Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kio-5.74.0/autotests/applicationlauncherjobtest.h
Examining data/kio-5.74.0/autotests/openurljobtest.cpp
Examining data/kio-5.74.0/autotests/kurlrequestertest.cpp
Examining data/kio-5.74.0/autotests/krununittest.cpp
Examining data/kio-5.74.0/autotests/webdavtest.cpp
Examining data/kio-5.74.0/autotests/kdirmodeltest.h
Examining data/kio-5.74.0/autotests/kurlcomboboxtest.h
Examining data/kio-5.74.0/autotests/favicontest.cpp
Examining data/kio-5.74.0/autotests/dropjobtest.cpp
Examining data/kio-5.74.0/autotests/kurlnavigatortest.cpp
Examining data/kio-5.74.0/autotests/kdiroperatortest.cpp
Examining data/kio-5.74.0/autotests/threadtest.cpp
Examining data/kio-5.74.0/autotests/kurifiltersearchprovideractionstest.h
Examining data/kio-5.74.0/autotests/deletejobtest.cpp
Examining data/kio-5.74.0/autotests/mkpathjobtest.cpp
Examining data/kio-5.74.0/autotests/kurifiltertest.cpp
Examining data/kio-5.74.0/autotests/kdirlistertest.h
Examining data/kio-5.74.0/autotests/knewfilemenutest.cpp
Examining data/kio-5.74.0/autotests/kiotesthelper.h
Examining data/kio-5.74.0/autotests/deletejobtest.h
Examining data/kio-5.74.0/autotests/commandlauncherjobtest.h
Examining data/kio-5.74.0/autotests/kcookiejar/kcookiejartest.cpp
Examining data/kio-5.74.0/autotests/listdirtest.h
Examining data/kio-5.74.0/autotests/ktcpsockettest.h
Examining data/kio-5.74.0/autotests/kfileitemactionstest.h
Examining data/kio-5.74.0/autotests/ktcpsockettest.cpp
Examining data/kio-5.74.0/autotests/kmountpointtest.h
Examining data/kio-5.74.0/autotests/kmountpointtest.cpp
Examining data/kio-5.74.0/autotests/batchrenamejobtest.cpp
Examining data/kio-5.74.0/autotests/dataprotocoltest.h
Examining data/kio-5.74.0/autotests/kfilewidgettest.cpp
Examining data/kio-5.74.0/autotests/kdirlistertest.cpp
Examining data/kio-5.74.0/autotests/http/httpauthenticationtest.cpp
Examining data/kio-5.74.0/autotests/http/httpobjecttest.cpp
Examining data/kio-5.74.0/autotests/http/httpobjecttest.h
Examining data/kio-5.74.0/autotests/http/httpheadertokenizetest.cpp
Examining data/kio-5.74.0/autotests/http/httpheaderdispositiontest.cpp
Examining data/kio-5.74.0/autotests/http/httpfiltertest.cpp
Examining data/kio-5.74.0/autotests/http/httpheadertokenizetest.h
Examining data/kio-5.74.0/autotests/http/httpauthenticationtest.h
Examining data/kio-5.74.0/autotests/http/httpheaderdispositiontest.h
Examining data/kio-5.74.0/autotests/openurljobtest.h
Examining data/kio-5.74.0/autotests/commandlauncherjobtest.cpp
Examining data/kio-5.74.0/autotests/pastetest.h
Examining data/kio-5.74.0/autotests/fileundomanagertest.cpp
Examining data/kio-5.74.0/autotests/clipboardupdatertest.cpp
Examining data/kio-5.74.0/autotests/kfilecopytomenutest.cpp
Examining data/kio-5.74.0/autotests/kcoredirlister_benchmark.cpp
Examining data/kio-5.74.0/autotests/ksambasharetest.cpp
Examining data/kio-5.74.0/autotests/kacltest.cpp
Examining data/kio-5.74.0/autotests/ksambasharetest.h
Examining data/kio-5.74.0/autotests/jobtest.h
Examining data/kio-5.74.0/autotests/ftptest.cpp
Examining data/kio-5.74.0/autotests/fileundomanagertest.h
Examining data/kio-5.74.0/autotests/jobremotetest.h
Examining data/kio-5.74.0/autotests/kurlcompletiontest.cpp
Examining data/kio-5.74.0/autotests/ksambashareprivatetest.cpp
Examining data/kio-5.74.0/autotests/globaltest.h
Examining data/kio-5.74.0/autotests/kfilecustomdialogtest.cpp
Examining data/kio-5.74.0/autotests/httpserver_p.h
Examining data/kio-5.74.0/autotests/upurltest.cpp
Examining data/kio-5.74.0/autotests/kfileitemtest.h
Examining data/kio-5.74.0/autotests/krununittest.h
Examining data/kio-5.74.0/autotests/udsentry_benchmark.cpp
Examining data/kio-5.74.0/autotests/udsentrytest.cpp
Examining data/kio-5.74.0/autotests/kfileitemactionstest.cpp
Examining data/kio-5.74.0/autotests/kacltest.h
Examining data/kio-5.74.0/autotests/httpserver_p.cpp
Examining data/kio-5.74.0/autotests/http_jobtest.cpp
Examining data/kio-5.74.0/autotests/kfileplacesviewtest.cpp
Examining data/kio-5.74.0/autotests/kurifiltersearchprovideractionstest.cpp
Examining data/kio-5.74.0/autotests/ksambashareprivatetest.h
Examining data/kio-5.74.0/autotests/kurlcomboboxtest.cpp
Examining data/kio-5.74.0/autotests/globaltest.cpp
Examining data/kio-5.74.0/autotests/kdirmodeltest.cpp
Examining data/kio-5.74.0/autotests/kurlnavigatortest.h
Examining data/kio-5.74.0/autotests/applicationlauncherjobtest.cpp
Examining data/kio-5.74.0/autotests/jobguitest.cpp
Examining data/kio-5.74.0/autotests/kprotocolinfotest.cpp
Examining data/kio-5.74.0/autotests/privilegejobtest.h
Examining data/kio-5.74.0/autotests/privilegejobtest.cpp
Examining data/kio-5.74.0/autotests/pastetest.cpp
Examining data/kio-5.74.0/autotests/dataprotocoltest.cpp
Examining data/kio-5.74.0/autotests/accessmanagertest.cpp
Examining data/kio-5.74.0/autotests/listdirtest.cpp
Examining data/kio-5.74.0/autotests/jobtest.cpp
Examining data/kio-5.74.0/autotests/urlutiltest.cpp
Examining data/kio-5.74.0/autotests/kurifiltertest.h
Examining data/kio-5.74.0/autotests/kfilecustomdialogtest.h
Examining data/kio-5.74.0/autotests/kfileplacesmodeltest.cpp
Examining data/kio-5.74.0/autotests/kfileitemtest.cpp
Examining data/kio-5.74.0/autotests/clipboardupdatertest.h
Examining data/kio-5.74.0/autotests/jobremotetest.cpp
Examining data/kio-5.74.0/autotests/kdynamicjobtrackernowidgetstest.cpp
Examining data/kio-5.74.0/autotests/udsentrytest.h
Examining data/kio-5.74.0/tests/kfilecustomdialogtest_gui.cpp
Examining data/kio-5.74.0/tests/kdirmodeltest_gui.cpp
Examining data/kio-5.74.0/tests/udsentrybenchmark.cpp
Examining data/kio-5.74.0/tests/openfilemanagerwindowtest.cpp
Examining data/kio-5.74.0/tests/kurlrequestertest_gui.cpp
Examining data/kio-5.74.0/tests/kruntest.h
Examining data/kio-5.74.0/tests/kurlnavigatortest_gui.cpp
Examining data/kio-5.74.0/tests/listjobtest.cpp
Examining data/kio-5.74.0/tests/kencodingfiledialogtest_gui.cpp
Examining data/kio-5.74.0/tests/previewtest.h
Examining data/kio-5.74.0/tests/previewtest.cpp
Examining data/kio-5.74.0/tests/listrecursivetest.cpp
Examining data/kio-5.74.0/tests/kfilewidgettest_saving_gui.cpp
Examining data/kio-5.74.0/tests/kmountpoint_debug.cpp
Examining data/kio-5.74.0/tests/ksycocaupdatetest.cpp
Examining data/kio-5.74.0/tests/kopenwithtest.cpp
Examining data/kio-5.74.0/tests/kdirlistertest_gui.h
Examining data/kio-5.74.0/tests/kionetrctest.cpp
Examining data/kio-5.74.0/tests/kruntest.cpp
Examining data/kio-5.74.0/tests/kfilewidgettest_gui.cpp
Examining data/kio-5.74.0/tests/kioslavetest.h
Examining data/kio-5.74.0/tests/kpropertiesdialogtest.cpp
Examining data/kio-5.74.0/tests/kprotocolinfo_dumper.cpp
Examining data/kio-5.74.0/tests/getalltest.cpp
Examining data/kio-5.74.0/tests/kdirlistertest_gui.cpp
Examining data/kio-5.74.0/tests/kioslavetest.cpp
Examining data/kio-5.74.0/tests/runapplication.cpp
Examining data/kio-5.74.0/src/kpac/downloader.cpp
Examining data/kio-5.74.0/src/kpac/dhcp.h
Examining data/kio-5.74.0/src/kpac/discovery.cpp
Examining data/kio-5.74.0/src/kpac/proxyscout.h
Examining data/kio-5.74.0/src/kpac/downloader.h
Examining data/kio-5.74.0/src/kpac/script.cpp
Examining data/kio-5.74.0/src/kpac/discovery.h
Examining data/kio-5.74.0/src/kpac/proxyscout.cpp
Examining data/kio-5.74.0/src/kpac/kpac_dhcp_helper.c
Examining data/kio-5.74.0/src/kpac/script.h
Examining data/kio-5.74.0/src/widgets/kautomount.cpp
Examining data/kio-5.74.0/src/widgets/ksslinfodialog.cpp
Examining data/kio-5.74.0/src/widgets/skipdialog.h
Examining data/kio-5.74.0/src/widgets/accessmanager.h
Examining data/kio-5.74.0/src/widgets/kurifiltersearchprovideractions.h
Examining data/kio-5.74.0/src/widgets/paste.h
Examining data/kio-5.74.0/src/widgets/accessmanagerreply_p.cpp
Examining data/kio-5.74.0/src/widgets/kacleditwidget.cpp
Examining data/kio-5.74.0/src/widgets/kurlcompletion.h
Examining data/kio-5.74.0/src/widgets/krun.h
Examining data/kio-5.74.0/src/widgets/kabstractfileitemactionplugin.cpp
Examining data/kio-5.74.0/src/widgets/thumbcreator.cpp
Examining data/kio-5.74.0/src/widgets/kfileitemdelegate.cpp
Examining data/kio-5.74.0/src/widgets/accessmanagerreply_p.h
Examining data/kio-5.74.0/src/widgets/imagefilter.cpp
Examining data/kio-5.74.0/src/widgets/widgetsopenorexecutefilehandler.h
Examining data/kio-5.74.0/src/widgets/kpropertiesdialog.h
Examining data/kio-5.74.0/src/widgets/dndpopupmenuplugin.h
Examining data/kio-5.74.0/src/widgets/widgetsuntrustedprogramhandler.cpp
Examining data/kio-5.74.0/src/widgets/kurlpixmapprovider.h
Examining data/kio-5.74.0/src/widgets/jobuidelegate.h
Examining data/kio-5.74.0/src/widgets/kautomount.h
Examining data/kio-5.74.0/src/widgets/kopenwithdialog_p.h
Examining data/kio-5.74.0/src/widgets/pastedialog_p.h
Examining data/kio-5.74.0/src/widgets/skipdialog.cpp
Examining data/kio-5.74.0/src/widgets/kshellcompletion.cpp
Examining data/kio-5.74.0/src/widgets/ksslinfodialog.h
Examining data/kio-5.74.0/src/widgets/kurifiltersearchprovideractions.cpp
Examining data/kio-5.74.0/src/widgets/pixmaploader.h
Examining data/kio-5.74.0/src/widgets/jobuidelegate.cpp
Examining data/kio-5.74.0/src/widgets/delegateanimationhandler_p.h
Examining data/kio-5.74.0/src/widgets/thumbsequencecreator.cpp
Examining data/kio-5.74.0/src/widgets/pastejob_p.h
Examining data/kio-5.74.0/src/widgets/kbuildsycocaprogressdialog.h
Examining data/kio-5.74.0/src/widgets/dropjob.h
Examining data/kio-5.74.0/src/widgets/widgetsopenwithhandler.cpp
Examining data/kio-5.74.0/src/widgets/kdesktopfileactions.cpp
Examining data/kio-5.74.0/src/widgets/renamefiledialog.cpp
Examining data/kio-5.74.0/src/widgets/fileundomanager.h
Examining data/kio-5.74.0/src/widgets/kacleditwidget.h
Examining data/kio-5.74.0/src/widgets/openfilemanagerwindowjob_p.h
Examining data/kio-5.74.0/src/widgets/kurlcombobox.cpp
Examining data/kio-5.74.0/src/widgets/kdirlister.cpp
Examining data/kio-5.74.0/src/widgets/ksslcertificatebox.cpp
Examining data/kio-5.74.0/src/widgets/joburlcache.cpp
Examining data/kio-5.74.0/src/widgets/thumbcreator.h
Examining data/kio-5.74.0/src/widgets/executablefileopendialog_p.h
Examining data/kio-5.74.0/src/widgets/kurlrequesterdialog.h
Examining data/kio-5.74.0/src/widgets/krun.cpp
Examining data/kio-5.74.0/src/widgets/kurifilter.h
Examining data/kio-5.74.0/src/widgets/executablefileopendialog.cpp
Examining data/kio-5.74.0/src/widgets/kdesktopfileactions.h
Examining data/kio-5.74.0/src/widgets/kfileitemdelegate.h
Examining data/kio-5.74.0/src/widgets/kfile.h
Examining data/kio-5.74.0/src/widgets/dndpopupmenuplugin.cpp
Examining data/kio-5.74.0/src/widgets/clipboardupdater.cpp
Examining data/kio-5.74.0/src/widgets/kurlrequester.cpp
Examining data/kio-5.74.0/src/widgets/widgetsopenorexecutefilehandler.cpp
Examining data/kio-5.74.0/src/widgets/renamedialog.cpp
Examining data/kio-5.74.0/src/widgets/kopenwithdialog.h
Examining data/kio-5.74.0/src/widgets/joburlcache_p.h
Examining data/kio-5.74.0/src/widgets/kopenwithdialog.cpp
Examining data/kio-5.74.0/src/widgets/paste.cpp
Examining data/kio-5.74.0/src/widgets/kurlrequesterdialog.cpp
Examining data/kio-5.74.0/src/widgets/kacleditwidget_p.h
Examining data/kio-5.74.0/src/widgets/imagefilter_p.h
Examining data/kio-5.74.0/src/widgets/kfile.cpp
Examining data/kio-5.74.0/src/widgets/pastejob.h
Examining data/kio-5.74.0/src/widgets/kdirmodel.h
Examining data/kio-5.74.0/src/widgets/openfilemanagerwindowjob.cpp
Examining data/kio-5.74.0/src/widgets/kabstractfileitemactionplugin.h
Examining data/kio-5.74.0/src/widgets/renamedialog.h
Examining data/kio-5.74.0/src/widgets/delegateanimationhandler.cpp
Examining data/kio-5.74.0/src/widgets/kdynamicjobtracker.cpp
