stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kmail-account-wizard-20.08.2/src/personaldatapage.cpp
Examining data/kmail-account-wizard-20.08.2/src/cryptopage.h
Examining data/kmail-account-wizard-20.08.2/src/cryptopage.cpp
Examining data/kmail-account-wizard-20.08.2/src/dialog.cpp
Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabmail.h
Examining data/kmail-account-wizard-20.08.2/src/setuppage.cpp
Examining data/kmail-account-wizard-20.08.2/src/autotests/ldaptest.cpp
Examining data/kmail-account-wizard-20.08.2/src/inprocess-main.cpp
Examining data/kmail-account-wizard-20.08.2/src/inprocess-main.h
Examining data/kmail-account-wizard-20.08.2/src/setupmanager.cpp
Examining data/kmail-account-wizard-20.08.2/src/loadpage.cpp
Examining data/kmail-account-wizard-20.08.2/src/setupmanager.h
Examining data/kmail-account-wizard-20.08.2/src/setupobject.h
Examining data/kmail-account-wizard-20.08.2/src/ldap.cpp
Examining data/kmail-account-wizard-20.08.2/src/setuppage.h
Examining data/kmail-account-wizard-20.08.2/src/providerpage.h
Examining data/kmail-account-wizard-20.08.2/src/dialog.h
Examining data/kmail-account-wizard-20.08.2/src/setupispdb.cpp
Examining data/kmail-account-wizard-20.08.2/src/key.cpp
Examining data/kmail-account-wizard-20.08.2/src/typepage.h
Examining data/kmail-account-wizard-20.08.2/src/ldap.h
Examining data/kmail-account-wizard-20.08.2/src/loadpage.h
Examining data/kmail-account-wizard-20.08.2/src/page.h
Examining data/kmail-account-wizard-20.08.2/src/providerpage.cpp
Examining data/kmail-account-wizard-20.08.2/src/personaldatapage.h
Examining data/kmail-account-wizard-20.08.2/src/key.h
Examining data/kmail-account-wizard-20.08.2/src/identity.cpp
Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabfreebusy.cpp
Examining data/kmail-account-wizard-20.08.2/src/page.cpp
Examining data/kmail-account-wizard-20.08.2/src/resource.cpp
Examining data/kmail-account-wizard-20.08.2/src/setupobject.cpp
Examining data/kmail-account-wizard-20.08.2/src/main.cpp
Examining data/kmail-account-wizard-20.08.2/src/configfile.cpp
Examining data/kmail-account-wizard-20.08.2/src/identity.h
Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabfreebusy.h
Examining data/kmail-account-wizard-20.08.2/src/typepage.cpp
Examining data/kmail-account-wizard-20.08.2/src/servertest.h
Examining data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.cpp
Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabldap.cpp
Examining data/kmail-account-wizard-20.08.2/src/ispdb/autotests/autoconfigkolabmailtest.cpp
Examining data/kmail-account-wizard-20.08.2/src/ispdb/autotests/autoconfigkolabldaptest.cpp
Examining data/kmail-account-wizard-20.08.2/src/ispdb/autotests/ispdbtest.cpp
Examining data/kmail-account-wizard-20.08.2/src/ispdb/autotests/autoconfigkolabfreebusy.cpp
Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabmail.h
Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabmail.cpp
Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabldap.h
Examining data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.h
Examining data/kmail-account-wizard-20.08.2/src/ispdb/main.cpp
Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabfreebusy.h
Examining data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabfreebusy.cpp
Examining data/kmail-account-wizard-20.08.2/src/global.h
Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabldap.h
Examining data/kmail-account-wizard-20.08.2/src/global.cpp
Examining data/kmail-account-wizard-20.08.2/src/resource.h
Examining data/kmail-account-wizard-20.08.2/src/transport.cpp
Examining data/kmail-account-wizard-20.08.2/src/dynamicpage.cpp
Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabmail.cpp
Examining data/kmail-account-wizard-20.08.2/src/servertest.cpp
Examining data/kmail-account-wizard-20.08.2/src/configfile.h
Examining data/kmail-account-wizard-20.08.2/src/setupautoconfigkolabldap.cpp
Examining data/kmail-account-wizard-20.08.2/src/transport.h
Examining data/kmail-account-wizard-20.08.2/src/dynamicpage.h
Examining data/kmail-account-wizard-20.08.2/src/setupispdb.h

FINAL RESULTS:

data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabfreebusy.cpp:28:58:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
void AutoconfigKolabFreebusy::lookupInDb(bool auth, bool crypt)
data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabfreebusy.cpp:34:81:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
    startJob(lookupUrl(QStringLiteral("freebusy"), QStringLiteral("1.0"), auth, crypt));
data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabfreebusy.h:36:37:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
    void lookupInDb(bool auth, bool crypt) override;
data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabldap.cpp:28:54:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
void AutoconfigKolabLdap::lookupInDb(bool auth, bool crypt)
data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabldap.cpp:34:77:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
    startJob(lookupUrl(QStringLiteral("ldap"), QStringLiteral("1.0"), auth, crypt));
data/kmail-account-wizard-20.08.2/src/ispdb/autoconfigkolabldap.h:37:37:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
    void lookupInDb(bool auth, bool crypt) override;
data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.cpp:61:40:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
void Ispdb::lookupInDb(bool auth, bool crypt)
data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.cpp:64:77:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
    startJob(lookupUrl(QStringLiteral("mail"), QStringLiteral("1.1"), auth, crypt));
data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.cpp:79:84:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
QUrl Ispdb::lookupUrl(const QString &type, const QString &version, bool auth, bool crypt)
data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.cpp:95:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
        if (crypt) {
data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.h:127:45:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
    virtual void lookupInDb(bool auth, bool crypt);
data/kmail-account-wizard-20.08.2/src/ispdb/ispdb.h:148:81:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
    QUrl lookupUrl(const QString &type, const QString &version, bool auth, bool crypt);
data/kmail-account-wizard-20.08.2/src/autotests/ldaptest.cpp:38:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        mTempFile.open();
data/kmail-account-wizard-20.08.2/src/cryptopage.cpp:295:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (!keyFile.open(QIODevice::ReadOnly)) {
data/kmail-account-wizard-20.08.2/src/dynamicpage.cpp:43:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (file.open(QFile::ReadOnly)) {

ANALYSIS SUMMARY:

Hits = 15
Lines analyzed = 7609 in approximately 1.15 seconds (6594 lines/second)
Physical Source Lines of Code (SLOC) = 5288
Hits@level = [0]   0 [1]   0 [2]   3 [3]   0 [4]  12 [5]   0
Hits@level+ = [0+]  15 [1+]  15 [2+]  15 [3+]  12 [4+]  12 [5+]   0
Hits/KSLOC@level+ = [0+] 2.83661 [1+] 2.83661 [2+] 2.83661 [3+] 2.26929 [4+] 2.26929 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.