Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kgpg-20.08.1/caff.h
Examining data/kgpg-20.08.1/detailedconsole.cpp
Examining data/kgpg-20.08.1/keytreeview.h
Examining data/kgpg-20.08.1/kgpg.cpp
Examining data/kgpg-20.08.1/kgpgchangekey.cpp
Examining data/kgpg-20.08.1/detailedconsole.h
Examining data/kgpg-20.08.1/kgpgtextinterface.h
Examining data/kgpg-20.08.1/kgpgkeygenerate.h
Examining data/kgpg-20.08.1/keytreeview.cpp
Examining data/kgpg-20.08.1/keyexport.h
Examining data/kgpg-20.08.1/kgpgoptions.cpp
Examining data/kgpg-20.08.1/gpgproc.cpp
Examining data/kgpg-20.08.1/klinebufferedprocess.cpp
Examining data/kgpg-20.08.1/kgpginterface.cpp
Examining data/kgpg-20.08.1/newkey.cpp
Examining data/kgpg-20.08.1/keyinfodialog.cpp
Examining data/kgpg-20.08.1/klinebufferedprocessprivate.cpp
Examining data/kgpg-20.08.1/selectpublickeydialog.h
Examining data/kgpg-20.08.1/klinebufferedprocessprivate.h
Examining data/kgpg-20.08.1/groupedit.cpp
Examining data/kgpg-20.08.1/gpgproc.h
Examining data/kgpg-20.08.1/tests/kgpgdelkey.h
Examining data/kgpg-20.08.1/tests/kgpgchangetrust.h
Examining data/kgpg-20.08.1/tests/common.cpp
Examining data/kgpg-20.08.1/tests/kgpgaddphoto.h
Examining data/kgpg-20.08.1/tests/kgpginterface.cpp
Examining data/kgpg-20.08.1/tests/kgpgverify.cpp
Examining data/kgpg-20.08.1/tests/kgpgdecrypt.h
Examining data/kgpg-20.08.1/tests/common.h
Examining data/kgpg-20.08.1/tests/kgpgadduid.h
Examining data/kgpg-20.08.1/tests/kgpgimport.h
Examining data/kgpg-20.08.1/tests/kgpgchangetrust.cpp
Examining data/kgpg-20.08.1/tests/kgpgimport.cpp
Examining data/kgpg-20.08.1/tests/kgpgchangedisable.cpp
Examining data/kgpg-20.08.1/tests/kgpginterface.h
Examining data/kgpg-20.08.1/tests/kgpgchangedisable.h
Examining data/kgpg-20.08.1/tests/kgpgadduid.cpp
Examining data/kgpg-20.08.1/tests/kgpgexport.h
Examining data/kgpg-20.08.1/tests/kgpgdelkey.cpp
Examining data/kgpg-20.08.1/tests/kgpgdecrypt.cpp
Examining data/kgpg-20.08.1/tests/kgpgencrypt.cpp
Examining data/kgpg-20.08.1/tests/kgpgexport.cpp
Examining data/kgpg-20.08.1/tests/kgpgencrypt.h
Examining data/kgpg-20.08.1/tests/kgpgaddphoto.cpp
Examining data/kgpg-20.08.1/tests/kgpgverify.h
Examining data/kgpg-20.08.1/foldercompressjob.h
Examining data/kgpg-20.08.1/kgpgfirstassistant.h
Examining data/kgpg-20.08.1/keyservers.h
Examining data/kgpg-20.08.1/caff.cpp
Examining data/kgpg-20.08.1/selectsecretkey.h
Examining data/kgpg-20.08.1/keysmanager.h
Examining data/kgpg-20.08.1/groupedit.h
Examining data/kgpg-20.08.1/kgpgrevokewidget.h
Examining data/kgpg-20.08.1/sourceselect.h
Examining data/kgpg-20.08.1/keyinfodialog.h
Examining data/kgpg-20.08.1/selectsecretkey.cpp
Examining data/kgpg-20.08.1/kgpg.h
Examining data/kgpg-20.08.1/kgpgtextinterface.cpp
Examining data/kgpg-20.08.1/kgpgfirstassistant.cpp
Examining data/kgpg-20.08.1/main.cpp
Examining data/kgpg-20.08.1/core/KGpgSignNode.cpp
Examining data/kgpg-20.08.1/core/KGpgGroupMemberNode.h
Examining data/kgpg-20.08.1/core/KGpgExpandableNode.cpp
Examining data/kgpg-20.08.1/core/KGpgNode.h