Examining data/kio-5.74.0/src/widgets/dropjob.cpp
Examining data/kio-5.74.0/src/widgets/kfileitemactions.cpp
Examining data/kio-5.74.0/src/widgets/kdirlister.h
Examining data/kio-5.74.0/src/widgets/kurlrequester.h
Examining data/kio-5.74.0/src/widgets/pixmaploader.cpp
Examining data/kio-5.74.0/src/widgets/clipboardupdater_p.h
Examining data/kio-5.74.0/src/widgets/kpropertiesdialog_p.h
Examining data/kio-5.74.0/src/widgets/kfileitemactions_p.h
Examining data/kio-5.74.0/src/widgets/kshellcompletion.h
Examining data/kio-5.74.0/src/widgets/fileundomanager_p.h
Examining data/kio-5.74.0/src/widgets/sslui.cpp
Examining data/kio-5.74.0/src/widgets/widgetsuntrustedprogramhandler.h
Examining data/kio-5.74.0/src/widgets/pastedialog.cpp
Examining data/kio-5.74.0/src/widgets/pastejob.cpp
Examining data/kio-5.74.0/src/widgets/kfileitemactions.h
Examining data/kio-5.74.0/src/widgets/ksslcertificatebox.h
Examining data/kio-5.74.0/src/widgets/sslui.h
Examining data/kio-5.74.0/src/widgets/thumbsequencecreator.h
Examining data/kio-5.74.0/src/widgets/renamefiledialog.h
Examining data/kio-5.74.0/src/widgets/kurlcombobox.h
Examining data/kio-5.74.0/src/widgets/krun_p.h
Examining data/kio-5.74.0/src/widgets/accessmanager.cpp
Examining data/kio-5.74.0/src/widgets/kurlcompletion.cpp
Examining data/kio-5.74.0/src/widgets/kbuildsycocaprogressdialog.cpp
Examining data/kio-5.74.0/src/widgets/fileundomanager.cpp
Examining data/kio-5.74.0/src/widgets/widgetsopenwithhandler_win.cpp
Examining data/kio-5.74.0/src/widgets/kdynamicjobtracker_p.h
Examining data/kio-5.74.0/src/widgets/koverlayiconplugin.h
Examining data/kio-5.74.0/src/widgets/openfilemanagerwindowjob.h
Examining data/kio-5.74.0/src/widgets/previewjob.h
Examining data/kio-5.74.0/src/widgets/koverlayiconplugin.cpp
Examining data/kio-5.74.0/src/widgets/kurlpixmapprovider.cpp
Examining data/kio-5.74.0/src/widgets/previewjob.cpp
Examining data/kio-5.74.0/src/widgets/widgetsopenwithhandler.h
Examining data/kio-5.74.0/src/widgets/kdirmodel.cpp
Examining data/kio-5.74.0/src/widgets/kurifilter.cpp
Examining data/kio-5.74.0/src/widgets/kpropertiesdialog.cpp
Examining data/kio-5.74.0/src/pathhelpers_p.h
Examining data/kio-5.74.0/src/kpasswdserver/kpasswdserver.h
Examining data/kio-5.74.0/src/kpasswdserver/autotests/kpasswdservertest.cpp
Examining data/kio-5.74.0/src/kpasswdserver/kiod_kpasswdserver.cpp
Examining data/kio-5.74.0/src/kpasswdserver/kpasswdserver.cpp
Examining data/kio-5.74.0/src/kcms/kio/kcookiespolicies.cpp
Examining data/kio-5.74.0/src/kcms/kio/kcookiesmanagement.h
Examining data/kio-5.74.0/src/kcms/kio/useragentdlg.cpp
Examining data/kio-5.74.0/src/kcms/kio/useragentdlg.h
Examining data/kio-5.74.0/src/kcms/kio/kcookiespolicyselectiondlg.h
Examining data/kio-5.74.0/src/kcms/kio/cache.cpp
Examining data/kio-5.74.0/src/kcms/kio/kcookiespolicies.h
Examining data/kio-5.74.0/src/kcms/kio/useragentinfo.h
Examining data/kio-5.74.0/src/kcms/kio/ksaveioconfig.cpp
Examining data/kio-5.74.0/src/kcms/kio/kcookiesmanagement.cpp
Examining data/kio-5.74.0/src/kcms/kio/kproxydlg.cpp
Examining data/kio-5.74.0/src/kcms/kio/kproxydlg.h
Examining data/kio-5.74.0/src/kcms/kio/useragentselectordlg.cpp
Examining data/kio-5.74.0/src/kcms/kio/cache.h
Examining data/kio-5.74.0/src/kcms/kio/main.cpp
Examining data/kio-5.74.0/src/kcms/kio/smbrodlg.cpp
Examining data/kio-5.74.0/src/kcms/kio/useragentselectordlg.h
Examining data/kio-5.74.0/src/kcms/kio/useragentinfo.cpp
Examining data/kio-5.74.0/src/kcms/kio/kcookiespolicyselectiondlg.cpp
Examining data/kio-5.74.0/src/kcms/kio/netpref.h
Examining data/kio-5.74.0/src/kcms/kio/ksaveioconfig.h
Examining data/kio-5.74.0/src/kcms/kio/kcookiesmain.h
Examining data/kio-5.74.0/src/kcms/kio/smbrodlg.h
Examining data/kio-5.74.0/src/kcms/kio/kcookiesmain.cpp
Examining data/kio-5.74.0/src/kcms/kio/netpref.cpp
Examining data/kio-5.74.0/src/kcms/webshortcuts/main.cpp
Examining data/kio-5.74.0/src/kcms/webshortcuts/main.h
Examining data/kio-5.74.0/src/kioexec/main.cpp
Examining data/kio-5.74.0/src/kioexec/main.h
Examining data/kio-5.74.0/src/kioexec/kioexecd.h
Examining data/kio-5.74.0/src/kioexec/kioexecd.cpp
Examining data/kio-5.74.0/src/kssld/kssld.h
Examining data/kio-5.74.0/src/kssld/kssld_adaptor.h
Examining data/kio-5.74.0/src/kssld/kssld.cpp
Examining data/kio-5.74.0/src/core/ksambashare.h
Examining data/kio-5.74.0/src/core/kpasswdserverclient.cpp
Examining data/kio-5.74.0/src/core/simplejob.cpp
Examining data/kio-5.74.0/src/core/scheduler_p.h
Examining data/kio-5.74.0/src/core/batchrenamejob.cpp
Examining data/kio-5.74.0/src/core/slaveinterface.cpp
Examining data/kio-5.74.0/src/core/idleslave.h
Examining data/kio-5.74.0/src/core/kcoredirlister.cpp
Examining data/kio-5.74.0/src/core/connectionbackend.cpp
Examining data/kio-5.74.0/src/core/mimetypejob.cpp
Examining data/kio-5.74.0/src/core/jobuidelegatefactory.cpp
Examining data/kio-5.74.0/src/core/forwardingslavebase.h
Examining data/kio-5.74.0/src/core/deletejob.cpp
Examining data/kio-5.74.0/src/core/jobuidelegateextension.cpp
Examining data/kio-5.74.0/src/core/batchrenamejob.h
Examining data/kio-5.74.0/src/core/knfsshare.h
Examining data/kio-5.74.0/src/core/kssld_interface.h
Examining data/kio-5.74.0/src/core/scheduler.cpp
Examining data/kio-5.74.0/src/core/filejob.h
Examining data/kio-5.74.0/src/core/slaveinterface.h
Examining data/kio-5.74.0/src/core/slaveinterface_p.h
Examining data/kio-5.74.0/src/core/ksambasharedata.h
Examining data/kio-5.74.0/src/core/jobtracker.cpp
Examining data/kio-5.74.0/src/core/untrustedprogramhandlerinterface.h
Examining data/kio-5.74.0/src/core/dataprotocol.cpp
Examining data/kio-5.74.0/src/core/kssl/ksslsettings.h
Examining data/kio-5.74.0/src/core/kssl/ksslsettings.cpp
Examining data/kio-5.74.0/src/core/ktcpsocket.h
Examining data/kio-5.74.0/src/core/forwardingslavebase.cpp
Examining data/kio-5.74.0/src/core/kioglobal_p_unix.cpp
Examining data/kio-5.74.0/src/core/davjob.h
Examining data/kio-5.74.0/src/core/commands_p.h
Examining data/kio-5.74.0/src/core/kremoteencoding.h
Examining data/kio-5.74.0/src/core/authinfo.h
Examining data/kio-5.74.0/src/core/slavebase.cpp
Examining data/kio-5.74.0/src/core/kfileitem.cpp
Examining data/kio-5.74.0/src/core/deletejob.h
Examining data/kio-5.74.0/src/core/udsentry.h
Examining data/kio-5.74.0/src/core/listjob.h
Examining data/kio-5.74.0/src/core/kprotocolmanager.h
Examining data/kio-5.74.0/src/core/ktcpsocket.cpp
Examining data/kio-5.74.0/src/core/kpasswdserverloop_p.h
Examining data/kio-5.74.0/src/core/kurlauthorized.h
Examining data/kio-5.74.0/src/core/slaveconfig.h
Examining data/kio-5.74.0/src/core/ksambasharedata.cpp
Examining data/kio-5.74.0/src/core/job_base.h
Examining data/kio-5.74.0/src/core/tcpslavebase.cpp
Examining data/kio-5.74.0/src/core/davjob.cpp
Examining data/kio-5.74.0/src/core/specialjob.h
Examining data/kio-5.74.0/src/core/hostinfo.h
Examining data/kio-5.74.0/src/core/metadata.cpp
Examining data/kio-5.74.0/src/core/dataslave.cpp
Examining data/kio-5.74.0/src/core/ksslcertificatemanager.cpp
Examining data/kio-5.74.0/src/core/multigetjob.cpp
Examining data/kio-5.74.0/src/core/filesystemfreespacejob.cpp
Examining data/kio-5.74.0/src/core/connection_p.h
Examining data/kio-5.74.0/src/core/kmountpoint.h
Examining data/kio-5.74.0/src/core/listjob.cpp
Examining data/kio-5.74.0/src/core/emptytrashjob.h
Examining data/kio-5.74.0/src/core/dataprotocol_p.h
Examining data/kio-5.74.0/src/core/slave.h
Examining data/kio-5.74.0/src/core/ksslerroruidata.h
Examining data/kio-5.74.0/src/core/tcpslavebase.h
Examining data/kio-5.74.0/src/core/statjob.cpp
Examining data/kio-5.74.0/src/core/kpasswdserverclient.h
Examining data/kio-5.74.0/src/core/kdiskfreespaceinfo.cpp
Examining data/kio-5.74.0/src/core/kdirnotify.cpp
Examining data/kio-5.74.0/src/core/chmodjob.h
Examining data/kio-5.74.0/src/core/kurlauthorized.cpp
Examining data/kio-5.74.0/src/core/kmountpoint.cpp
Examining data/kio-5.74.0/src/core/httpmethod_p.h
Examining data/kio-5.74.0/src/core/restorejob.h
Examining data/kio-5.74.0/src/core/kfileitemlistproperties.cpp
Examining data/kio-5.74.0/src/core/job.cpp
Examining data/kio-5.74.0/src/core/kprotocolinfo.h
Examining data/kio-5.74.0/src/core/kacl.h
Examining data/kio-5.74.0/src/core/ksambasharedata_p.h
Examining data/kio-5.74.0/src/core/mkdirjob.cpp
Examining data/kio-5.74.0/src/core/udsentry.cpp
Examining data/kio-5.74.0/src/core/connection.cpp
Examining data/kio-5.74.0/src/core/slavebase.h
Examining data/kio-5.74.0/src/core/copyjob.h
Examining data/kio-5.74.0/src/core/kprotocolinfo.cpp
Examining data/kio-5.74.0/src/core/directorysizejob.h
Examining data/kio-5.74.0/src/core/scheduler.h
Examining data/kio-5.74.0/src/core/filejob.cpp
Examining data/kio-5.74.0/src/core/desktopexecparser.cpp
Examining data/kio-5.74.0/src/core/dataslave_p.h
Examining data/kio-5.74.0/src/core/specialjob.cpp
Examining data/kio-5.74.0/src/core/jobclasses.h
Examining data/kio-5.74.0/src/core/kremoteencoding.cpp
Examining data/kio-5.74.0/src/core/mkpathjob.h
Examining data/kio-5.74.0/src/core/hostinfo.cpp
Examining data/kio-5.74.0/src/core/storedtransferjob.cpp
Examining data/kio-5.74.0/src/core/kcoredirlister_p.h
Examining data/kio-5.74.0/src/core/kcoredirlister.h
Examining data/kio-5.74.0/src/core/ksslcertificatemanager.h
Examining data/kio-5.74.0/src/core/ioslave_defaults.h
Examining data/kio-5.74.0/src/core/knfsshare.cpp
Examining data/kio-5.74.0/src/core/connectionserver.h
Examining data/kio-5.74.0/src/core/mkdirjob.h
Examining data/kio-5.74.0/src/core/ksambashare.cpp
Examining data/kio-5.74.0/src/core/filecopyjob.cpp
Examining data/kio-5.74.0/src/core/ksambashare_p.h
Examining data/kio-5.74.0/src/core/filesystemfreespacejob.h
Examining data/kio-5.74.0/src/core/simplejob.h
Examining data/kio-5.74.0/src/core/slave.cpp
Examining data/kio-5.74.0/src/core/kprotocolinfo_p.h
Examining data/kio-5.74.0/src/core/kdiskfreespaceinfo.h
Examining data/kio-5.74.0/src/core/job_p.h
Examining data/kio-5.74.0/src/core/kioglobal_p.h
Examining data/kio-5.74.0/src/core/emptytrashjob.cpp
Examining data/kio-5.74.0/src/core/kprotocolmanager.cpp
Examining data/kio-5.74.0/src/core/jobtracker.h
Examining data/kio-5.74.0/src/core/global.h
Examining data/kio-5.74.0/src/core/mimetypejob.h
Examining data/kio-5.74.0/src/core/idleslave.cpp
Examining data/kio-5.74.0/src/core/directorysizejob.cpp
Examining data/kio-5.74.0/src/core/mkpathjob.cpp
Examining data/kio-5.74.0/src/core/ksslcertificatemanager_p.h
Examining data/kio-5.74.0/src/core/kdirnotify.h
Examining data/kio-5.74.0/src/core/global.cpp
Examining data/kio-5.74.0/src/core/usernotificationhandler_p.h
Examining data/kio-5.74.0/src/core/kioglobal_p.cpp
Examining data/kio-5.74.0/src/core/connectionserver.cpp
Examining data/kio-5.74.0/src/core/krecentdocument.cpp
Examining data/kio-5.74.0/src/core/ksslerroruidata_p.h
Examining data/kio-5.74.0/src/core/faviconscache.cpp
Examining data/kio-5.74.0/src/core/untrustedprogramhandlerinterface.cpp
Examining data/kio-5.74.0/src/core/kprotocolinfofactory.cpp
Examining data/kio-5.74.0/src/core/sessiondata_p.h
Examining data/kio-5.74.0/src/core/slaveconfig.cpp
Examining data/kio-5.74.0/src/core/filecopyjob.h
Examining data/kio-5.74.0/src/core/connectionbackend_p.h
Examining data/kio-5.74.0/src/core/kfileitemlistproperties.h
Examining data/kio-5.74.0/src/core/kpasswdserverloop.cpp
Examining data/kio-5.74.0/src/core/metadata.h
Examining data/kio-5.74.0/src/core/usernotificationhandler.cpp
Examining data/kio-5.74.0/src/core/desktopexecparser.h
Examining data/kio-5.74.0/src/core/kacl.cpp
Examining data/kio-5.74.0/src/core/storedtransferjob.h
Examining data/kio-5.74.0/src/core/kssld_dbusmetatypes.h
Examining data/kio-5.74.0/src/core/chmodjob.cpp
