Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/knowthelist-2.3.1/gst/directsound/gstdirectsoundplugin.c
Examining data/knowthelist-2.3.1/gst/directsound/gstdirectsoundsink.c
Examining data/knowthelist-2.3.1/gst/directsound/gstdirectsoundsink.h
Examining data/knowthelist-2.3.1/src/collectiondb.cpp
Examining data/knowthelist-2.3.1/src/collectiondb.h
Examining data/knowthelist-2.3.1/src/collectionsetupmodel.cpp
Examining data/knowthelist-2.3.1/src/collectionsetupmodel.h
Examining data/knowthelist-2.3.1/src/collectiontree.cpp
Examining data/knowthelist-2.3.1/src/collectiontree.h
Examining data/knowthelist-2.3.1/src/collectiontreeitem.cpp
Examining data/knowthelist-2.3.1/src/collectiontreeitem.h
Examining data/knowthelist-2.3.1/src/collectionupdater.cpp
Examining data/knowthelist-2.3.1/src/collectionupdater.h
Examining data/knowthelist-2.3.1/src/collectionwidget.cpp
Examining data/knowthelist-2.3.1/src/collectionwidget.h
Examining data/knowthelist-2.3.1/src/customdial.cpp
Examining data/knowthelist-2.3.1/src/customdial.h
Examining data/knowthelist-2.3.1/src/dj.cpp
Examining data/knowthelist-2.3.1/src/dj.h
Examining data/knowthelist-2.3.1/src/djbrowser.cpp
Examining data/knowthelist-2.3.1/src/djbrowser.h
Examining data/knowthelist-2.3.1/src/djfilterwidget.cpp
Examining data/knowthelist-2.3.1/src/djfilterwidget.h
Examining data/knowthelist-2.3.1/src/djsession.cpp
Examining data/knowthelist-2.3.1/src/djsession.h
Examining data/knowthelist-2.3.1/src/djsettings.cpp
Examining data/knowthelist-2.3.1/src/djsettings.h
Examining data/knowthelist-2.3.1/src/djwidget.cpp
Examining data/knowthelist-2.3.1/src/djwidget.h
Examining data/knowthelist-2.3.1/src/fancytabwidget.cpp
Examining data/knowthelist-2.3.1/src/fancytabwidget.h
Examining data/knowthelist-2.3.1/src/filebrowser.cpp
Examining data/knowthelist-2.3.1/src/filebrowser.h
Examining data/knowthelist-2.3.1/src/filter.cpp
Examining data/knowthelist-2.3.1/src/filter.h
Examining data/knowthelist-2.3.1/src/knowthelist.cpp
Examining data/knowthelist-2.3.1/src/knowthelist.h
Examining data/knowthelist-2.3.1/src/main.cpp
Examining data/knowthelist-2.3.1/src/modeselector.cpp
Examining data/knowthelist-2.3.1/src/modeselector.h
Examining data/knowthelist-2.3.1/src/monitorplayer.cpp
Examining data/knowthelist-2.3.1/src/monitorplayer.h
Examining data/knowthelist-2.3.1/src/player.cpp
Examining data/knowthelist-2.3.1/src/player.h
Examining data/knowthelist-2.3.1/src/playerwidget.cpp
Examining data/knowthelist-2.3.1/src/playerwidget.h
Examining data/knowthelist-2.3.1/src/playlist.cpp
Examining data/knowthelist-2.3.1/src/playlist.h
Examining data/knowthelist-2.3.1/src/playlistbrowser.cpp
Examining data/knowthelist-2.3.1/src/playlistbrowser.h
Examining data/knowthelist-2.3.1/src/playlistitem.cpp
Examining data/knowthelist-2.3.1/src/playlistitem.h
Examining data/knowthelist-2.3.1/src/playlistwidget.cpp
Examining data/knowthelist-2.3.1/src/playlistwidget.h
Examining data/knowthelist-2.3.1/src/progressbar.cpp
Examining data/knowthelist-2.3.1/src/progressbar.h
Examining data/knowthelist-2.3.1/src/qled.cpp
Examining data/knowthelist-2.3.1/src/qled.h
Examining data/knowthelist-2.3.1/src/ratingwidget.cpp
Examining data/knowthelist-2.3.1/src/ratingwidget.h
Examining data/knowthelist-2.3.1/src/settingsdialog.cpp
Examining data/knowthelist-2.3.1/src/settingsdialog.h
Examining data/knowthelist-2.3.1/src/stackdisplay.cpp
Examining data/knowthelist-2.3.1/src/stackdisplay.h
Examining data/knowthelist-2.3.1/src/stylehelper.cpp
Examining data/knowthelist-2.3.1/src/stylehelper.h
Examining data/knowthelist-2.3.1/src/track.cpp
Examining data/knowthelist-2.3.1/src/track.h
Examining data/knowthelist-2.3.1/src/trackanalyser.cpp
Examining data/knowthelist-2.3.1/src/trackanalyser.h
Examining data/knowthelist-2.3.1/src/vumeter.cpp
Examining data/knowthelist-2.3.1/src/vumeter.h
FINAL RESULTS:
data/knowthelist-2.3.1/src/main.cpp:51:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