Examining data/kgpg-20.08.1/core/KGpgGroupMemberNode.cpp
Examining data/kgpg-20.08.1/core/KGpgExpandableNode.h
Examining data/kgpg-20.08.1/core/emailvalidator.cpp
Examining data/kgpg-20.08.1/core/KGpgRootNode.h
Examining data/kgpg-20.08.1/core/KGpgSignableNode.cpp
Examining data/kgpg-20.08.1/core/KGpgSignableNode.h
Examining data/kgpg-20.08.1/core/KGpgRootNode.cpp
Examining data/kgpg-20.08.1/core/KGpgOrphanNode.cpp
Examining data/kgpg-20.08.1/core/KGpgUatNode.cpp
Examining data/kgpg-20.08.1/core/KGpgSubkeyNode.cpp
Examining data/kgpg-20.08.1/core/images.cpp
Examining data/kgpg-20.08.1/core/KGpgGroupNode.h
Examining data/kgpg-20.08.1/core/kgpgkey.h
Examining data/kgpg-20.08.1/core/kgpgkey.cpp
Examining data/kgpg-20.08.1/core/KGpgSubkeyNode.h
Examining data/kgpg-20.08.1/core/KGpgRefNode.cpp
Examining data/kgpg-20.08.1/core/KGpgKeyNode.cpp
Examining data/kgpg-20.08.1/core/convert.cpp
Examining data/kgpg-20.08.1/core/KGpgUidNode.cpp
Examining data/kgpg-20.08.1/core/KGpgSignNode.h
Examining data/kgpg-20.08.1/core/KGpgUatNode.h
Examining data/kgpg-20.08.1/core/KGpgGroupNode.cpp
Examining data/kgpg-20.08.1/core/convert.h
Examining data/kgpg-20.08.1/core/KGpgOrphanNode.h
Examining data/kgpg-20.08.1/core/KGpgKeyNode.h
Examining data/kgpg-20.08.1/core/KGpgUidNode.h
Examining data/kgpg-20.08.1/core/emailvalidator.h
Examining data/kgpg-20.08.1/core/KGpgNode.cpp
Examining data/kgpg-20.08.1/core/images.h
Examining data/kgpg-20.08.1/core/KGpgRefNode.h
Examining data/kgpg-20.08.1/model/kgpgitemmodel.h
Examining data/kgpg-20.08.1/model/keylistproxymodel.h
Examining data/kgpg-20.08.1/model/kgpgitemmodel.cpp
Examining data/kgpg-20.08.1/model/selectkeyproxymodel.h
Examining data/kgpg-20.08.1/model/keylistproxymodel.cpp
Examining data/kgpg-20.08.1/model/kgpgsearchresultmodel.cpp
Examining data/kgpg-20.08.1/model/groupeditproxymodel.h
Examining data/kgpg-20.08.1/model/gpgservermodel.cpp
Examining data/kgpg-20.08.1/model/selectkeyproxymodel.cpp
Examining data/kgpg-20.08.1/model/groupeditproxymodel.cpp
Examining data/kgpg-20.08.1/model/kgpgitemnode.h
Examining data/kgpg-20.08.1/model/kgpgsearchresultmodel.h
Examining data/kgpg-20.08.1/model/gpgservermodel.h
Examining data/kgpg-20.08.1/kgpginterface.h
Examining data/kgpg-20.08.1/kgpgsettings_addons.h
Examining data/kgpg-20.08.1/transactions/kgpgdelkey.h
Examining data/kgpg-20.08.1/transactions/kgpgkeyservergettransaction.cpp
Examining data/kgpg-20.08.1/transactions/kgpgchangetrust.h
Examining data/kgpg-20.08.1/transactions/kgpgeditkeytransaction.h
Examining data/kgpg-20.08.1/transactions/kgpgdeluid.cpp
Examining data/kgpg-20.08.1/transactions/kgpgtransaction.h
Examining data/kgpg-20.08.1/transactions/kgpgkeyserversearchtransaction.h
Examining data/kgpg-20.08.1/transactions/kgpgeditkeytransaction.cpp
Examining data/kgpg-20.08.1/transactions/kgpgtransaction.cpp
Examining data/kgpg-20.08.1/transactions/kgpgkeyservertransaction.h
Examining data/kgpg-20.08.1/transactions/kgpgdeluid.h
Examining data/kgpg-20.08.1/transactions/kgpgsignuid.h
