Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoType.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoType.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeAction.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeAction.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypePlatformPlugin.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeSelectDialog.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeSelectDialog.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeSelectView.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeSelectView.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/ShortcutWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/ShortcutWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/WildcardMatcher.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/WildcardMatcher.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/WindowSelectComboBox.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/WindowSelectComboBox.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/test/AutoTypeTest.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/test/AutoTypeTest.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/test/AutoTypeTestInterface.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/xcb/AutoTypeXCB.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/xcb/AutoTypeXCB.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/xcb/KeySymMap.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/AutoTypeAssociations.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/AutoTypeAssociations.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Config.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Config.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Database.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Database.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/DatabaseIcons.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/DatabaseIcons.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Endian.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Endian.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Entry.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Entry.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntryAttachments.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntryAttachments.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntryAttributes.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntryAttributes.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntrySearcher.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntrySearcher.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Exporter.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/FilePath.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/FilePath.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Global.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Group.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Group.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/InactivityTimer.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/InactivityTimer.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/ListDeleter.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Metadata.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Metadata.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/PasswordGenerator.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/PasswordGenerator.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/SignalMultiplexer.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/SignalMultiplexer.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/TimeDelta.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/TimeDelta.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/TimeInfo.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/TimeInfo.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/ToDbExporter.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/ToDbExporter.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Tools.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Tools.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Translator.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Translator.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Uuid.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Uuid.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/CryptoHash.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/Random.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipher.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipher.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipherBackend.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipherGcrypt.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipherSalsa20.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipherSalsa20.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/Crypto.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/Crypto.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/CryptoHash.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/Random.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipherGcrypt.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/CsvExporter.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/CsvExporter.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2RandomStream.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2RandomStream.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Repair.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Repair.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/AboutDialog.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/AboutDialog.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/Application.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/Application.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/ChangeMasterKeyWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/ChangeMasterKeyWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/Clipboard.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/Clipboard.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseOpenWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseOpenWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseRepairWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseRepairWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseSettingsWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseSettingsWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidgetStateSync.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidgetStateSync.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DialogyWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DialogyWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DragTabBar.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DragTabBar.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetIcons.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetIcons.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetProperties.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetProperties.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/FileDialog.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/FileDialog.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/IconModels.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/IconModels.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/KeePass1OpenWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/KeePass1OpenWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/LineEdit.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/LineEdit.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/MainWindow.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/MainWindow.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/MessageBox.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/MessageBox.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordComboBox.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordComboBox.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordEdit.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordEdit.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordGeneratorWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordGeneratorWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/SettingsWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/SettingsWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/SortFilterHideProxyModel.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/SortFilterHideProxyModel.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/UnlockDatabaseWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/UnlockDatabaseWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/WelcomeWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/WelcomeWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/AutoTypeAssociationsModel.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/AutoTypeAssociationsModel.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget_p.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryAttachmentsModel.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryAttachmentsModel.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryAttributesModel.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryAttributesModel.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryHistoryModel.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryHistoryModel.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryModel.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryModel.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryView.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryView.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/EditGroupWidget.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/EditGroupWidget.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/GroupModel.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/GroupModel.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/GroupView.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/GroupView.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/CompositeKey.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/CompositeKey.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/CompositeKey_p.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/FileKey.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/FileKey.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/Key.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/PasswordKey.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/PasswordKey.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/main.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/HashedBlockStream.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/HashedBlockStream.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/StoreDataStream.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/StoreDataStream.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/FailDevice.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/FailDevice.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestAutoType.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestAutoType.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCryptoHash.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCryptoHash.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCsvExporter.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCsvExporter.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntry.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntry.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntryModel.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntryModel.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntrySearcher.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntrySearcher.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestExporter.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestExporter.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroupModel.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroupModel.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass1Reader.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass1Reader.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2RandomStream.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2RandomStream.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Reader.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Reader.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2XmlReader.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2XmlReader.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeys.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeys.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestRandom.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestRandom.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestWildcardMatcher.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestWildcardMatcher.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGui.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGui.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGuiPixmaps.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGuiPixmaps.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/modeltest.cpp
Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/modeltest.h
Examining data/keepassx-2.0.3+git20190121.1682ab9/utils/kdbx-extract.cpp
FINAL RESULTS:
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Translator.cpp:35:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
language = QLocale::system().name();
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Database.cpp:35:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
, m_uuid(Uuid::random())
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Database.cpp:43:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rootGroup()->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Entry.cpp:454:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
entry->m_uuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Group.cpp:64:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
recycleBin->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Group.cpp:499:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
clonedGroup->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Uuid.cpp:38:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid Uuid::random()
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Uuid.h:29:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
static Uuid random();
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:212:34: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
entry->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:565:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
group->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:898:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid uuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:508:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
group->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:604:30: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
group->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:694:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
entry->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:760:30: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
entry->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidget.cpp:268:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
m_newEntry->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidget.cpp:505:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
m_newGroup->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetIcons.cpp:139:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid uuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:43:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid gUuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:52:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid g1Uuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:56:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid e1Uuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:60:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid g2Uuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:64:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid e2Uuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:79:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid e3Uuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:137:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid g1Uuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:141:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid e1Uuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntry.cpp:87:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
entryOrg->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestExporter.cpp:39:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid iconUuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestExporter.cpp:43:33: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid iconUnusedUuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:97:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g3->setIcon(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:302:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid groupIconUuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:307:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid entryIconUuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:410:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid group1Icon = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:416:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid group2Icon = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:422:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid entry1IconOld = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:428:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid entry1IconNew = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:49:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
group->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:53:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
entry->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:60:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
groupNew->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2XmlReader.cpp:447:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
entry->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:122:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
root->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:142:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
root->setIcon(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:148:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:168:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
g->setIcon(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:189:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
entry->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:224:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
entry->setIcon(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:295:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
entry->setUuid(Uuid::random());
data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGuiPixmaps.cpp:81:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid iconUuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGuiPixmaps.cpp:124:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
Uuid iconUuid = Uuid::random();
data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/xcb/AutoTypeXCB.cpp:815:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[200];
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Config.cpp:130:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool openResult = tmpFile->open();
data/keepassx-2.0.3+git20190121.1682ab9/src/format/CsvExporter.cpp:29:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Truncate)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:260:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!keyFile->open(QFile::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:275:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dbFile.open(QFile::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:356:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cipherStream->open(QIODevice::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:374:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cipherStream->open(QIODevice::ReadOnly);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:62:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
headerStream.open(QIODevice::ReadOnly);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:127:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cipherStream.open(QIODevice::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:140:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!hashedStream.open(QIODevice::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:154:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!ioCompressor->open(QIODevice::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:172:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer->open(QIODevice::ReadOnly);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:205:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Repair.cpp:86:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp:61:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
header.open(QIODevice::WriteOnly);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp:93:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cipherStream.open(QIODevice::WriteOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp:101:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!hashedStream.open(QIODevice::WriteOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp:114:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!ioCompressor->open(QIODevice::WriteOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp:177:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly|QIODevice::Truncate)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:140:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:1141:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:1145:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
compressor.open(QIODevice::ReadOnly);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.cpp:69:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly|QIODevice::Truncate);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.cpp:169:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.cpp:193:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadWrite);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.cpp:197:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
compressor.open(QIODevice::WriteOnly);
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseOpenWidget.cpp:101:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseRepairWidget.cpp:62:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.cpp:135:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadWrite)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.cpp:136:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.cpp:300:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (saveFile.open(QIODevice::WriteOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.cpp:376:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!saveFile.open(QIODevice::WriteOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/KeePass1OpenWidget.cpp:51:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget.cpp:626:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget.cpp:661:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget.cpp:688:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open()) {
data/keepassx-2.0.3+git20190121.1682ab9/src/keys/FileKey.cpp:78:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/keys/FileKey.cpp:135:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/HashedBlockStream.cpp:119:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + offset, m_buffer.constData() + m_bufferPos, bytesToCopy);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.cpp:37:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool LayeredStream::open(QIODevice::OpenMode mode)