Examining data/kio-5.74.0/src/core/transferjob.cpp
Examining data/kio-5.74.0/src/core/statjob.h
Examining data/kio-5.74.0/src/core/jobuidelegateextension.h
Examining data/kio-5.74.0/src/core/multigetjob.h
Examining data/kio-5.74.0/src/core/ksslerror_p.h
Examining data/kio-5.74.0/src/core/kprotocolinfofactory_p.h
Examining data/kio-5.74.0/src/core/jobuidelegatefactory.h
Examining data/kio-5.74.0/src/core/faviconscache_p.h
Examining data/kio-5.74.0/src/core/job_error.cpp
Examining data/kio-5.74.0/src/core/ksslerroruidata.cpp
Examining data/kio-5.74.0/src/core/transferjob.h
Examining data/kio-5.74.0/src/core/http_slave_defaults.h
Examining data/kio-5.74.0/src/core/sessiondata.cpp
Examining data/kio-5.74.0/src/core/krecentdocument.h
Examining data/kio-5.74.0/src/core/kfileitem.h
Examining data/kio-5.74.0/src/core/kioglobal_p_win.cpp
Examining data/kio-5.74.0/src/core/job.h
Examining data/kio-5.74.0/src/core/restorejob.cpp
Examining data/kio-5.74.0/src/core/authinfo.cpp
Examining data/kio-5.74.0/src/core/copyjob.cpp
Examining data/kio-5.74.0/src/gui/openwithhandlerinterface.h
Examining data/kio-5.74.0/src/gui/applicationlauncherjob.cpp
Examining data/kio-5.74.0/src/gui/openwithhandlerinterface.cpp
Examining data/kio-5.74.0/src/gui/kprocessrunner_p.h
Examining data/kio-5.74.0/src/gui/kprocessrunner.cpp
Examining data/kio-5.74.0/src/gui/openorexecutefileinterface.h
Examining data/kio-5.74.0/src/gui/systemd/dbustypes.h
Examining data/kio-5.74.0/src/gui/systemd/scopedprocessrunner.cpp
Examining data/kio-5.74.0/src/gui/systemd/systemdprocessrunner_p.h
Examining data/kio-5.74.0/src/gui/systemd/systemdprocessrunner.cpp
Examining data/kio-5.74.0/src/gui/systemd/scopedprocessrunner_p.h
Examining data/kio-5.74.0/src/gui/faviconrequestjob.h
Examining data/kio-5.74.0/src/gui/openorexecutefileinterface.cpp
Examining data/kio-5.74.0/src/gui/commandlauncherjob.h
Examining data/kio-5.74.0/src/gui/openurljob.h
Examining data/kio-5.74.0/src/gui/faviconrequestjob.cpp
Examining data/kio-5.74.0/src/gui/applicationlauncherjob.h
Examining data/kio-5.74.0/src/gui/commandlauncherjob.cpp
Examining data/kio-5.74.0/src/gui/openurljob.cpp
Examining data/kio-5.74.0/src/kiod/kiod_main.cpp
Examining data/kio-5.74.0/src/kioslave/kioslave.cpp
Examining data/kio-5.74.0/src/kntlm/kntlm.cpp
Examining data/kio-5.74.0/src/kntlm/des.cpp
Examining data/kio-5.74.0/src/kntlm/kntlm.h
Examining data/kio-5.74.0/src/kntlm/des.h
Examining data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp
Examining data/kio-5.74.0/src/ioslaves/ftp/ftp.h
Examining data/kio-5.74.0/src/ioslaves/file/fdreceiver.cpp
Examining data/kio-5.74.0/src/ioslaves/file/sharefd_p.h
Examining data/kio-5.74.0/src/ioslaves/file/legacycodec.cpp
Examining data/kio-5.74.0/src/ioslaves/file/legacycodec.h
Examining data/kio-5.74.0/src/ioslaves/file/file_p.h
Examining data/kio-5.74.0/src/ioslaves/file/file.h
Examining data/kio-5.74.0/src/ioslaves/file/fdreceiver.h
Examining data/kio-5.74.0/src/ioslaves/file/kauth/filehelper.h
Examining data/kio-5.74.0/src/ioslaves/file/kauth/filehelper.cpp
Examining data/kio-5.74.0/src/ioslaves/file/kauth/fdsender.cpp
Examining data/kio-5.74.0/src/ioslaves/file/kauth/fdsender.h
Examining data/kio-5.74.0/src/ioslaves/file/file_win.cpp
Examining data/kio-5.74.0/src/ioslaves/file/file.cpp
Examining data/kio-5.74.0/src/ioslaves/file/file_unix.cpp
Examining data/kio-5.74.0/src/ioslaves/http/httpfilter.cpp
Examining data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp
Examining data/kio-5.74.0/src/ioslaves/http/http.cpp
Examining data/kio-5.74.0/src/ioslaves/http/httpauthentication.h
Examining data/kio-5.74.0/src/ioslaves/http/parsinghelpers.cpp
Examining data/kio-5.74.0/src/ioslaves/http/kcookiejar/kcookieserver.cpp
Examining data/kio-5.74.0/src/ioslaves/http/kcookiejar/kcookiejar.h
Examining data/kio-5.74.0/src/ioslaves/http/kcookiejar/kcookiejar_include.h
Examining data/kio-5.74.0/src/ioslaves/http/kcookiejar/main.cpp
Examining data/kio-5.74.0/src/ioslaves/http/kcookiejar/kcookiewin.h
Examining data/kio-5.74.0/src/ioslaves/http/kcookiejar/kcookiejar.cpp
Examining data/kio-5.74.0/src/ioslaves/http/kcookiejar/kcookiewin.cpp
Examining data/kio-5.74.0/src/ioslaves/http/kcookiejar/kcookieserver.h
Examining data/kio-5.74.0/src/ioslaves/http/httpauthentication.cpp
Examining data/kio-5.74.0/src/ioslaves/http/parsinghelpers.h
Examining data/kio-5.74.0/src/ioslaves/http/httpfilter.h
Examining data/kio-5.74.0/src/ioslaves/http/http.h
Examining data/kio-5.74.0/src/ioslaves/telnet/ktelnetservice.cpp
Examining data/kio-5.74.0/src/ioslaves/help/kio_help.h
Examining data/kio-5.74.0/src/ioslaves/help/main.cpp
Examining data/kio-5.74.0/src/ioslaves/help/xslt_help.cpp
Examining data/kio-5.74.0/src/ioslaves/help/xslt_help.h
Examining data/kio-5.74.0/src/ioslaves/help/kio_help.cpp
Examining data/kio-5.74.0/src/ioslaves/help/main_ghelp.cpp
Examining data/kio-5.74.0/src/ioslaves/trash/trashsizecache.cpp
Examining data/kio-5.74.0/src/ioslaves/trash/kcmtrash.h
Examining data/kio-5.74.0/src/ioslaves/trash/trashimpl.h
Examining data/kio-5.74.0/src/ioslaves/trash/kcmtrash.cpp
Examining data/kio-5.74.0/src/ioslaves/trash/tests/lockingtest.cpp
Examining data/kio-5.74.0/src/ioslaves/trash/tests/testtrash.h
Examining data/kio-5.74.0/src/ioslaves/trash/tests/testtrash.cpp
Examining data/kio-5.74.0/src/ioslaves/trash/kinterprocesslock.h
Examining data/kio-5.74.0/src/ioslaves/trash/kio_trash.cpp
Examining data/kio-5.74.0/src/ioslaves/trash/kio_trash.h
Examining data/kio-5.74.0/src/ioslaves/trash/kio_trash_win.cpp
Examining data/kio-5.74.0/src/ioslaves/trash/ktrash.cpp
Examining data/kio-5.74.0/src/ioslaves/trash/trashsizecache.h
Examining data/kio-5.74.0/src/ioslaves/trash/kinterprocesslock.cpp
Examining data/kio-5.74.0/src/ioslaves/trash/discspaceutil.h
Examining data/kio-5.74.0/src/ioslaves/trash/kio_trash_win.h
Examining data/kio-5.74.0/src/ioslaves/trash/discspaceutil.cpp
Examining data/kio-5.74.0/src/ioslaves/trash/trashimpl.cpp
Examining data/kio-5.74.0/src/ioslaves/remote/remoteimpl.h
Examining data/kio-5.74.0/src/ioslaves/remote/remoteimpl.cpp
Examining data/kio-5.74.0/src/ioslaves/remote/kio_remote.cpp
Examining data/kio-5.74.0/src/ioslaves/remote/kio_remote.h
Examining data/kio-5.74.0/src/ioslaves/remote/kdedmodule/remotedirnotify.h
Examining data/kio-5.74.0/src/ioslaves/remote/kdedmodule/remotedirnotifymodule.cpp
Examining data/kio-5.74.0/src/ioslaves/remote/kdedmodule/remotedirnotify.cpp
Examining data/kio-5.74.0/src/ioslaves/remote/kdedmodule/remotedirnotifymodule.h
Examining data/kio-5.74.0/src/urifilters/fixhost/fixhosturifilter.cpp
Examining data/kio-5.74.0/src/urifilters/fixhost/fixhosturifilter.h
Examining data/kio-5.74.0/src/urifilters/localdomain/localdomainurifilter.cpp
Examining data/kio-5.74.0/src/urifilters/localdomain/localdomainurifilter.h
Examining data/kio-5.74.0/src/urifilters/shorturi/kshorturifilter.cpp
Examining data/kio-5.74.0/src/urifilters/shorturi/kshorturifilter.h
Examining data/kio-5.74.0/src/urifilters/ikws/searchproviderdlg.cpp
Examining data/kio-5.74.0/src/urifilters/ikws/searchprovider.h
Examining data/kio-5.74.0/src/urifilters/ikws/searchproviderregistry.h
Examining data/kio-5.74.0/src/urifilters/ikws/kuriikwsfiltereng.h
Examining data/kio-5.74.0/src/urifilters/ikws/searchproviderregistry.cpp
Examining data/kio-5.74.0/src/urifilters/ikws/kurisearchfilter.h
Examining data/kio-5.74.0/src/urifilters/ikws/searchproviderdlg.h
Examining data/kio-5.74.0/src/urifilters/ikws/searchprovider.cpp
Examining data/kio-5.74.0/src/urifilters/ikws/ikwsopts.h
Examining data/kio-5.74.0/src/urifilters/ikws/kurisearchfilter.cpp
Examining data/kio-5.74.0/src/urifilters/ikws/ikwsopts_p.h
Examining data/kio-5.74.0/src/urifilters/ikws/kuriikwsfiltereng.cpp
Examining data/kio-5.74.0/src/urifilters/ikws/kuriikwsfilter.h
Examining data/kio-5.74.0/src/urifilters/ikws/ikwsopts.cpp
Examining data/kio-5.74.0/src/urifilters/ikws/kuriikwsfilter.cpp
Examining data/kio-5.74.0/src/protocoltojson/main.cpp
Examining data/kio-5.74.0/src/filewidgets/kdirsortfilterproxymodel.h
Examining data/kio-5.74.0/src/filewidgets/kfilecopytomenu.h
Examining data/kio-5.74.0/src/filewidgets/kdiroperator.h
Examining data/kio-5.74.0/src/filewidgets/kimagefilepreview.h
Examining data/kio-5.74.0/src/filewidgets/kfilemetapreview_p.h
Examining data/kio-5.74.0/src/filewidgets/kfilewidgetdocktitlebar_p.h
Examining data/kio-5.74.0/src/filewidgets/kfilewidget.cpp
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatorbuttonbase.cpp
Examining data/kio-5.74.0/src/filewidgets/kfilecopytomenu_p.h
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatormenu_p.h
Examining data/kio-5.74.0/src/filewidgets/kpreviewwidgetbase.h
Examining data/kio-5.74.0/src/filewidgets/kpreviewwidgetbase.cpp
Examining data/kio-5.74.0/src/filewidgets/urlutil_p.h
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatorpathselectoreventfilter_p.h
Examining data/kio-5.74.0/src/filewidgets/kurlnavigator.cpp
Examining data/kio-5.74.0/src/filewidgets/kstatusbarofflineindicator.cpp
Examining data/kio-5.74.0/src/filewidgets/defaultviewadapter.cpp
Examining data/kio-5.74.0/src/filewidgets/kfileplaceeditdialog.cpp
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatorbutton_p.h
Examining data/kio-5.74.0/src/filewidgets/kfileplacesview.cpp
Examining data/kio-5.74.0/src/filewidgets/kfileplacesview_p.h
Examining data/kio-5.74.0/src/filewidgets/kimagefilepreview.cpp
Examining data/kio-5.74.0/src/filewidgets/kfilepreviewgenerator.cpp
Examining data/kio-5.74.0/src/filewidgets/kfilefiltercombo.cpp
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatormenu.cpp
Examining data/kio-5.74.0/src/filewidgets/kdiroperatoriconview.cpp
Examining data/kio-5.74.0/src/filewidgets/kfileplaceeditdialog.h
Examining data/kio-5.74.0/src/filewidgets/kdiroperatordetailview.cpp
Examining data/kio-5.74.0/src/filewidgets/krecentdirs.h
Examining data/kio-5.74.0/src/filewidgets/kabstractviewadapter.h
Examining data/kio-5.74.0/src/filewidgets/knameandurlinputdialog.cpp
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatorbutton.cpp
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatorplacesselector.cpp
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatortogglebutton_p.h
Examining data/kio-5.74.0/src/filewidgets/kfilebookmarkhandler.cpp
Examining data/kio-5.74.0/src/filewidgets/kfilewidgetdocktitlebar.cpp
Examining data/kio-5.74.0/src/filewidgets/kfilewidget.h
Examining data/kio-5.74.0/src/filewidgets/knewfilemenu.cpp
Examining data/kio-5.74.0/src/filewidgets/kfileplacesmodel.cpp
Examining data/kio-5.74.0/src/filewidgets/kdiroperatoriconview_p.h
Examining data/kio-5.74.0/src/filewidgets/kfilecustomdialog.h
Examining data/kio-5.74.0/src/filewidgets/krecentdirs.cpp
Examining data/kio-5.74.0/src/filewidgets/kfileplacesitem_p.h
Examining data/kio-5.74.0/src/filewidgets/knewfilemenu.h
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatordropdownbutton.cpp
Examining data/kio-5.74.0/src/filewidgets/kfileplacesitem.cpp
Examining data/kio-5.74.0/src/filewidgets/kfilecopytomenu.cpp
Examining data/kio-5.74.0/src/filewidgets/kurlnavigator.h
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatorbuttonbase_p.h
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatorprotocolcombo.cpp
Examining data/kio-5.74.0/src/filewidgets/kencodingfiledialog.cpp
Examining data/kio-5.74.0/src/filewidgets/kdirsortfilterproxymodel.cpp
Examining data/kio-5.74.0/src/filewidgets/kfilecustomdialog.cpp
Examining data/kio-5.74.0/src/filewidgets/defaults-kfile.h
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatordropdownbutton_p.h
Examining data/kio-5.74.0/src/filewidgets/kstatusbarofflineindicator.h