Examining data/kgpg-20.08.1/transactions/kgpggeneratekey.cpp
Examining data/kgpg-20.08.1/transactions/kgpgaddphoto.h
Examining data/kgpg-20.08.1/transactions/kgpgverify.cpp
Examining data/kgpg-20.08.1/transactions/kgpgdecrypt.h
Examining data/kgpg-20.08.1/transactions/kgpgsignkey.h
Examining data/kgpg-20.08.1/transactions/kgpgtransactionprivate.h
Examining data/kgpg-20.08.1/transactions/kgpgsignuid.cpp
Examining data/kgpg-20.08.1/transactions/kgpgchangepass.h
Examining data/kgpg-20.08.1/transactions/kgpgadduid.h
Examining data/kgpg-20.08.1/transactions/kgpgtextorfiletransaction.h
Examining data/kgpg-20.08.1/transactions/kgpgsigntext.h
Examining data/kgpg-20.08.1/transactions/kgpgimport.h
Examining data/kgpg-20.08.1/transactions/kgpgchangepass.cpp
Examining data/kgpg-20.08.1/transactions/kgpgsignkey.cpp
Examining data/kgpg-20.08.1/transactions/kgpgsigntransactionhelper.cpp
Examining data/kgpg-20.08.1/transactions/kgpggeneraterevoke.cpp
Examining data/kgpg-20.08.1/transactions/kgpgchangetrust.cpp
Examining data/kgpg-20.08.1/transactions/kgpgtransactionjob.h
Examining data/kgpg-20.08.1/transactions/kgpgtextorfiletransaction.cpp
Examining data/kgpg-20.08.1/transactions/kgpgimport.cpp
Examining data/kgpg-20.08.1/transactions/kgpgchangedisable.cpp
Examining data/kgpg-20.08.1/transactions/kgpgdelsign.h
Examining data/kgpg-20.08.1/transactions/kgpgtransactionjob.cpp
Examining data/kgpg-20.08.1/transactions/kgpgkeyservertransaction.cpp
Examining data/kgpg-20.08.1/transactions/kgpggeneratekey.h
Examining data/kgpg-20.08.1/transactions/kgpgchangedisable.h
Examining data/kgpg-20.08.1/transactions/kgpgdelsign.cpp
Examining data/kgpg-20.08.1/transactions/kgpgadduid.cpp
Examining data/kgpg-20.08.1/transactions/kgpgprimaryuid.h
Examining data/kgpg-20.08.1/transactions/kgpgexport.h
Examining data/kgpg-20.08.1/transactions/kgpgdelkey.cpp
Examining data/kgpg-20.08.1/transactions/kgpgkeyserversearchtransaction.cpp
Examining data/kgpg-20.08.1/transactions/kgpgdecrypt.cpp
Examining data/kgpg-20.08.1/transactions/kgpgsigntransactionhelper.h
Examining data/kgpg-20.08.1/transactions/kgpgencrypt.cpp
Examining data/kgpg-20.08.1/transactions/kgpgsigntext.cpp
Examining data/kgpg-20.08.1/transactions/kgpgexport.cpp
Examining data/kgpg-20.08.1/transactions/kgpgtransactionprivate.cpp
Examining data/kgpg-20.08.1/transactions/kgpgsendkeys.h
Examining data/kgpg-20.08.1/transactions/kgpgchangeexpire.cpp
Examining data/kgpg-20.08.1/transactions/kgpgencrypt.h
Examining data/kgpg-20.08.1/transactions/kgpguidtransaction.h
Examining data/kgpg-20.08.1/transactions/kgpgaddphoto.cpp
Examining data/kgpg-20.08.1/transactions/kgpgchangeexpire.h
Examining data/kgpg-20.08.1/transactions/kgpguidtransaction.cpp
Examining data/kgpg-20.08.1/transactions/kgpggeneraterevoke.h
Examining data/kgpg-20.08.1/transactions/kgpgverify.h
Examining data/kgpg-20.08.1/transactions/kgpgprimaryuid.cpp
Examining data/kgpg-20.08.1/transactions/kgpgsendkeys.cpp
Examining data/kgpg-20.08.1/transactions/kgpgkeyservergettransaction.h
Examining data/kgpg-20.08.1/sourceselect.cpp