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.cpp:72:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.h:32:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(QIODevice::OpenMode mode) override;
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/StoreDataStream.cpp:25:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool StoreDataStream::open(QIODevice::OpenMode mode)
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/StoreDataStream.cpp:27:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool result = LayeredStream::open(mode);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/StoreDataStream.h:29:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(QIODevice::OpenMode mode) override;
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.cpp:57:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool SymmetricCipherStream::open(QIODevice::OpenMode mode)
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.cpp:63:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return LayeredStream::open(mode);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.cpp:115:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + offset, m_buffer.constData() + m_bufferPos, bytesToCopy);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.h:36:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(QIODevice::OpenMode mode) override;
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:327:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QtIOCompressor::open(OpenMode mode)
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:360:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (d->device->open(mode) == false) {
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:414:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.h:64:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode);
data/keepassx-2.0.3+git20190121.1682ab9/tests/FailDevice.cpp:28:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool FailDevice::open(QIODevice::OpenMode openMode)
data/keepassx-2.0.3+git20190121.1682ab9/tests/FailDevice.cpp:30:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QBuffer::open(openMode | QIODevice::Unbuffered);
data/keepassx-2.0.3+git20190121.1682ab9/tests/FailDevice.h:29:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(QIODevice::OpenMode openMode) override;
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCsvExporter.cpp:66:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(buffer.open(QIODevice::ReadWrite));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCsvExporter.cpp:77:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(buffer.open(QIODevice::ReadWrite));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCsvExporter.cpp:97:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(buffer.open(QIODevice::ReadWrite));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:39:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(buffer.open(QIODevice::ReadWrite));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:42:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(writer.open(QIODevice::WriteOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:45:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(reader.open(QIODevice::ReadOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:78:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(buffer.open(QIODevice::WriteOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:81:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(writer.open(QIODevice::WriteOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:93:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(failDevice.open(QIODevice::WriteOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:98:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(writer.open(QIODevice::WriteOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass1Reader.cpp:273:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadWrite);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:66:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QBuffer::ReadWrite);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:123:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(failDevice.open(QIODevice::WriteOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:150:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2XmlReader.cpp:461:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadWrite);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeys.cpp:126:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keyBuffer.open(QBuffer::ReadWrite);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeys.cpp:141:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dbBuffer.open(QBuffer::ReadWrite);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:58:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:59:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(stream.open(QIODevice::WriteOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:107:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:108:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(stream.open(QIODevice::ReadOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:190:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadWrite);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:195:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
streamEnc.open(QIODevice::WriteOnly);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:205:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
streamDec.open(QIODevice::ReadOnly);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:216:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(buffer.open(QIODevice::WriteOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:220:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(writer.open(QIODevice::WriteOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGui.cpp:64:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(sourceDbFile.open(QIODevice::ReadOnly));
data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGui.cpp:67:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(m_orgDbFile.open());
data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGui.cpp:378:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tmpFile->open());
data/keepassx-2.0.3+git20190121.1682ab9/utils/kdbx-extract.cpp:62:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dbFile.open(QIODevice::ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Endian.cpp:78:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray ba = device->read(2);
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Endian.cpp:92:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray ba = device->read(4);
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Endian.cpp:106:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray ba = device->read(8);
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Tools.cpp:89:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 readResult = device->read(buffer.data(), size);
data/keepassx-2.0.3+git20190121.1682ab9/src/core/Tools.cpp:107:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readResult = device->read(result.data() + readBytes, result.size() - readBytes);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:121:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_masterSeed = m_device->read(16);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:127:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_encryptionIV = m_device->read(16);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:145:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_contentHashHeader = m_device->read(32);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:151:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_transformSeed = m_device->read(32);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:459:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray fieldData = cipherStream->read(fieldSize);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:597:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray fieldData = cipherStream->read(fieldSize);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:989:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray data = device->read(32);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:998:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray data = device->read(64);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:132:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray realStart = cipherStream.read(32);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:253:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray fieldIDArray = m_headerStream->read(1);
data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:269:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fieldData = m_headerStream->read(fieldLen);
data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetIcons.cpp:137:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QImage image = imageReader.read();
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/HashedBlockStream.cpp:140:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray hash = m_baseDevice->read(32);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/HashedBlockStream.cpp:165:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_buffer = m_baseDevice->read(m_blockSize);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.cpp:78:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_baseDevice->read(data, maxSize);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.cpp:137:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int readResult = m_baseDevice->read(newData.data(), newData.size());
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:338:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const bool both = (read && write);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:339:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const bool neither = !(read || write);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:349:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && !(deviceMode & ReadOnly)) {
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:387:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:525:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 bytesAvalible = d->device->read(reinterpret_cast<char *>(d->buffer), d->bufferSize);
data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:615:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(versionString) < 3)
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:50:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(reader.read(17), data.left(16));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:58:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(reader.read(5), data.left(5));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:59:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(reader.read(5), data.mid(5, 5));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:60:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(reader.read(1).size(), 0);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:68:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(reader.read(20), data.left(20));
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:69:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(reader.read(1).size(), 0);
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:110:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(stream.read(10),
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:114:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(stream.read(20),
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:118:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(stream.read(16),
data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:122:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(stream.read(100),
ANALYSIS SUMMARY:
Hits = 172
Lines analyzed = 34353 in approximately 0.88 seconds (39213 lines/second)
Physical Source Lines of Code (SLOC) = 24185
Hits@level = [0] 0 [1] 37 [2] 86 [3] 48 [4] 1 [5] 0
Hits@level+ = [0+] 172 [1+] 172 [2+] 135 [3+] 49 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 7.11185 [1+] 7.11185 [2+] 5.58197 [3+] 2.02605 [4+] 0.0413479 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.