Examining data/kio-5.74.0/src/filewidgets/kfileplacesview.h
Examining data/kio-5.74.0/src/filewidgets/kencodingfiledialog.h
Examining data/kio-5.74.0/src/filewidgets/defaultviewadapter_p.h
Examining data/kio-5.74.0/src/filewidgets/kfilepreviewgenerator.h
Examining data/kio-5.74.0/src/filewidgets/kfilebookmarkhandler_p.h
Examining data/kio-5.74.0/src/filewidgets/kdiroperatordetailview_p.h
Examining data/kio-5.74.0/src/filewidgets/kfilefiltercombo.h
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatortogglebutton.cpp
Examining data/kio-5.74.0/src/filewidgets/kfilemetapreview.cpp
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatorprotocolcombo_p.h
Examining data/kio-5.74.0/src/filewidgets/kdiroperator.cpp
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatorpathselectoreventfilter.cpp
Examining data/kio-5.74.0/src/filewidgets/kurlnavigatorplacesselector_p.h
Examining data/kio-5.74.0/src/filewidgets/knameandurlinputdialog.h
Examining data/kio-5.74.0/src/filewidgets/kfileplacesmodel.h
FINAL RESULTS:
data/kio-5.74.0/autotests/jobtest.cpp:554:19: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
const int n = readlink(QFile::encodeName(path).constData(), linkTargetBuffer, sizeof(linkTargetBuffer) - 1);
data/kio-5.74.0/autotests/jobtest.cpp:1651:26: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIO::Job *job = KIO::chmod(items, newPerm, S_IWGRP /*TODO: QFile::WriteGroup*/, QString(), QString(), false, KIO::HideProgressInfo);
data/kio-5.74.0/autotests/jobtest.cpp:1670:26: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIO::Job *job = KIO::chmod(items, newPerm, S_ISVTX, QString(), QString(), false, KIO::HideProgressInfo);
data/kio-5.74.0/autotests/jobtest.cpp:1690:26: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIO::Job *job = KIO::chmod(items, newPerm, S_IWGRP /*TODO: QFile::WriteGroup*/, QStringLiteral("root"), QString(), false, KIO::HideProgressInfo);
data/kio-5.74.0/autotests/kdirlistertest.cpp:1223:32: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIO::SimpleJob *job = KIO::chmod(list.first().url(), permissions);
data/kio-5.74.0/autotests/kdirmodeltest.cpp:685:26: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIO::Job *job = KIO::chmod(items, newPerm, S_IWGRP /*TODO: QFile::WriteGroup*/, QString(), QString(), false, KIO::HideProgressInfo);
data/kio-5.74.0/autotests/privilegejobtest.cpp:50:26: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIO::Job *job = KIO::chmod(items, newPerm, S_IWGRP, QString(), QString(), false, KIO::HideProgressInfo);
data/kio-5.74.0/src/core/chmodjob.cpp:227:36: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIO::SimpleJob *job = KIO::chmod(info.url, info.permissions);
data/kio-5.74.0/src/core/chmodjob.cpp:273:16: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
ChmodJob *KIO::chmod(const KFileItemList &lstItems, int permissions, int mask,
data/kio-5.74.0/src/core/chmodjob.h:71:26: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIOCORE_EXPORT ChmodJob *chmod(const KFileItemList &lstItems, int permissions, int mask,
data/kio-5.74.0/src/core/filecopyjob.cpp:514:29: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
d->m_chmodJob = chmod(d->m_dest, d->m_permissions);
data/kio-5.74.0/src/core/forwardingslavebase.cpp:274:27: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
void ForwardingSlaveBase::chmod(const QUrl &url, int permissions)
data/kio-5.74.0/src/core/forwardingslavebase.cpp:280:36: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIO::SimpleJob *job = KIO::chmod(new_url, permissions);
data/kio-5.74.0/src/core/forwardingslavebase.h:106:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
void chmod(const QUrl &url, int permissions) override;
data/kio-5.74.0/src/core/kioglobal_p_unix.cpp:31:14: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
return ::chown(QFile::encodeName(file).constData(), newOwner.nativeId(), newGroup.nativeId()) == 0;
data/kio-5.74.0/src/core/kssl/ksslsettings.cpp:178:14: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KDE::chmod(cfgName, 0600);
data/kio-5.74.0/src/core/simplejob.cpp:340:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
SimpleJob *KIO::chmod(const QUrl &url, int permissions)
data/kio-5.74.0/src/core/simplejob.cpp:347:17: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
SimpleJob *KIO::chown(const QUrl &url, const QString &owner, const QString &group)
data/kio-5.74.0/src/core/simplejob.h:157:27: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIOCORE_EXPORT SimpleJob *chmod(const QUrl &url, int permissions);
data/kio-5.74.0/src/core/simplejob.h:167:27: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
KIOCORE_EXPORT SimpleJob *chown(const QUrl &url, const QString &owner, const QString &group);
data/kio-5.74.0/src/core/slavebase.cpp:962:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
void SlaveBase::chmod(QUrl const &, int)
data/kio-5.74.0/src/core/slavebase.cpp:970:17: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
void SlaveBase::chown(QUrl const &, const QString &, const QString &)
data/kio-5.74.0/src/core/slavebase.cpp:1305:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(url, i);
data/kio-5.74.0/src/core/slavebase.cpp:1313:9: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
chown(url, owner, group);
data/kio-5.74.0/src/core/slavebase.h:586:18: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
virtual void chmod(const QUrl &url, int permissions);
data/kio-5.74.0/src/core/slavebase.h:592:18: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
virtual void chown(const QUrl &url, const QString &owner, const QString &group);
data/kio-5.74.0/src/ioslaves/file/file.cpp:151:20: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
void FileProtocol::chmod(const QUrl &url, int permissions)
data/kio-5.74.0/src/ioslaves/file/file.cpp:158:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (::chmod(_path.constData(), permissions) == -1 ||
data/kio-5.74.0/src/ioslaves/file/file.cpp:243:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(url, permissions);
data/kio-5.74.0/src/ioslaves/file/file.h:53:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
void chmod(const QUrl &url, int permissions) override;
data/kio-5.74.0/src/ioslaves/file/file.h:54:10: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
void chown(const QUrl &url, const QString &owner, const QString &group) override;
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:378:33: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t n = readlink(path.constData(), linkTargetBuffer.data(), bufferSize);
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:819:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if ((::chmod(_dest.data(), _mode) != 0)
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:842:11: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (::chown(_dest.data(), -1 /*keep user*/, buff_src.st_gid) == 0) {
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:845:17: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
(void)::chown(_dest.data(), buff_src.st_uid, -1 /*keep group*/);
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:1209:20: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
void FileProtocol::chown(const QUrl &url, const QString &owner, const QString &group)
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:1242:11: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (::chown(_path.constData(), uid, gid) == -1) {
data/kio-5.74.0/src/ioslaves/file/file_win.cpp:341:20: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
void FileProtocol::chown(const QUrl &url, const QString &, const QString &)
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1261:21: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
Result FtpInternal::chmod(const QUrl &url, int permissions)
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:2699:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
void Ftp::chmod(const QUrl &url, int permissions)
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:2701:17: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
finalize(d->chmod(url, permissions));
data/kio-5.74.0/src/ioslaves/ftp/ftp.h:120:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
void chmod(const QUrl &url, int permissions) override;
data/kio-5.74.0/src/ioslaves/ftp/ftp.h:213:30: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
Q_REQUIRED_RESULT Result chmod(const QUrl &url, int permissions);
data/kio-5.74.0/src/ioslaves/trash/kio_trash.cpp:458:19: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
int n = ::readlink(physicalPath_c.constData(), buffer2, 999);
data/kio-5.74.0/src/ioslaves/trash/tests/testtrash.cpp:118:40: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIO::ChmodJob *chmodJob = KIO::chmod(fileItemList, 0200, 0200, QString(), QString(), true /*recursive*/, KIO::HideProgressInfo);
data/kio-5.74.0/src/ioslaves/trash/tests/testtrash.cpp:628:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
::chmod(QFile::encodeName(subDirPath).constData(), 0500);
data/kio-5.74.0/src/ioslaves/trash/trashimpl.cpp:593:15: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
::chmod(QFile::encodeName(path), permissions);
data/kio-5.74.0/src/ioslaves/trash/trashimpl.cpp:648:40: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIO::ChmodJob *chmodJob = KIO::chmod(fileItemList, 0200, 0200, QString(), QString(), true /*recursive*/, KIO::HideProgressInfo);
data/kio-5.74.0/src/widgets/kpropertiesdialog.cpp:1637:39: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
KIO::Job *chmodJob = KIO::chmod(fileItemList, 0100, 0100, QString(), QString(), KIO::HideProgressInfo);
data/kio-5.74.0/src/widgets/kpropertiesdialog.cpp:2720:20: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
job = KIO::chmod(files, orFilePermissions, ~andFilePermissions,
data/kio-5.74.0/src/widgets/kpropertiesdialog.cpp:2737:20: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
job = KIO::chmod(dirs, orDirPermissions, ~andDirPermissions,
data/kio-5.74.0/autotests/http/httpheadertokenizetest.cpp:92:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, messyHeader);
data/kio-5.74.0/autotests/http/httpheadertokenizetest.cpp:149:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, redirectHeader);
data/kio-5.74.0/src/core/kfileitem.cpp:1387:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QLocale::system().toString(d->time(which), QLocale::LongFormat);
data/kio-5.74.0/src/core/kssl/ksslsettings.cpp:165:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
ciphername.sprintf("cipher_%s", v3ciphers[i].ascii());
data/kio-5.74.0/src/filewidgets/kencodingfiledialog.cpp:104:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
d->encoding->setCurrentIndex(system);
data/kio-5.74.0/src/filewidgets/kfileplacesmodel.cpp:1350:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != nullptr) {
data/kio-5.74.0/src/filewidgets/kfileplacesmodel.cpp:1351:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
connect(access, SIGNAL(teardownDone(Solid::ErrorType,QVariant,QString)),
data/kio-5.74.0/src/filewidgets/kfileplacesmodel.cpp:1386:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
d->setupInProgress[access] = index;
data/kio-5.74.0/src/filewidgets/kfileplacesmodel.cpp:1388:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
connect(access, SIGNAL(setupDone(Solid::ErrorType,QVariant,QString)),
data/kio-5.74.0/src/ioslaves/file/file.cpp:887:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int mount_ret = system(buffer.constData());
data/kio-5.74.0/src/ioslaves/file/file.cpp:1004:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (WEXITSTATUS(system(buffer.constData())) == 4) {
