Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoType.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoType.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeAction.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeAction.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypePlatformPlugin.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeSelectDialog.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeSelectDialog.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeSelectView.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/AutoTypeSelectView.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/ShortcutWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/ShortcutWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/WildcardMatcher.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/WildcardMatcher.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/WindowSelectComboBox.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/WindowSelectComboBox.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/test/AutoTypeTest.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/test/AutoTypeTest.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/test/AutoTypeTestInterface.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/xcb/AutoTypeXCB.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/xcb/AutoTypeXCB.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/xcb/KeySymMap.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/AutoTypeAssociations.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/AutoTypeAssociations.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Config.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Config.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Database.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Database.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/DatabaseIcons.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/DatabaseIcons.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Endian.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Endian.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Entry.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Entry.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntryAttachments.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntryAttachments.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntryAttributes.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntryAttributes.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntrySearcher.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/EntrySearcher.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Exporter.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/FilePath.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/FilePath.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Global.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Group.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Group.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/InactivityTimer.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/InactivityTimer.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/ListDeleter.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Metadata.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Metadata.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/PasswordGenerator.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/PasswordGenerator.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/SignalMultiplexer.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/SignalMultiplexer.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/TimeDelta.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/TimeDelta.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/TimeInfo.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/TimeInfo.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/ToDbExporter.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/ToDbExporter.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Tools.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Tools.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Translator.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Translator.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Uuid.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/core/Uuid.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/CryptoHash.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/Random.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipher.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipher.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipherBackend.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipherGcrypt.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipherSalsa20.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipherSalsa20.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/Crypto.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/Crypto.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/CryptoHash.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/Random.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/crypto/SymmetricCipherGcrypt.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/CsvExporter.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/CsvExporter.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2RandomStream.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2RandomStream.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Repair.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Repair.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/AboutDialog.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/AboutDialog.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/Application.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/Application.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/ChangeMasterKeyWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/ChangeMasterKeyWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/Clipboard.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/Clipboard.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseOpenWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseOpenWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseRepairWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseRepairWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseSettingsWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseSettingsWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidgetStateSync.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidgetStateSync.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DialogyWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DialogyWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DragTabBar.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DragTabBar.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetIcons.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetIcons.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetProperties.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetProperties.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/FileDialog.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/FileDialog.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/IconModels.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/IconModels.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/KeePass1OpenWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/KeePass1OpenWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/LineEdit.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/LineEdit.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/MainWindow.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/MainWindow.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/MessageBox.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/MessageBox.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordComboBox.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordComboBox.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordEdit.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordEdit.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordGeneratorWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/PasswordGeneratorWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/SettingsWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/SettingsWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/SortFilterHideProxyModel.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/SortFilterHideProxyModel.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/UnlockDatabaseWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/UnlockDatabaseWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/WelcomeWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/WelcomeWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/AutoTypeAssociationsModel.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/AutoTypeAssociationsModel.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget_p.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryAttachmentsModel.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryAttachmentsModel.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryAttributesModel.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryAttributesModel.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryHistoryModel.