Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kimagemapeditor-20.04.3/areacreator.cpp Examining data/kimagemapeditor-20.04.3/kimedialogs.h Examining data/kimagemapeditor-20.04.3/kimearea.cpp Examining data/kimagemapeditor-20.04.3/kimearea.h Examining data/kimagemapeditor-20.04.3/kimagemapeditor.h Examining data/kimagemapeditor-20.04.3/areacreator.h Examining data/kimagemapeditor-20.04.3/drawzone.h Examining data/kimagemapeditor-20.04.3/imagemap.cpp Examining data/kimagemapeditor-20.04.3/kimeshell.h Examining data/kimagemapeditor-20.04.3/imagemap.h Examining data/kimagemapeditor-20.04.3/kimecommon.h Examining data/kimagemapeditor-20.04.3/imageslistview.h Examining data/kimagemapeditor-20.04.3/mapslistview.cpp Examining data/kimagemapeditor-20.04.3/kimedialogs.cpp Examining data/kimagemapeditor-20.04.3/main.cpp Examining data/kimagemapeditor-20.04.3/mapslistview.h Examining data/kimagemapeditor-20.04.3/kimecommands.h Examining data/kimagemapeditor-20.04.3/arealistview.h Examining data/kimagemapeditor-20.04.3/kimagemapeditor.cpp Examining data/kimagemapeditor-20.04.3/imagemapchoosedialog.cpp Examining data/kimagemapeditor-20.04.3/imagemapchoosedialog.h Examining data/kimagemapeditor-20.04.3/kimeshell.cpp Examining data/kimagemapeditor-20.04.3/kimecommands.cpp Examining data/kimagemapeditor-20.04.3/imageslistview.cpp Examining data/kimagemapeditor-20.04.3/arealistview.cpp Examining data/kimagemapeditor-20.04.3/drawzone.cpp FINAL RESULTS: data/kimagemapeditor-20.04.3/kimeshell.cpp:115:40: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #warning what group is correct here? A random one? data/kimagemapeditor-20.04.3/kimagemapeditor.cpp:437:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). KStandardAction::open(this, SLOT(fileOpen()), data/kimagemapeditor-20.04.3/kimagemapeditor.cpp:1859:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QIODevice::ReadOnly); data/kimagemapeditor-20.04.3/kimagemapeditor.cpp:2387:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::WriteOnly); data/kimagemapeditor-20.04.3/kimedialogs.cpp:594:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile->open(); ANALYSIS SUMMARY: Hits = 5 Lines analyzed = 9928 in approximately 0.25 seconds (40323 lines/second) Physical Source Lines of Code (SLOC) = 6777 Hits@level = [0] 0 [1] 0 [2] 4 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 5 [1+] 5 [2+] 5 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.73779 [1+] 0.73779 [2+] 0.73779 [3+] 0.147558 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.