data/kio-5.74.0/src/ioslaves/file/file.cpp:1036:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buffer.constData());
data/kio-5.74.0/src/ioslaves/file/file.cpp:1072:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int res = system(buffer.constData());
data/kio-5.74.0/src/ioslaves/file/file.cpp:1102:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int res = system(buffer.data());
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:416:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
mode_t access;
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:431:57: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
entry.fastInsert(KIO::UDSEntry::UDS_ACCESS, access);
data/kio-5.74.0/src/ioslaves/file/file_win.cpp:73:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= S_IRUSR;
data/kio-5.74.0/src/ioslaves/file/file_win.cpp:76:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= S_IWUSR;
data/kio-5.74.0/src/ioslaves/file/file_win.cpp:79:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access |= S_IXUSR;
data/kio-5.74.0/src/ioslaves/file/file_win.cpp:83:45: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
entry.insert(KIO::UDSEntry::UDS_ACCESS, access);
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1283:56: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
entry.fastInsert(KIO::UDSEntry::UDS_ACCESS, ftpEnt.access);
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1742:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_IRUSR;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1745:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_IWUSR;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1748:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_IXUSR;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1751:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_IRGRP;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1754:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_IWGRP;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1757:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_IXGRP;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1760:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_IROTH;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1763:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_IWOTH;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1766:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_IXOTH;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1769:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_ISUID;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1772:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_ISGID;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1775:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
de.access |= S_ISVTX;
data/kio-5.74.0/src/ioslaves/ftp/ftp.h:31:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
mode_t access;
data/kio-5.74.0/src/ioslaves/trash/kio_trash.cpp:480:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access &= 07555; // make it readonly, since it's in the trashcan
data/kio-5.74.0/src/ioslaves/trash/kio_trash.cpp:493:49: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
entry.fastInsert(KIO::UDSEntry::UDS_ACCESS, access);
data/kio-5.74.0/src/ioslaves/trash/trashimpl.cpp:1180:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
&& (::access(rootTrashDir_c.constData(), W_OK) == 0) // must be user-writable
data/kio-5.74.0/src/urifilters/shorturi/kshorturifilter.cpp:362:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!isDir && access(QFile::encodeName(path).data(), X_OK) == 0) {
data/kio-5.74.0/autotests/kurifiltertest.cpp:176:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *envDelimiter = ::getenv("KURIFILTERTEST_DELIMITER");
data/kio-5.74.0/src/kpac/kpac_dhcp_helper.c:132:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/kio-5.74.0/autotests/accessmanagertest.cpp:34:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/accessmanagertest.cpp:46:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(buffer.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/accessmanagertest.cpp:57:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/accessmanagertest.cpp:80:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/applicationlauncherjobtest.cpp:90:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY2(srcFile.open(QFile::WriteOnly), qPrintable(srcFile.errorString()));
data/kio-5.74.0/autotests/applicationlauncherjobtest.cpp:333:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(scriptFile.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/commandlauncherjobtest.cpp:32:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY2(srcFile.open(QFile::WriteOnly), qPrintable(srcFile.errorString()));
data/kio-5.74.0/autotests/deletejobtest.cpp:44:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tempFile.open());
data/kio-5.74.0/autotests/deletejobtest.cpp:97:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/dropjobtest.cpp:113:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY2(srcFile.open(QFile::WriteOnly), qPrintable(srcFile.errorString()));
data/kio-5.74.0/autotests/fileundomanagertest.cpp:102:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/autotests/ftptest.cpp:99:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::WriteOnly));
data/kio-5.74.0/autotests/ftptest.cpp:125:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::ReadOnly));
data/kio-5.74.0/autotests/ftptest.cpp:147:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::ReadOnly));
data/kio-5.74.0/autotests/ftptest.cpp:198:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::ReadOnly));
data/kio-5.74.0/autotests/ftptest.cpp:219:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::ReadOnly));
data/kio-5.74.0/autotests/http/httpfiltertest.cpp:55:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(dev.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/http/httpfiltertest.cpp:104:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/http/httpheadertokenizetest.cpp:84:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[bufSize];
data/kio-5.74.0/autotests/httpserver_p.cpp:32:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sourceBuffer.open(QIODevice::ReadOnly);
data/kio-5.74.0/autotests/jobremotetest.cpp:184:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileJob = KIO::open(u, QIODevice::WriteOnly);
data/kio-5.74.0/autotests/jobremotetest.cpp:191:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(fileJob, &KIO::FileJob::open,
data/kio-5.74.0/autotests/jobremotetest.cpp:297:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileJob = KIO::open(u, QIODevice::ReadOnly);
data/kio-5.74.0/autotests/jobremotetest.cpp:304:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(fileJob, &KIO::FileJob::open,
data/kio-5.74.0/autotests/jobremotetest.cpp:400:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileJob = KIO::open(u, QIODevice::ReadOnly);
data/kio-5.74.0/autotests/jobremotetest.cpp:407:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(fileJob, &KIO::FileJob::open,
data/kio-5.74.0/autotests/jobremotetest.cpp:470:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(m_truncatedFile.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/jobremotetest.cpp:471:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileJob = KIO::open(u, QIODevice::ReadWrite);
data/kio-5.74.0/autotests/jobremotetest.cpp:476:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(fileJob, &KIO::FileJob::open,
data/kio-5.74.0/autotests/jobtest.cpp:205:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(putData.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/jobtest.cpp:229:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(srcFile.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/jobtest.cpp:248:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tempFile.open());
data/kio-5.74.0/autotests/jobtest.cpp:277:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(putDataBuffer.open(QIODevice::ReadWrite));
data/kio-5.74.0/autotests/jobtest.cpp:313:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(putDataBuffer.open(QIODevice::ReadWrite));
data/kio-5.74.0/autotests/jobtest.cpp:356:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(putDataBuffer.open(QIODevice::ReadWrite));
data/kio-5.74.0/autotests/jobtest.cpp:398:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(putDataBuffer.open(QIODevice::ReadWrite));
data/kio-5.74.0/autotests/jobtest.cpp:553:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkTargetBuffer[4096];
data/kio-5.74.0/autotests/jobtest.cpp:1319:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = f.open(QIODevice::WriteOnly);
data/kio-5.74.0/autotests/jobtest.cpp:2293:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open()) {
data/kio-5.74.0/autotests/kcookiejar/kcookiejartest.cpp:73:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QIODevice::Append);
data/kio-5.74.0/autotests/kcookiejar/kcookiejartest.cpp:218:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/kio-5.74.0/autotests/kdirlistertest.cpp:292:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tempFile.open());
data/kio-5.74.0/autotests/kdirlistertest.cpp:366:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::Append));
data/kio-5.74.0/autotests/kdirlistertest.cpp:1367:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/kdirmodeltest.cpp:1174:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(dh.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/kfilecopytomenutest.cpp:66:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY2(srcFile.open(QFile::WriteOnly), qPrintable(srcFile.errorString()));
data/kio-5.74.0/autotests/kfileitemtest.cpp:40:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/kfileitemtest.cpp:141:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/kio-5.74.0/autotests/kfileitemtest.cpp:143:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(fileObj.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/kfileitemtest.cpp:187:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/kfileitemtest.cpp:197:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/kio-5.74.0/autotests/kfileitemtest.cpp:232:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/kio-5.74.0/autotests/kfileitemtest.cpp:251:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/kio-5.74.0/autotests/kfileitemtest.cpp:275:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/kio-5.74.0/autotests/kfileitemtest.cpp:384:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/kfileitemtest.cpp:453:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/kfileitemtest.cpp:551:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/kfileitemtest.cpp:741:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/kio-5.74.0/autotests/kfileitemtest.cpp:777:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/kfileplacesmodeltest.cpp:330:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/kfileplacesmodeltest.cpp:414:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(debugFile.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/kiotesthelper.h:61:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/autotests/knewfilemenutest.cpp:55:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(srcFile.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/knewfilemenutest.cpp:186:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/krununittest.cpp:90:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/autotests/krununittest.cpp:362:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY2(srcFile.open(QFile::WriteOnly), qPrintable(srcFile.errorString()));
data/kio-5.74.0/autotests/ktcpsockettest.cpp:323:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[4];