Examining data/kgpg-20.08.1/kgpgchangekey.h
Examining data/kgpg-20.08.1/conf_encryption.cpp
Examining data/kgpg-20.08.1/kgpgkeygenerate.cpp
Examining data/kgpg-20.08.1/selectpublickeydialog.cpp
Examining data/kgpg-20.08.1/keyexport.cpp
Examining data/kgpg-20.08.1/kgpgexternalactions.h
Examining data/kgpg-20.08.1/klinebufferedprocess.h
Examining data/kgpg-20.08.1/foldercompressjob.cpp
Examining data/kgpg-20.08.1/keyservers.cpp
Examining data/kgpg-20.08.1/kgpgexternalactions.cpp
Examining data/kgpg-20.08.1/conf_encryption.h
Examining data/kgpg-20.08.1/caff_p.h
Examining data/kgpg-20.08.1/editor/kgpgtextedit.cpp
Examining data/kgpg-20.08.1/editor/kgpgeditor.cpp
Examining data/kgpg-20.08.1/editor/kgpgeditor.h
Examining data/kgpg-20.08.1/editor/kgpgmd5widget.h
Examining data/kgpg-20.08.1/editor/kgpgtextedit.h
Examining data/kgpg-20.08.1/editor/kgpgmd5widget.cpp
Examining data/kgpg-20.08.1/selectexpirydate.h
Examining data/kgpg-20.08.1/newkey.h
Examining data/kgpg-20.08.1/selectexpirydate.cpp
Examining data/kgpg-20.08.1/kgpgrevokewidget.cpp
Examining data/kgpg-20.08.1/keysmanager.cpp
Examining data/kgpg-20.08.1/kgpgoptions.h

FINAL RESULTS:

data/kgpg-20.08.1/core/KGpgGroupNode.cpp:71:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!conffile.open(QIODevice::ReadWrite))
data/kgpg-20.08.1/core/KGpgUatNode.cpp:78:10:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	QString tmpfile;
data/kgpg-20.08.1/core/KGpgUatNode.cpp:79:25:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	if (workProcess.readln(tmpfile) < 0)
data/kgpg-20.08.1/core/KGpgUatNode.cpp:82:14:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	QFile fname(tmpfile);
data/kgpg-20.08.1/editor/kgpgeditor.cpp:160:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    KStandardAction::open(this, &KgpgEditor::slotFileOpen, actionCollection());
data/kgpg-20.08.1/editor/kgpgeditor.cpp:304:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (!f.open(QIODevice::WriteOnly))
data/kgpg-20.08.1/editor/kgpgmd5widget.cpp:46:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (f.open(QIODevice::ReadOnly)) {
data/kgpg-20.08.1/editor/kgpgtextedit.cpp:101:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		tmpFile.open();
data/kgpg-20.08.1/editor/kgpgtextedit.cpp:117:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (qfile.open(QIODevice::ReadOnly)) {
data/kgpg-20.08.1/foldercompressjob.cpp:103:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!arch->open(QIODevice::WriteOnly)) {
data/kgpg-20.08.1/gpgproc.cpp:257:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char n[2];
data/kgpg-20.08.1/keysmanager.cpp:1326:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	keyRevokeDialog->open();
data/kgpg-20.08.1/kgpg.cpp:173:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
					if (qfile.open(QIODevice::ReadOnly)) {
data/kgpg-20.08.1/kgpgexternalactions.cpp:132:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!tmpfolder->open()) {
data/kgpg-20.08.1/kgpgfirstassistant.cpp:251:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				if (file.open(QIODevice::WriteOnly)) {