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryHistoryModel.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryModel.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryModel.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryView.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EntryView.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/EditGroupWidget.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/EditGroupWidget.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/GroupModel.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/GroupModel.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/GroupView.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/gui/group/GroupView.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/CompositeKey.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/CompositeKey.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/CompositeKey_p.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/FileKey.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/FileKey.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/Key.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/PasswordKey.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/keys/PasswordKey.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/main.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/HashedBlockStream.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/HashedBlockStream.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/StoreDataStream.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/StoreDataStream.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.h Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/FailDevice.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/FailDevice.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestAutoType.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestAutoType.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCryptoHash.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCryptoHash.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCsvExporter.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCsvExporter.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntry.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntry.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntryModel.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntryModel.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntrySearcher.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntrySearcher.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestExporter.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestExporter.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroupModel.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroupModel.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass1Reader.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass1Reader.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2RandomStream.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2RandomStream.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Reader.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Reader.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2XmlReader.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2XmlReader.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeys.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeys.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestRandom.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestRandom.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestWildcardMatcher.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/TestWildcardMatcher.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGui.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGui.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGuiPixmaps.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGuiPixmaps.h Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/modeltest.cpp Examining data/keepassx-2.0.3+git20190121.1682ab9/tests/modeltest.h Examining data/keepassx-2.0.3+git20190121.1682ab9/utils/kdbx-extract.cpp FINAL RESULTS: data/keepassx-2.0.3+git20190121.1682ab9/src/core/Translator.cpp:35:29: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. language = QLocale::system().name(); data/keepassx-2.0.3+git20190121.1682ab9/src/core/Database.cpp:35:20: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. , m_uuid(Uuid::random()) data/keepassx-2.0.3+git20190121.1682ab9/src/core/Database.cpp:43:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. rootGroup()->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/src/core/Entry.cpp:454:31: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. entry->m_uuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/src/core/Group.cpp:64:31: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. recycleBin->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/src/core/Group.cpp:499:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. clonedGroup->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/src/core/Uuid.cpp:38:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid Uuid::random() data/keepassx-2.0.3+git20190121.1682ab9/src/core/Uuid.h:29:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. static Uuid random(); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:212:34: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. entry->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:565:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. group->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:898:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid uuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:508:42: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. group->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:604:30: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. group->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:694:42: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. entry->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:760:30: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. entry->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidget.cpp:268:31: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. m_newEntry->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseWidget.cpp:505:31: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. m_newGroup->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetIcons.cpp:139:35: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid uuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:43:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid gUuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:52:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid g1Uuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:56:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid e1Uuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:60:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid g2Uuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:64:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid e2Uuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:79:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid e3Uuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:137:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid g1Uuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestDeletedObjects.cpp:141:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid e1Uuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestEntry.cpp:87:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. entryOrg->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestExporter.cpp:39:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid iconUuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestExporter.cpp:43:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid iconUnusedUuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:97:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. g3->setIcon(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:302:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid groupIconUuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:307:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid entryIconUuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:410:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid group1Icon = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:416:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid group2Icon = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:422:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid entry1IconOld = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestGroup.cpp:428:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid entry1IconNew = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:49:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. group->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:53:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. entry->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:60:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. groupNew->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2XmlReader.cpp:447:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. entry->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:122:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. root->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:142:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. root->setIcon(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:148:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. g->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:168:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. g->setIcon(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:189:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. entry->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:224:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. entry->setIcon(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestModified.cpp:295:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. entry->setUuid(Uuid::random()); data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGuiPixmaps.cpp:81:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid iconUuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGuiPixmaps.cpp:124:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. Uuid iconUuid = Uuid::random(); data/keepassx-2.0.3+git20190121.1682ab9/src/autotype/xcb/AutoTypeXCB.cpp:815:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[200]; data/keepassx-2.0.3+git20190121.1682ab9/src/core/Config.cpp:130:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool openResult = tmpFile->open(); data/keepassx-2.0.3+git20190121.1682ab9/src/format/CsvExporter.cpp:29:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly | QIODevice::Truncate)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:260:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!keyFile->open(QFile::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:275:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!dbFile.open(QFile::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:356:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!cipherStream->open(QIODevice::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:374:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cipherStream->open(QIODevice::ReadOnly); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:62:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). headerStream.open(QIODevice::ReadOnly); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:127:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!cipherStream.open(QIODevice::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:140:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!hashedStream.open(QIODevice::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:154:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ioCompressor->open(QIODevice::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:172:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer->open(QIODevice::ReadOnly); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:205:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Repair.cpp:86:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp:61:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). header.open(QIODevice::WriteOnly); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp:93:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!cipherStream.open(QIODevice::WriteOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp:101:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!hashedStream.open(QIODevice::WriteOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp:114:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!ioCompressor->open(QIODevice::WriteOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Writer.cpp:177:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly|QIODevice::Truncate)) { data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:140:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:1141:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlReader.cpp:1145:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). compressor.open(QIODevice::ReadOnly); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.cpp:69:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::WriteOnly|QIODevice::Truncate); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.cpp:169:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::WriteOnly); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.cpp:193:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadWrite); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2XmlWriter.cpp:197:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). compressor.open(QIODevice::WriteOnly); data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseOpenWidget.cpp:101:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseRepairWidget.cpp:62:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.cpp:135:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadWrite)) { data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.cpp:136:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.cpp:300:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (saveFile.open(QIODevice::WriteOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/gui/DatabaseTabWidget.cpp:376:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!saveFile.open(QIODevice::WriteOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/gui/KeePass1OpenWidget.cpp:51:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget.cpp:626:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget.cpp:661:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/gui/entry/EditEntryWidget.cpp:688:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file->open()) { data/keepassx-2.0.3+git20190121.1682ab9/src/keys/FileKey.cpp:78:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/keys/FileKey.cpp:135:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/streams/HashedBlockStream.cpp:119:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + offset, m_buffer.constData() + m_bufferPos, bytesToCopy); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.cpp:37:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool LayeredStream::open(QIODevice::OpenMode mode) data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.cpp:72:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QIODevice::open(mode); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.h:32:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(QIODevice::OpenMode mode) override; data/keepassx-2.0.3+git20190121.1682ab9/src/streams/StoreDataStream.cpp:25:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool StoreDataStream::open(QIODevice::OpenMode mode) data/keepassx-2.0.3+git20190121.1682ab9/src/streams/StoreDataStream.cpp:27:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool result = LayeredStream::open(mode); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/StoreDataStream.h:29:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(QIODevice::OpenMode mode) override; data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.cpp:57:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool SymmetricCipherStream::open(QIODevice::OpenMode mode) data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.cpp:63:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return LayeredStream::open(mode); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.cpp:115:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + offset, m_buffer.constData() + m_bufferPos, bytesToCopy); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.h:36:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(QIODevice::OpenMode mode) override; data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:327:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QtIOCompressor::open(OpenMode mode) data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:360:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (d->device->open(mode) == false) { data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:414:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QIODevice::open(mode); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.h:64:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(OpenMode mode); data/keepassx-2.0.3+git20190121.1682ab9/tests/FailDevice.cpp:28:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool FailDevice::open(QIODevice::OpenMode openMode) data/keepassx-2.0.3+git20190121.1682ab9/tests/FailDevice.cpp:30:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QBuffer::open(openMode | QIODevice::Unbuffered); data/keepassx-2.0.3+git20190121.1682ab9/tests/FailDevice.h:29:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(QIODevice::OpenMode