data/kio-5.74.0/autotests/kurifiltertest.cpp:146:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tmpFile.open(QIODevice::ReadWrite)) {
data/kio-5.74.0/autotests/kurlcompletiontest.cpp:74:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ok = f1.open(QIODevice::WriteOnly);
data/kio-5.74.0/autotests/kurlcompletiontest.cpp:79:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = f2.open(QIODevice::WriteOnly);
data/kio-5.74.0/autotests/kurlcompletiontest.cpp:84:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = f3.open(QIODevice::WriteOnly);
data/kio-5.74.0/autotests/kurlcompletiontest.cpp:89:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = f4.open(QIODevice::WriteOnly);
data/kio-5.74.0/autotests/kurlcompletiontest.cpp:94:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ok = f5.open(QIODevice::WriteOnly);
data/kio-5.74.0/autotests/kurlrequestertest.cpp:37:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Truncate)) {
data/kio-5.74.0/autotests/kurlrequestertest.cpp:72:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tempFile.open());
data/kio-5.74.0/autotests/listdirtest.cpp:63:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/openurljobtest.cpp:136:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY2(srcFile.open(QFile::WriteOnly), qPrintable(srcFile.errorString()));
data/kio-5.74.0/autotests/openurljobtest.cpp:143:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/kio-5.74.0/autotests/openurljobtest.cpp:207:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tempFile.open());
data/kio-5.74.0/autotests/openurljobtest.cpp:291:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/openurljobtest.cpp:328:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/openurljobtest.cpp:379:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/openurljobtest.cpp:484:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/kio-5.74.0/autotests/pastetest.cpp:136:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/autotests/pastetest.cpp:205:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::ReadOnly));
data/kio-5.74.0/autotests/udsentrytest.cpp:212:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/kio-5.74.0/autotests/webdavtest.cpp:105:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::WriteOnly));
data/kio-5.74.0/autotests/webdavtest.cpp:131:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::ReadOnly));
data/kio-5.74.0/autotests/webdavtest.cpp:155:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::ReadOnly));
data/kio-5.74.0/autotests/webdavtest.cpp:174:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::ReadOnly));
data/kio-5.74.0/autotests/webdavtest.cpp:184:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::ReadOnly));
data/kio-5.74.0/autotests/webdavtest.cpp:207:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::ReadOnly));
data/kio-5.74.0/autotests/webdavtest.cpp:237:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QFile::ReadOnly));
data/kio-5.74.0/src/core/authinfo.cpp:371:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/core/connectionbackend.cpp:107:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!socketfile.open()) {
data/kio-5.74.0/src/core/connectionbackend.cpp:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HeaderSize + 2];
data/kio-5.74.0/src/core/connectionbackend.cpp:175:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%6x_%2x_", data.size(), cmd);
data/kio-5.74.0/src/core/connectionbackend.cpp:228:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HeaderSize];
data/kio-5.74.0/src/core/copyjob.cpp:1609:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadWrite)) {
data/kio-5.74.0/src/core/davjob.cpp:80:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->str_response.data() + oldSize, data.data(), data.size());
data/kio-5.74.0/src/core/filejob.cpp:175:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
emit q->open(q);
data/kio-5.74.0/src/core/filejob.cpp:208:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
q->connect(slave, SIGNAL(open()),
data/kio-5.74.0/src/core/filejob.cpp:229:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FileJob *KIO::open(const QUrl &url, QIODevice::OpenMode mode)
data/kio-5.74.0/src/core/filejob.h:141:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(KIO::Job *job);
data/kio-5.74.0/src/core/filejob.h:202:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
KIOCORE_EXPORT FileJob *open(const QUrl &url, QIODevice::OpenMode mode);
data/kio-5.74.0/src/core/global.cpp:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charbuf[256];
data/kio-5.74.0/src/core/global.cpp:58:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(charbuf, "%lld", size);
data/kio-5.74.0/src/core/kcoredirlister.cpp:2801:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dotHiddenFile.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/kio-5.74.0/src/core/kfileitem.cpp:414:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[ 12 ];
data/kio-5.74.0/src/core/kmountpoint.cpp:119:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define SETMNTENT fopen
data/kio-5.74.0/src/core/kmountpoint.cpp:205:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/core/knfsshare.cpp:81:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/core/ksslcertificatemanager.cpp:288:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!QDir().mkpath(userCertDir) || certFile.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/core/ksslcertificatemanager.cpp:291:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!certFile.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/src/core/ktcpsocket.cpp:467:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool KTcpSocket::open(QIODevice::OpenMode open)
data/kio-5.74.0/src/core/ktcpsocket.cpp:467:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool KTcpSocket::open(QIODevice::OpenMode open)
data/kio-5.74.0/src/core/ktcpsocket.cpp:469:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ret = d->sock.open(open);
data/kio-5.74.0/src/core/ktcpsocket.cpp:469:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool ret = d->sock.open(open);
data/kio-5.74.0/src/core/ktcpsocket.h:252:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(QIODevice::OpenMode open) override;
data/kio-5.74.0/src/core/ktcpsocket.h:252:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(QIODevice::OpenMode open) override;
data/kio-5.74.0/src/core/slavebase.cpp:914:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void SlaveBase::open(QUrl const &, QIODevice::OpenMode)
data/kio-5.74.0/src/core/slavebase.cpp:1201:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(url, mode); //krazy:exclude=syscalls
data/kio-5.74.0/src/core/slavebase.h:453:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(const QUrl &url, QIODevice::OpenMode mode);
data/kio-5.74.0/src/core/slaveinterface.cpp:143:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
emit open();
data/kio-5.74.0/src/core/slaveinterface.h:153:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/kio-5.74.0/src/core/storedtransferjob.cpp:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data.data() + oldSize, data.data(), data.size());
data/kio-5.74.0/src/core/untrustedprogramhandlerinterface.cpp:38:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!desktopFile.open(QFile::ReadOnly)) {
data/kio-5.74.0/src/core/untrustedprogramhandlerinterface.cpp:55:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!saveFile.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/src/core/untrustedprogramhandlerinterface.cpp:92:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!desktopFile.open(QFile::ReadOnly)) {
data/kio-5.74.0/src/filewidgets/kdiroperator.cpp:879:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dialog->open();
data/kio-5.74.0/src/filewidgets/knewfilemenu.cpp:546:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (srcFile.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/filewidgets/knewfilemenu.cpp:574:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!srcFile.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/filewidgets/knewfilemenu.cpp:917:55: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!xdgUserDirs.isEmpty() && xdgUserDirsFile.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/kio-5.74.0/src/filewidgets/knewfilemenu.cpp:1167:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmpFile.open()) {
data/kio-5.74.0/src/filewidgets/knewfilemenu.cpp:1178:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/gui/faviconrequestjob.cpp:135:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/kio-5.74.0/src/gui/faviconrequestjob.cpp:152:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (saveFile.open(QIODevice::WriteOnly) &&
data/kio-5.74.0/src/gui/faviconrequestjob.cpp:197:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_iconData.data() + oldSize, data.data(), data.size());
data/kio-5.74.0/src/ioslaves/file/fdreceiver.cpp:64:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(&m_fileDes, CMSG_DATA(msg.cmsgHeader()), sizeof m_fileDes);
data/kio-5.74.0/src/ioslaves/file/file.cpp:307:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/ioslaves/file/file.cpp:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ MAX_IPC_SIZE ];
data/kio-5.74.0/src/ioslaves/file/file.cpp:385:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void FileProtocol::open(const QUrl &url, QIODevice::OpenMode mode)
data/kio-5.74.0/src/ioslaves/file/file.cpp:410:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!mFile->open(mode)) {
data/kio-5.74.0/src/ioslaves/file/file.cpp:590:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QIODevice::ReadWrite | QIODevice::Append);
data/kio-5.74.0/src/ioslaves/file/file.cpp:592:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QIODevice::Truncate | QIODevice::WriteOnly);
data/kio-5.74.0/src/ioslaves/file/file.cpp:836:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFile.open();
data/kio-5.74.0/src/ioslaves/file/file.cpp:940:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFile.open();
data/kio-5.74.0/src/ioslaves/file/file.cpp:1120:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/ioslaves/file/file.h:57:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QUrl &url, QIODevice::OpenMode mode) override;
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:513:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fd < 3 || !f.open(fd, openMode, QFileDevice::AutoCloseHandle)) {
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:607:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!src_file.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:621:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dest_file.open(QIODevice::Truncate | QIODevice::WriteOnly)) {
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:663:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ MAX_IPC_SIZE ];
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:876:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[ 256 ];
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:893:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strAttr[xattr_size];
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:1044:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char off_t_should_be_64_bits[sizeof(off_t) >= 8 ? 1 : -1]; (void) off_t_should_be_64_bits;
data/kio-5.74.0/src/ioslaves/file/kauth/fdsender.cpp:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmsg), &fd, sizeof fd);
data/kio-5.74.0/src/ioslaves/file/kauth/filehelper.cpp:126:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((parent_fd = open(parentDir.data(), O_DIRECTORY | O_PATH | O_NOFOLLOW)) == -1) {
