data/kdesvn-2.1.0/src/svnqt/contextdata.cpp Examining data/kdesvn-2.1.0/src/svnqt/info_entry.cpp Examining data/kdesvn-2.1.0/src/svnqt/client_merge.cpp Examining data/kdesvn-2.1.0/src/svnqt/datetime.cpp Examining data/kdesvn-2.1.0/src/kiosvn/kiobytestream.h Examining data/kdesvn-2.1.0/src/kiosvn/kiobytestream.cpp Examining data/kdesvn-2.1.0/src/kiosvn/kiosvn.cpp Examining data/kdesvn-2.1.0/src/kiosvn/kio_macros.h Examining data/kdesvn-2.1.0/src/kiosvn/kiolistener.cpp Examining data/kdesvn-2.1.0/src/kiosvn/kiolistener.h Examining data/kdesvn-2.1.0/src/kiosvn/kiosvn.h Examining data/kdesvn-2.1.0/src/kdesvn.h FINAL RESULTS: data/kdesvn-2.1.0/src/svnfrontend/graphtree/revisiontree.cpp:345:18: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. QString n; n.sprintf("%05ld", rev); data/kdesvn-2.1.0/src/svnqt/revision.cpp:166:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. value.sprintf("%li", m_revision.value.number); data/kdesvn-2.1.0/src/kdesvn.cpp:210:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). KStandardAction::open(this, SLOT(fileOpen()), actionCollection()); data/kdesvn-2.1.0/src/kdesvnview.cpp:154:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open; data/kdesvn-2.1.0/src/kdesvnview.cpp:161:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open; data/kdesvn-2.1.0/src/kdesvnview.cpp:177:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open; data/kdesvn-2.1.0/src/kdesvnview.cpp:320:20: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QTemporaryFile tmpfile; data/kdesvn-2.1.0/src/kdesvnview.cpp:324:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile.open(); data/kdesvn-2.1.0/src/kdesvnview.cpp:324:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpfile.open(); data/kdesvn-2.1.0/src/kdesvnview.cpp:325:74: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). KIO::FileCopyJob *job = KIO::file_copy(_uri, QUrl::fromLocalFile(tmpfile.fileName())); data/kdesvn-2.1.0/src/kdesvnview.cpp:331:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). _input = tmpfile.fileName(); data/kdesvn-2.1.0/src/kiosvn/kiosvn.cpp:371:27: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). QSharedPointer<QFile> tmpfile; data/kdesvn-2.1.0/src/kiosvn/kiosvn.cpp:398:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpfile->open(QIODevice::ReadWrite | QIODevice::Truncate); data/kdesvn-2.1.0/src/kiosvn/kiosvn.cpp:405:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!_tmpfile->open()) { data/kdesvn-2.1.0/src/ksvnwidgets/commitmsg_impl.cpp:467:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (ifs.open(QIODevice::ReadOnly)) { data/kdesvn-2.1.0/src/ksvnwidgets/commitmsg_impl.cpp:496:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tf.open(); data/kdesvn-2.1.0/src/ksvnwidgets/diffbrowser.cpp:98:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tfile.open(QIODevice::Truncate | QIODevice::WriteOnly | QIODevice::Unbuffered); data/kdesvn-2.1.0/src/svnfrontend/graphtree/revgraphview.cpp:463:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_dotTmpFile->open(); data/kdesvn-2.1.0/src/svnfrontend/graphtree/revgraphview.cpp:465:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!m_dotTmpFile->open()) { data/kdesvn-2.1.0/src/svnfrontend/svnactions.cpp:583:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!content.open()) { data/kdesvn-2.1.0/src/svnfrontend/svnactions.cpp:619:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/kdesvn-2.1.0/src/svnfrontend/svnactions.cpp:1139:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tfile.open(); data/kdesvn-2.1.0/src/svnfrontend/svnactions.cpp:1140:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tfile2.open(); data/kdesvn-2.1.0/src/svnfrontend/svnactions.cpp:1347:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tfile.open(); data/kdesvn-2.1.0/src/svnqt/cache/LogCache.cpp:164:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!aDb.open()) { data/kdesvn-2.1.0/src/svnqt/cache/LogCache.cpp:316:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (db.open()) { data/kdesvn-2.1.0/src/svnqt/cache/ReposLog.cpp:471:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadWrite); data/kdesvn-2.1.0/src/svnqt/diff_data.cpp:134:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fi.open(QIODevice::ReadOnly)) { data/kdesvn-2.1.0/src/svnqt/svnfilestream.cpp:50:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_File.open(mode); data/kdesvn-2.1.0/src/svnqt/svnstream.cpp:168:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ByteData->open(QIODevice::ReadWrite); data/kdesvn-2.1.0/src/svnqt/annotate_line.cpp:54:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). , m_date((date &&strlen(date)) ? QDateTime::fromString(QString::fromUtf8(date), Qt::ISODate) : QDateTime()) data/kdesvn-2.1.0/src/svnqt/annotate_line.cpp:58:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). , m_merge_date((merge_date &&strlen(merge_date)) ? QDateTime::fromString(QString::fromUtf8(merge_date), Qt::ISODate) : QDateTime()) data/kdesvn-2.1.0/src/svnqt/info_entry.cpp:221:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_changeList = QByteArray(item->wc_info->changelist, strlen(item->wc_info->changelist)); data/kdesvn-2.1.0/src/svnqt/svnfilestream.cpp:107:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long SvnFileIStream::read(char *data, const unsigned long max) data/kdesvn-2.1.0/src/svnqt/svnfilestream.cpp:112:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long res = m_FileData->m_File.read(data, max); data/kdesvn-2.1.0/src/svnqt/svnfilestream.h:65:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long read(char *data, const unsigned long max) override; data/kdesvn-2.1.0/src/svnqt/svnstream.cpp:73:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long res = b->isOk() ? b->read(data, *len) : -1; data/kdesvn-2.1.0/src/svnqt/svnstream.cpp:103:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). SvnStream::SvnStream(bool read, bool write, svn_client_ctx_t *ctx) data/kdesvn-2.1.0/src/svnqt/svnstream.cpp:108:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) { data/kdesvn-2.1.0/src/svnqt/svnstream.cpp:147:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). long SvnStream::read(char *, const unsigned long) data/kdesvn-2.1.0/src/svnqt/svnstream.h:92:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual long read(char *data, const unsigned long max); ANALYSIS SUMMARY: Hits = 41 Lines analyzed = 46724 in approximately 1.33 seconds (35010 lines/second) Physical Source Lines of Code (SLOC) = 31857 Hits@level = [0] 0 [1] 11 [2] 28 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 41 [1+] 41 [2+] 30 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 1.287 [1+] 1.287 [2+] 0.941708 [3+] 0.0627806 [4+] 0.0627806 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.