lang = QLocale::system().name();
data/knowthelist-2.3.1/src/stylehelper.cpp:152:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
key.sprintf("mh_vertical %d %d %d %d %d",
data/knowthelist-2.3.1/gst/directsound/gstdirectsoundsink.c:663:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pLockedBuffer1, data, dwSizeBuffer1);
data/knowthelist-2.3.1/gst/directsound/gstdirectsoundsink.c:665:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pLockedBuffer2, (LPBYTE) data + dwSizeBuffer1, dwSizeBuffer2);
data/knowthelist-2.3.1/src/djfilterwidget.cpp:237:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void DjFilterWidget::slideCloseWidget(bool open)
data/knowthelist-2.3.1/src/djfilterwidget.cpp:239:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p->targetWidth = (open) ? 70 : 0;
data/knowthelist-2.3.1/src/djfilterwidget.h:38:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void slideCloseWidget(bool open);
data/knowthelist-2.3.1/src/djsession.cpp:363:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly))
data/knowthelist-2.3.1/src/djwidget.cpp:185:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void DjWidget::slideCloseWidget(bool open)
data/knowthelist-2.3.1/src/djwidget.cpp:187:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p->targetWidth = (open) ? 70 : 0;
data/knowthelist-2.3.1/src/djwidget.h:36:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void slideCloseWidget(bool open);
data/knowthelist-2.3.1/src/knowthelist.cpp:664:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
monitorPlayer->open(track->url());
data/knowthelist-2.3.1/src/main.cpp:91:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open()) {
data/knowthelist-2.3.1/src/monitorplayer.cpp:223:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void MonitorPlayer::open(QUrl url)
data/knowthelist-2.3.1/src/monitorplayer.h:48:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(QUrl url);
data/knowthelist-2.3.1/src/player.cpp:264:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Player::open(QUrl url)
data/knowthelist-2.3.1/src/player.h:38:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(QUrl url);
data/knowthelist-2.3.1/src/playerwidget.cpp:306:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
player->open(url);
data/knowthelist-2.3.1/src/playerwidget.cpp:309:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
trackanalyser->open(url);
data/knowthelist-2.3.1/src/playlist.cpp:467:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly))
data/knowthelist-2.3.1/src/playlist.cpp:531:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly)) {
data/knowthelist-2.3.1/src/playlistbrowser.cpp:331:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( file.open( QFile::ReadOnly ) )
data/knowthelist-2.3.1/src/playlistbrowser.cpp:396:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( file.open( QFile::ReadOnly ) )
data/knowthelist-2.3.1/src/playlistwidget.cpp:180:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void PlaylistWidget::slideCloseWidget(bool open)
data/knowthelist-2.3.1/src/playlistwidget.cpp:182:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p->targetWidth = (open) ? 70 : 0;
data/knowthelist-2.3.1/src/playlistwidget.h:25:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void slideCloseWidget(bool open);
data/knowthelist-2.3.1/src/trackanalyser.cpp:232:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TrackAnalyser::open(QUrl url)
data/knowthelist-2.3.1/src/trackanalyser.h:38:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(QUrl url);
ANALYSIS SUMMARY:
Hits = 28
Lines analyzed = 15307 in approximately 1.20 seconds (12741 lines/second)
Physical Source Lines of Code (SLOC) = 11062
Hits@level = [0] 0 [1] 0 [2] 26 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 28 [1+] 28 [2+] 28 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 2.53119 [1+] 2.53119 [2+] 2.53119 [3+] 0.180799 [4+] 0.180799 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.