data/kio-5.74.0/src/ioslaves/file/kauth/filehelper.cpp:198:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int new_parent_fd = open(newParentDir.constData(), O_DIRECTORY | O_PATH | O_NOFOLLOW);
data/kio-5.74.0/src/ioslaves/file/sharefd_p.h:50:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a.sun_path, path.c_str(), pathSize + 1);
data/kio-5.74.0/src/ioslaves/file/sharefd_p.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char io_buf[2];
data/kio-5.74.0/src/ioslaves/file/sharefd_p.h:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsg_buf[CMSG_SPACE(sizeof(int))];
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:235:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iCode = atoi(pTxt);
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1057:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1058:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "rest %lld", _offset);
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1795:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
day = atoi(p_date_2);
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1813:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
year = atoi(p_date_3);
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1829:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minute = atoi(semicolon + 1);
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1830:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hour = atoi(p_date_3);
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1919:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maximumIpcSize];
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1996:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ 2048 ];
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:2018:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[4];
data/kio-5.74.0/src/ioslaves/help/kio_help.cpp:353:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly) || f.isSequential() /*socket, fifo or pipe*/) {
data/kio-5.74.0/src/ioslaves/help/kio_help.cpp:361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array[MAX_IPC_SIZE];
data/kio-5.74.0/src/ioslaves/help/xslt_help.cpp:34:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!fd.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/ioslaves/help/xslt_help.cpp:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32000];
data/kio-5.74.0/src/ioslaves/http/http.cpp:271:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!device->open(QIODevice::ReadWrite)) {
data/kio-5.74.0/src/ioslaves/http/http.cpp:2086:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mybuf[64]; //somewhere close to the usual line length to avoid unread()ing too much
data/kio-5.74.0/src/ioslaves/http/http.cpp:2900:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxHeaderSize];
data/kio-5.74.0/src/ioslaves/http/http.cpp:3006:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_request.responseCode = atoi(&buffer[idx]);
data/kio-5.74.0/src/ioslaves/http/http.cpp:4166:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trash[4096];
data/kio-5.74.0/src/ioslaves/http/http.cpp:4266:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_mimeTypeBuffer.data() + old_size, d.data(), d.size());
data/kio-5.74.0/src/ioslaves/http/http.cpp:4292:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d.data(), m_mimeTypeBuffer.data(), d.size());
data/kio-5.74.0/src/ioslaves/http/http.cpp:4306:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_webDavDataBuf.data() + old_size, d.data(), d.size());
data/kio-5.74.0/src/ioslaves/http/http.cpp:4863:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file->open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/ioslaves/http/http.cpp:4904:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file->open(QIODevice::WriteOnly);
data/kio-5.74.0/src/ioslaves/http/http.cpp:5593:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_POSTbuf->open(QFile::ReadOnly)) {
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:246:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:314:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_index, index.constData(), s_hashedUrlBytes);
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:389:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (sboard.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:410:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!sboard.open(QIODevice::WriteOnly | QIODevice::Truncate)) {
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:456:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadWrite);
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:556:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!entryFile.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/ioslaves/http/httpfilter.cpp:164:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/kio-5.74.0/src/ioslaves/http/kcookiejar/kcookiejar.cpp:1301:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cookieFile.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/src/ioslaves/http/kcookiejar/kcookiejar.cpp:1430:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cookieFile.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/ioslaves/http/kcookiejar/kcookiejar.cpp:1489:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(parseField(line));
data/kio-5.74.0/src/ioslaves/trash/kio_trash.cpp:457:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[ 1000 ];
data/kio-5.74.0/src/ioslaves/trash/kio_trash_win.cpp:176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char verb[MAX_PATH];
data/kio-5.74.0/src/ioslaves/trash/kio_trash_win.cpp:429:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(delBuf.data(), path.utf16(), path.length() * 2);
data/kio-5.74.0/src/ioslaves/trash/tests/testtrash.cpp:301:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/src/ioslaves/trash/tests/testtrash.cpp:550:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY2(dirCache.open(QIODevice::ReadOnly), qPrintable(dirCache.fileName()));
data/kio-5.74.0/src/ioslaves/trash/tests/testtrash.cpp:570:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY2(dirCache.open(QIODevice::ReadOnly), qPrintable(dirCache.fileName()));
data/kio-5.74.0/src/ioslaves/trash/tests/testtrash.cpp:1130:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tmpFile.open());
data/kio-5.74.0/src/ioslaves/trash/tests/testtrash.cpp:1140:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(reader.open(QIODevice::ReadOnly));
data/kio-5.74.0/src/ioslaves/trash/trashimpl.cpp:286:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(QFile::encodeName(url.path()).constData(), O_WRONLY | O_CREAT | O_EXCL, 0600);
data/kio-5.74.0/src/ioslaves/trash/trashsizecache.cpp:41:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (out.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/src/ioslaves/trash/trashsizecache.cpp:42:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/ioslaves/trash/trashsizecache.cpp:69:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly) && out.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/src/ioslaves/trash/trashsizecache.cpp:69:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly) && out.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/src/ioslaves/trash/trashsizecache.cpp:87:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly) && out.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/src/ioslaves/trash/trashsizecache.cpp:87:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly) && out.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/src/ioslaves/trash/trashsizecache.cpp:122:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/kntlm/des.cpp:113:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char si[8][64] = {
data/kio-5.74.0/src/kntlm/des.cpp:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pc1m[56]; /* place to modify pc1 into */
data/kio-5.74.0/src/kntlm/des.cpp:224:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcr[56]; /* place to rotate pc1 into */
data/kio-5.74.0/src/kntlm/des.cpp:484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbox[32];
data/kio-5.74.0/src/kntlm/des.cpp:521:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[8])
data/kio-5.74.0/src/kntlm/des.cpp:527:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&output[j * 8], &plain[j * 8], 8);
data/kio-5.74.0/src/kntlm/des.h:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kn[16][8];
data/kio-5.74.0/src/kntlm/des.h:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iperm[16][16][8];
data/kio-5.74.0/src/kntlm/des.h:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fperm[16][16][8];
data/kio-5.74.0/src/kntlm/des.h:25:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ntlm_des_ecb_encrypt(const void *plaintext, int len, DES_KEY *akey, unsigned char output[8]);
data/kio-5.74.0/src/kntlm/kntlm.cpp:72:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf.data() + offset, data.data(), data.size());
data/kio-5.74.0/src/kntlm/kntlm.cpp:110:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[8];
data/kio-5.74.0/src/kntlm/kntlm.cpp:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(blob.data() + NTLM_BLOB_SIZE, targetinfo.data(), targetinfo.size());
data/kio-5.74.0/src/kntlm/kntlm.cpp:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf.data(), NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
data/kio-5.74.0/src/kntlm/kntlm.cpp:228:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf.data(), NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
data/kio-5.74.0/src/kntlm/kntlm.cpp:396:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.data(), challenge, 8);
data/kio-5.74.0/src/kntlm/kntlm.cpp:397:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.data() + 8, clientData.data(), clientData.size());
data/kio-5.74.0/src/kntlm/kntlm.cpp:401:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac.data() + 16, clientData.data(), clientData.size());
data/kio-5.74.0/src/kntlm/kntlm.h:83:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8]; /* "NTLMSSP\0" */
data/kio-5.74.0/src/kntlm/kntlm.h:94:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8];
data/kio-5.74.0/src/kntlm/kntlm.h:107:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[8];
data/kio-5.74.0/src/kpac/discovery.cpp:71:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ PACKETSZ ];
data/kio-5.74.0/src/kpac/downloader.cpp:58:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_data.data() + offset, data.data(), data.size());
data/kio-5.74.0/src/kpac/kpac_dhcp_helper.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[NI_MAXHOST];
data/kio-5.74.0/src/kpac/kpac_dhcp_helper.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wpad[DHCP_OPT_LEN + 1];
data/kio-5.74.0/src/kpasswdserver/kpasswdserver.cpp:546:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dlg->open();
data/kio-5.74.0/src/kpasswdserver/kpasswdserver.cpp:839:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dlg->open();
data/kio-5.74.0/src/protocoltojson/main.cpp:127:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/kio-5.74.0/src/protocoltojson/main.cpp:156:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outFile.open(QIODevice::WriteOnly | QIODevice::Truncate)) {
data/kio-5.74.0/src/widgets/accessmanagerreply_p.cpp:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, m_data.constData() + m_offset, length);
data/kio-5.74.0/src/widgets/kpropertiesdialog.cpp:2996:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/widgets/kpropertiesdialog.cpp:3199:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/widgets/kpropertiesdialog.cpp:3270:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadWrite)) {
