Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kfilemetadata-kf5-5.74.0/autotests/propertyinfotest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/embeddedimagedatatest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/externalwritertest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/indexerextractortests.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/usermetadatawritertest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/externalextractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/taglibextractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/propertyinfotest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/popplerextractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/epubextractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/ffmpegextractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/mobiextractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/odfextractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/epubextractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/writercollectiontest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/odfextractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/appimageextractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/mobiextractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/popplerextractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/xmlextractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/office2007extractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/extractorcollectiontest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/taglibwritertest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/exiv2extractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/postscriptdscextractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/externalextractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/taglibextractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/exiv2extractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/embeddedimagedatatest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/indexerextractortests.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/ffmpegextractortest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/taglibwritertest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/appimageextractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/externalwritertest.h
Examining data/kfilemetadata-kf5-5.74.0/autotests/extractorcoveragetest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/xmlextractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/office2007extractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/postscriptdscextractortest.cpp
Examining data/kfilemetadata-kf5-5.74.0/autotests/usermetadatawritertest.cpp
Examining data/kfilemetadata-kf5-5.74.0/tests/dump.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/typeinfo.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/externalextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/formatstrings.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/writercollection.h
Examining data/kfilemetadata-kf5-5.74.0/src/xattr_p.h
Examining data/kfilemetadata-kf5-5.74.0/src/propertyinfo.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractorcollection.h
Examining data/kfilemetadata-kf5-5.74.0/src/formatstrings_p.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractor_p.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/writers/taglibwriter.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/writers/taglibwriter.h
Examining data/kfilemetadata-kf5-5.74.0/src/externalwriter.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/writer.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/writerplugin.h
Examining data/kfilemetadata-kf5-5.74.0/src/writer_p.h
Examining data/kfilemetadata-kf5-5.74.0/src/externalextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/writedata.h
Examining data/kfilemetadata-kf5-5.74.0/src/mimeutils.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/types.h
Examining data/kfilemetadata-kf5-5.74.0/src/propertyinfo.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/writedata.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/usermetadata.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/embeddedimagedata.h
Examining data/kfilemetadata-kf5-5.74.0/src/usermetadata.h
Examining data/kfilemetadata-kf5-5.74.0/src/externalwriter.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractorcollection.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/writer.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/simpleextractionresult.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/simpleextractionresult.h
Examining data/kfilemetadata-kf5-5.74.0/src/properties.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractorplugin.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractionresult.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/exiv2extractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/popplerextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/plaintextextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/taglibextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/plaintextextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/popplerextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/odfextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/postscriptdscextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/epubextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/office2007extractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/poextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/epubextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/ffmpegextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/poextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/dublincoreextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/officeextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/postscriptdscextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/taglibextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/mobiextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/dublincoreextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/xmlextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/appimageextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/appimageextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/ffmpegextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/xmlextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/office2007extractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/mobiextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/officeextractor.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/exiv2extractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractors/odfextractor.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractorplugin.h
Examining data/kfilemetadata-kf5-5.74.0/src/typeinfo.h
Examining data/kfilemetadata-kf5-5.74.0/src/extractionresult.h
Examining data/kfilemetadata-kf5-5.74.0/src/writercollection.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/writerplugin.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/embeddedimagedata.cpp
Examining data/kfilemetadata-kf5-5.74.0/src/mimeutils.h

FINAL RESULTS:

data/kfilemetadata-kf5-5.74.0/src/extractors/appimageextractor.cpp:86:38:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    const auto localeName = QLocale::system().bcp47Name();
data/kfilemetadata-kf5-5.74.0/autotests/embeddedimagedatatest.cpp:33:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    testFile.open(QIODevice::ReadOnly);
data/kfilemetadata-kf5-5.74.0/autotests/embeddedimagedatatest.cpp:109:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    testFile.open(QIODevice::ReadOnly);
data/kfilemetadata-kf5-5.74.0/autotests/externalextractortest.cpp:26:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file.open();
data/kfilemetadata-kf5-5.74.0/autotests/externalwritertest.cpp:27:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file.open();
data/kfilemetadata-kf5-5.74.0/autotests/indexerextractortests.cpp:36:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(file.open());
data/kfilemetadata-kf5-5.74.0/autotests/xmlextractortest.cpp:54:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(file.open());
data/kfilemetadata-kf5-5.74.0/src/externalextractor.cpp:57:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    manifest.open(QIODevice::ReadOnly);
data/kfilemetadata-kf5-5.74.0/src/externalwriter.cpp:59:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    manifest.open(QIODevice::ReadOnly);
data/kfilemetadata-kf5-5.74.0/src/extractors/appimageextractor.cpp:204:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    tmpDesktopFile.open();
data/kfilemetadata-kf5-5.74.0/src/extractors/exiv2extractor.cpp:144:38:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        image = Exiv2::ImageFactory::open(fileString);
data/kfilemetadata-kf5-5.74.0/src/extractors/mobiextractor.cpp:23:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        d.open(QIODevice::ReadOnly);
data/kfilemetadata-kf5-5.74.0/src/extractors/odfextractor.cpp:59:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!zip.open(QIODevice::ReadOnly)) {
data/kfilemetadata-kf5-5.74.0/src/extractors/office2007extractor.cpp:38:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!zip.open(QIODevice::ReadOnly)) {
data/kfilemetadata-kf5-5.74.0/src/extractors/plaintextextractor.cpp:46:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(filePath.constData(), O_RDONLY | O_NOATIME);
data/kfilemetadata-kf5-5.74.0/src/extractors/plaintextextractor.cpp:52:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open(filePath.constData(), O_RDONLY);
data/kfilemetadata-kf5-5.74.0/src/extractors/postscriptdscextractor.cpp:34:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!file.open(QIODevice::ReadOnly)) {
data/kfilemetadata-kf5-5.74.0/src/extractors/xmlextractor.cpp:67:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!file.open(QIODevice::ReadOnly)) {
data/kfilemetadata-kf5-5.74.0/src/xattr_p.h:328:9:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        TCHAR msg[1024];
data/kfilemetadata-kf5-5.74.0/src/extractors/mobiextractor.cpp:25:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int read(char* buf, int size) override {
data/kfilemetadata-kf5-5.74.0/src/extractors/mobiextractor.cpp:26:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        return d.read(buf, size);

ANALYSIS SUMMARY:

Hits = 21
Lines analyzed = 12524 in approximately 0.91 seconds (13795 lines/second)
Physical Source Lines of Code (SLOC) = 8841
Hits@level = [0]   0 [1]   2 [2]  18 [3]   0 [4]   1 [5]   0
Hits@level+ = [0+]  21 [1+]  21 [2+]  19 [3+]   1 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 2.3753 [1+] 2.3753 [2+] 2.14908 [3+] 0.113109 [4+] 0.113109 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.