openMode) override; data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCsvExporter.cpp:66:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(buffer.open(QIODevice::ReadWrite)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCsvExporter.cpp:77:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(buffer.open(QIODevice::ReadWrite)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestCsvExporter.cpp:97:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(buffer.open(QIODevice::ReadWrite)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:39:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(buffer.open(QIODevice::ReadWrite)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:42:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(writer.open(QIODevice::WriteOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:45:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(reader.open(QIODevice::ReadOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:78:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(buffer.open(QIODevice::WriteOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:81:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(writer.open(QIODevice::WriteOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:93:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(failDevice.open(QIODevice::WriteOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:98:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(writer.open(QIODevice::WriteOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass1Reader.cpp:273:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadWrite); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:66:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QBuffer::ReadWrite); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:123:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(failDevice.open(QIODevice::WriteOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2Writer.cpp:150:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeePass2XmlReader.cpp:461:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadWrite); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeys.cpp:126:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). keyBuffer.open(QBuffer::ReadWrite); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestKeys.cpp:141:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dbBuffer.open(QBuffer::ReadWrite); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:58:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::WriteOnly); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:59:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(stream.open(QIODevice::WriteOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:107:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:108:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(stream.open(QIODevice::ReadOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:190:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadWrite); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:195:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). streamEnc.open(QIODevice::WriteOnly); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:205:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). streamDec.open(QIODevice::ReadOnly); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:216:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(buffer.open(QIODevice::WriteOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:220:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(writer.open(QIODevice::WriteOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGui.cpp:64:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(sourceDbFile.open(QIODevice::ReadOnly)); data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGui.cpp:67:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(m_orgDbFile.open()); data/keepassx-2.0.3+git20190121.1682ab9/tests/gui/TestGui.cpp:378:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(tmpFile->open()); data/keepassx-2.0.3+git20190121.1682ab9/utils/kdbx-extract.cpp:62:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!dbFile.open(QIODevice::ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/core/Endian.cpp:78:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray ba = device->read(2); data/keepassx-2.0.3+git20190121.1682ab9/src/core/Endian.cpp:92:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray ba = device->read(4); data/keepassx-2.0.3+git20190121.1682ab9/src/core/Endian.cpp:106:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray ba = device->read(8); data/keepassx-2.0.3+git20190121.1682ab9/src/core/Tools.cpp:89:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 readResult = device->read(buffer.data(), size); data/keepassx-2.0.3+git20190121.1682ab9/src/core/Tools.cpp:107:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readResult = device->read(result.data() + readBytes, result.size() - readBytes); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:121:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_masterSeed = m_device->read(16); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:127:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_encryptionIV = m_device->read(16); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:145:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_contentHashHeader = m_device->read(32); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:151:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_transformSeed = m_device->read(32); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:459:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray fieldData = cipherStream->read(fieldSize); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:597:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray fieldData = cipherStream->read(fieldSize); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:989:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray data = device->read(32); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass1Reader.cpp:998:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray data = device->read(64); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:132:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray realStart = cipherStream.read(32); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:253:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray fieldIDArray = m_headerStream->read(1); data/keepassx-2.0.3+git20190121.1682ab9/src/format/KeePass2Reader.cpp:269:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fieldData = m_headerStream->read(fieldLen); data/keepassx-2.0.3+git20190121.1682ab9/src/gui/EditWidgetIcons.cpp:137:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QImage image = imageReader.read(); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/HashedBlockStream.cpp:140:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QByteArray hash = m_baseDevice->read(32); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/HashedBlockStream.cpp:165:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_buffer = m_baseDevice->read(m_blockSize); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/LayeredStream.cpp:78:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return m_baseDevice->read(data, maxSize); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/SymmetricCipherStream.cpp:137:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int readResult = m_baseDevice->read(newData.data(), newData.size()); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:338:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const bool both = (read && write); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:339:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const bool neither = !(read || write); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:349:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read && !(deviceMode & ReadOnly)) { data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:387:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) { data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:525:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 bytesAvalible = d->device->read(reinterpret_cast<char *>(d->buffer), d->bufferSize); data/keepassx-2.0.3+git20190121.1682ab9/src/streams/qtiocompressor.cpp:615:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(versionString) < 3) data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:50:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(reader.read(17), data.left(16)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:58:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(reader.read(5), data.left(5)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:59:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(reader.read(5), data.mid(5, 5)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:60:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(reader.read(1).size(), 0); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:68:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(reader.read(20), data.left(20)); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestHashedBlockStream.cpp:69:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(reader.read(1).size(), 0); data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:110:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(stream.read(10), data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:114:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(stream.read(20), data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:118:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(stream.read(16), data/keepassx-2.0.3+git20190121.1682ab9/tests/TestSymmetricCipher.cpp:122:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(stream.read(100), ANALYSIS SUMMARY: Hits = 172 Lines analyzed = 34353 in approximately 0.88 seconds (39213 lines/second) Physical Source Lines of Code (SLOC) = 24185 Hits@level = [0] 0 [1] 37 [2] 86 [3] 48 [4] 1 [5] 0 Hits@level+ = [0+] 172 [1+] 172 [2+] 135 [3+] 49 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 7.11185 [1+] 7.11185 [2+] 5.58197 [3+] 2.02605 [4+] 0.0413479 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.