data/kio-5.74.0/src/widgets/kpropertiesdialog.cpp:3424:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/widgets/kpropertiesdialog.cpp:3569:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadWrite)) {
data/kio-5.74.0/src/widgets/kpropertiesdialog.cpp:3690:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly)) {
data/kio-5.74.0/src/widgets/kpropertiesdialog.cpp:3846:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadWrite)) {
data/kio-5.74.0/src/widgets/kpropertiesdialog_p.h:146:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const permissionsTexts[4][4];
data/kio-5.74.0/src/widgets/previewjob.cpp:627:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
localFile.open();
data/kio-5.74.0/src/widgets/previewjob.cpp:721:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (saveFile.open(QIODevice::WriteOnly)) {
data/kio-5.74.0/src/widgets/renamedialog.cpp:97:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/kio-5.74.0/src/widgets/renamedialog.cpp:101:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f2.open(QFile::ReadOnly)) {
data/kio-5.74.0/autotests/http/httpheadertokenizetest.cpp:95:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tokenizeEnd = tokenizer.tokenize(0, strlen(messyHeader));
data/kio-5.74.0/autotests/http/httpheadertokenizetest.cpp:96:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
QCOMPARE(tokenizeEnd, (int)(strlen(messyHeader) - 1));
data/kio-5.74.0/autotests/http/httpheadertokenizetest.cpp:152:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tokenizeEnd = tokenizer.tokenize(0, strlen(redirectHeader));
data/kio-5.74.0/autotests/http/httpheadertokenizetest.cpp:153:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
QCOMPARE(tokenizeEnd, (int)strlen(redirectHeader));
data/kio-5.74.0/autotests/jobremotetest.cpp:365:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fileJob->read(5);
data/kio-5.74.0/autotests/jobremotetest.cpp:436:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fileJob->read(0);
data/kio-5.74.0/autotests/kcookiejar/kcookiejartest.cpp:220:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(buf);
data/kio-5.74.0/autotests/knewfilemenutest.cpp:36:21: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
m_umask = ::umask(0);
data/kio-5.74.0/autotests/knewfilemenutest.cpp:37:11: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
::umask(m_umask);
data/kio-5.74.0/autotests/ktcpsockettest.cpp:109:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void KTcpSocketTest::read()
data/kio-5.74.0/autotests/ktcpsockettest.cpp:122:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Server::read()
data/kio-5.74.0/autotests/ktcpsockettest.cpp:324:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s->read(dummy, 1);
data/kio-5.74.0/autotests/ktcpsockettest.h:28:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read();
data/kio-5.74.0/autotests/ktcpsockettest.h:57:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read();
data/kio-5.74.0/autotests/udsentry_benchmark.cpp:445:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
QVERIFY(equal);
data/kio-5.74.0/src/core/connection.cpp:197:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int Connection::read(int *_cmd, QByteArray &data)
data/kio-5.74.0/src/core/connection_p.h:107:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(int *_cmd, QByteArray &data);
data/kio-5.74.0/src/core/connectionbackend.cpp:64:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray data = socket->read(socket->bytesAvailable() + 1);
data/kio-5.74.0/src/core/connectionbackend.cpp:234:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
socket->read(buffer, sizeof buffer);
data/kio-5.74.0/src/core/connectionbackend.cpp:260:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
task.data = socket->read(len);
data/kio-5.74.0/src/core/filejob.cpp:67:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void FileJob::read(KIO::filesize_t size)
data/kio-5.74.0/src/core/filejob.h:51:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(KIO::filesize_t size);
data/kio-5.74.0/src/core/idleslave.cpp:52:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (d->mConn.read(&cmd, data) == -1) {
data/kio-5.74.0/src/core/kprotocolmanager.cpp:72:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *hptr = host + strlen(host) - 1;
data/kio-5.74.0/src/core/kprotocolmanager.cpp:73:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *nptr = nplist + strlen(nplist) - 1;
data/kio-5.74.0/src/core/ktcpsocket.cpp:486:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return d->sock.read(data, maxSize);
data/kio-5.74.0/src/core/slavebase.cpp:319:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = d->appConnection.read(&cmd, data);
data/kio-5.74.0/src/core/slavebase.cpp:701:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = d->appConnection.read(&cmd, data);
data/kio-5.74.0/src/core/slavebase.cpp:918:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void SlaveBase::read(KIO::filesize_t)
data/kio-5.74.0/src/core/slavebase.cpp:1080:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = d->appConnection.read(&cmd, data);
data/kio-5.74.0/src/core/slavebase.cpp:1384:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(bytes);
data/kio-5.74.0/src/core/slavebase.h:460:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(KIO::filesize_t size);
data/kio-5.74.0/src/core/slaveinterface.cpp:73:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ret = d->connection->read(&cmd, data);
data/kio-5.74.0/src/core/tcpslavebase.cpp:217:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t TCPSlaveBase::read(char *data, ssize_t len)
data/kio-5.74.0/src/core/tcpslavebase.cpp:239:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return d->socket.read(data, len);
data/kio-5.74.0/src/core/tcpslavebase.h:83:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
using SlaveBase::read;
data/kio-5.74.0/src/core/tcpslavebase.h:84:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(char *data, ssize_t len);
data/kio-5.74.0/src/core/transferjob.cpp:399:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 bytesRead = m_outgoingDataSource->read(dataForSlave.data(), MAX_READ_BUF_SIZE);
data/kio-5.74.0/src/filewidgets/knewfilemenu.cpp:549:97: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QMimeType mime = db.mimeTypeForFileNameAndData(m_copyData.m_chosenFileName, srcFile.read(1024));
data/kio-5.74.0/src/gui/faviconrequestjob.cpp:146:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const QImage img = ir.read();
data/kio-5.74.0/src/gui/kprocessrunner.cpp:211:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_desktopName.chop(strlen(".desktop"));
data/kio-5.74.0/src/ioslaves/file/file.cpp:354:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = f.read(buffer, MAX_IPC_SIZE);
data/kio-5.74.0/src/ioslaves/file/file.cpp:435:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void FileProtocol::read(KIO::filesize_t bytes)
data/kio-5.74.0/src/ioslaves/file/file.cpp:442:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 bytesRead = mFile->read(buffer.data(), bytes);
data/kio-5.74.0/src/ioslaves/file/file.h:58:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(KIO::filesize_t size) override;
data/kio-5.74.0/src/ioslaves/file/file_unix.cpp:687:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = ::read(src_file.handle(), buffer, MAX_IPC_SIZE);
data/kio-5.74.0/src/ioslaves/file/sharefd_p.h:35:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return offsetof(struct sockaddr_un, sun_path) + strlen(addr.sun_path) + 1;
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:1939:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = m_data->read(buffer + iBufferCur, iBlockSize);
data/kio-5.74.0/src/ioslaves/ftp/ftp.cpp:2000:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = m_data->read(buffer, 2048);
data/kio-5.74.0/src/ioslaves/help/kio_help.cpp:299:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("<FILENAME filename=\"");
data/kio-5.74.0/src/ioslaves/help/kio_help.cpp:364:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const qint64 n = f.read(array, sizeof(array));
data/kio-5.74.0/src/ioslaves/help/xslt_help.cpp:45:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = fd.read(buffer, 31900)) > 0) {
data/kio-5.74.0/src/ioslaves/http/http.cpp:2069:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int rawRead = TCPSlaveBase::read(buf + bytesRead, size - bytesRead);
data/kio-5.74.0/src/ioslaves/http/http.cpp:2860:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (idx + (int)strlen(term) >= end) {
data/kio-5.74.0/src/ioslaves/http/http.cpp:2864:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(&input[idx], term, strlen(term)) == 0) {
data/kio-5.74.0/src/ioslaves/http/http.cpp:2865:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*pos = idx + strlen(term);
data/kio-5.74.0/src/ioslaves/http/http.cpp:3866:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const QByteArray buffer = m_POSTbuf->read(65536);
data/kio-5.74.0/src/ioslaves/http/http.cpp:4864:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray header = file->read(BinaryCacheFileHeader::size);
data/kio-5.74.0/src/ioslaves/http/http.cpp:5054:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray ret = m_request.cacheTag.file->read(maxLength);
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:251:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray header = file.read(SerializedCacheFileInfo::size);
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:391:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray baIndex = sboard.read(ScoreboardEntry::indexSize);
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:392:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray baRest = sboard.read(ScoreboardEntry::size - ScoreboardEntry::indexSize);
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:459:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray header = file.read(SerializedCacheFileInfo::size);
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:583:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int n = strlen(oldDirs);
data/kio-5.74.0/src/ioslaves/http/http_cache_cleaner.cpp:805:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray recv = sock->read(80);
data/kio-5.74.0/src/ioslaves/http/kcookiejar/kcookiejar.cpp:1496:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = '\0'; // Strip LF.
data/kio-5.74.0/src/ioslaves/http/parsinghelpers.cpp:268:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
QByteArray keyBa = QByteArray::fromRawData(key, strlen(key));
data/kio-5.74.0/src/kntlm/kntlm.cpp:313:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(keyBytes.data(), password.toUpper().toLocal8Bit().constData(), 14);
data/kio-5.74.0/src/kpac/kpac_dhcp_helper.c:255:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wpad, (char *)offs, wpad_len);
data/kio-5.74.0/src/urifilters/shorturi/kshorturifilter.cpp:228:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = cmd.mid(strlen("file://"));
data/kio-5.74.0/src/widgets/renamedialog.cpp:115:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytesRead = f.read(buffer.data(), bufferSize);
data/kio-5.74.0/tests/kioslavetest.cpp:463:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = QByteArray(fileData, strlen(fileData));
ANALYSIS SUMMARY:
Hits = 418
Lines analyzed = 168340 in approximately 9.11 seconds (18478 lines/second)
Physical Source Lines of Code (SLOC) = 113838
Hits@level = [0] 25 [1] 72 [2] 255 [3] 2 [4] 38 [5] 51
Hits@level+ = [0+] 443 [1+] 418 [2+] 346 [3+] 91 [4+] 89 [5+] 51
Hits/KSLOC@level+ = [0+] 3.89149 [1+] 3.67188 [2+] 3.03941 [3+] 0.799382 [4+] 0.781813 [5+] 0.448005
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.