data/kgpg-20.08.1/kgpginterface.cpp:41:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (qfile.exists() && qfile.open(QIODevice::ReadOnly)) {
data/kgpg-20.08.1/kgpginterface.cpp:60:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (qfile.exists() && qfile.open(QIODevice::ReadOnly)) {
data/kgpg-20.08.1/kgpginterface.cpp:83:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (qfile.open(QIODevice::WriteOnly)) {
data/kgpg-20.08.1/kgpginterface.cpp:94:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (qfile.exists() && qfile.open(QIODevice::ReadOnly)) {
data/kgpg-20.08.1/kgpginterface.cpp:109:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (qfile.exists() && qfile.open(QIODevice::ReadOnly)) {
data/kgpg-20.08.1/kgpginterface.cpp:133:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (qfile.open(QIODevice::WriteOnly)) {
data/kgpg-20.08.1/kgpgoptions.cpp:183:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				if (!confFile.open(QIODevice::WriteOnly)) {
data/kgpg-20.08.1/model/kgpgsearchresultmodel.cpp:194:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char n[2];
data/kgpg-20.08.1/tests/common.cpp:24:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!kgpgconf.open(QIODevice::WriteOnly | QIODevice::Truncate | QIODevice::Text))
data/kgpg-20.08.1/tests/common.cpp:46:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (!conf.open(QIODevice::WriteOnly))
data/kgpg-20.08.1/tests/common.cpp:57:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (file.open(QIODevice::ReadOnly))
data/kgpg-20.08.1/tests/kgpgexport.cpp:19:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	QVERIFY(file.open());
data/kgpg-20.08.1/tests/kgpgexport.cpp:41:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	QVERIFY(file.open());
data/kgpg-20.08.1/transactions/kgpggeneraterevoke.cpp:98:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if (of.open(QIODevice::ReadOnly)) {
data/kgpg-20.08.1/transactions/kgpgtextorfiletransaction.cpp:97:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			tmpFile.open();
data/kgpg-20.08.1/gpgproc.cpp:404:14:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	uint mask = umask(077);
data/kgpg-20.08.1/gpgproc.cpp:406:2:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	umask(mask);
data/kgpg-20.08.1/kgpg.cpp:176:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
						QString probetext(t.read(probelen));
data/kgpg-20.08.1/model/selectkeyproxymodel.h:32:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	Q_PROPERTY(bool showUntrusted read showUntrusted write setShowUntrusted)

ANALYSIS SUMMARY:

Hits = 34
Lines analyzed = 28513 in approximately 0.72 seconds (39797 lines/second)
Physical Source Lines of Code (SLOC) = 18882
Hits@level = [0]   0 [1]   4 [2]  30 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  34 [1+]  34 [2+]  30 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 1.80066 [1+] 1.80066 [2+] 1.58881 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.