Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/krename-5.0.1/autotests/krenamefiletest.cpp Examining data/krename-5.0.1/autotests/krenamefiletest.h Examining data/krename-5.0.1/src/batchrenamer.cpp Examining data/krename-5.0.1/src/batchrenamer.h Examining data/krename-5.0.1/src/customdialog.cpp Examining data/krename-5.0.1/src/customdialog.h Examining data/krename-5.0.1/src/datetimeplugin.cpp Examining data/krename-5.0.1/src/datetimeplugin.h Examining data/krename-5.0.1/src/dirsortplugin.cpp Examining data/krename-5.0.1/src/dirsortplugin.h Examining data/krename-5.0.1/src/exiv2plugin.cpp Examining data/krename-5.0.1/src/exiv2plugin.h Examining data/krename-5.0.1/src/exthistorycombo.cpp Examining data/krename-5.0.1/src/exthistorycombo.h Examining data/krename-5.0.1/src/filedialogextwidget.cpp Examining data/krename-5.0.1/src/filedialogextwidget.h Examining data/krename-5.0.1/src/fileplugin.cpp Examining data/krename-5.0.1/src/fileplugin.h Examining data/krename-5.0.1/src/firststartdlg.cpp Examining data/krename-5.0.1/src/firststartdlg.h Examining data/krename-5.0.1/src/fontplugin.cpp Examining data/krename-5.0.1/src/fontplugin.h Examining data/krename-5.0.1/src/increasecounterplugin.cpp Examining data/krename-5.0.1/src/increasecounterplugin.h Examining data/krename-5.0.1/src/insertpartfilenamedlg.cpp Examining data/krename-5.0.1/src/insertpartfilenamedlg.h Examining data/krename-5.0.1/src/krenamefile.cpp Examining data/krename-5.0.1/src/krenamefile.h Examining data/krename-5.0.1/src/krenameimpl.cpp Examining data/krename-5.0.1/src/krenameimpl.h Examining data/krename-5.0.1/src/krenamelistview.cpp Examining data/krename-5.0.1/src/krenamelistview.h Examining data/krename-5.0.1/src/krenamemodel.cpp Examining data/krename-5.0.1/src/krenamemodel.h Examining data/krename-5.0.1/src/krenametest.cpp Examining data/krename-5.0.1/src/krenametest.h Examining data/krename-5.0.1/src/krenametokensorter.cpp Examining data/krename-5.0.1/src/krenametokensorter.h Examining data/krename-5.0.1/src/krenamewindow.cpp Examining data/krename-5.0.1/src/krenamewindow.h Examining data/krename-5.0.1/src/main.cpp Examining data/krename-5.0.1/src/modeltest.cpp Examining data/krename-5.0.1/src/modeltest.h Examining data/krename-5.0.1/src/numberdialog.cpp Examining data/krename-5.0.1/src/numberdialog.h Examining data/krename-5.0.1/src/permissionsplugin.cpp Examining data/krename-5.0.1/src/permissionsplugin.h Examining data/krename-5.0.1/src/plugin.cpp Examining data/krename-5.0.1/src/plugin.h Examining data/krename-5.0.1/src/pluginloader.cpp Examining data/krename-5.0.1/src/pluginloader.h Examining data/krename-5.0.1/src/podofoplugin.cpp Examining data/krename-5.0.1/src/podofoplugin.h Examining data/krename-5.0.1/src/previewlist.cpp Examining data/krename-5.0.1/src/previewlist.h Examining data/krename-5.0.1/src/progressdialog.cpp Examining data/krename-5.0.1/src/progressdialog.h Examining data/krename-5.0.1/src/replacedialog.cpp Examining data/krename-5.0.1/src/replacedialog.h Examining data/krename-5.0.1/src/richtextitemdelegate.cpp Examining data/krename-5.0.1/src/richtextitemdelegate.h Examining data/krename-5.0.1/src/scriptplugin.cpp Examining data/krename-5.0.1/src/scriptplugin.h Examining data/krename-5.0.1/src/selectionsafelineedit.h Examining data/krename-5.0.1/src/snumplugin.cpp Examining data/krename-5.0.1/src/snumplugin.h Examining data/krename-5.0.1/src/startupinfo.cpp Examining data/krename-5.0.1/src/startupinfo.h Examining data/krename-5.0.1/src/systemplugin.cpp Examining data/krename-5.0.1/src/systemplugin.h Examining data/krename-5.0.1/src/taglibplugin.cpp Examining data/krename-5.0.1/src/taglibplugin.h Examining data/krename-5.0.1/src/threadedlister.cpp Examining data/krename-5.0.1/src/threadedlister.h Examining data/krename-5.0.1/src/tokenhelpdialog.cpp Examining data/krename-5.0.1/src/tokenhelpdialog.h Examining data/krename-5.0.1/src/tokensortmodedialog.cpp Examining data/krename-5.0.1/src/tokensortmodedialog.h Examining data/krename-5.0.1/src/translitplugin.cpp Examining data/krename-5.0.1/src/translitplugin.h FINAL RESULTS: data/krename-5.0.1/src/batchrenamer.cpp:756:13: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod((const char *)m_undoScript, (unsigned int) S_IRUSR | S_IWUSR | S_IXUSR)) { data/krename-5.0.1/src/permissionsplugin.cpp:125:13: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(filename.toUtf8().data(), (mode_t)m_curPermission) == -1) { data/krename-5.0.1/src/permissionsplugin.cpp:134:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(filename.toUtf8().data(), uid, gid)) { data/krename-5.0.1/src/batchrenamer.cpp:494:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. number.sprintf("%0*i", length, m_counters[m_counter_index].value); data/krename-5.0.1/src/batchrenamer.cpp:933:27: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. token = token.sprintf("%0*i", numwidth, n); data/krename-5.0.1/src/dirsortplugin.cpp:154:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. dir.sprintf("%0*i", m_digits, m_dirCounter); data/krename-5.0.1/src/increasecounterplugin.cpp:62:33: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return (prenum + tmpstr.sprintf("%0*li", splitit.cap(2).length(), tmp) + postnum); data/krename-5.0.1/src/krenametest.cpp:110:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(m_buffer, KRenameTest::BUFFER_LENGTH, format, args); data/krename-5.0.1/src/krenametest.cpp:263:61: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. RUN_TOKEN_TEST("## Test", "##", filename, QString().sprintf("%02i", 0)); data/krename-5.0.1/src/krenametest.cpp:264:63: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. RUN_TOKEN_TEST("### Test", "###", filename, QString().sprintf("%03i", 0)); data/krename-5.0.1/src/krenametest.cpp:265:65: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. RUN_TOKEN_TEST("#### Test", "####", filename, QString().sprintf("%04i", 0)); data/krename-5.0.1/src/krenametest.cpp:266:67: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. RUN_TOKEN_TEST("##### Test", "#####", filename, QString().sprintf("%05i", 0)); data/krename-5.0.1/src/krenametest.cpp:268:79: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. RUN_TOKEN_TEST("####{100;2} Test", "####{100;2}", filename, QString().sprintf("%04i", 100)); data/krename-5.0.1/src/krenametest.cpp:270:34: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. QString().sprintf("%04i", 2) + QString().sprintf("%02i", 0)); data/krename-5.0.1/src/krenametest.cpp:270:65: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. QString().sprintf("%04i", 2) + QString().sprintf("%02i", 0)); data/krename-5.0.1/src/krenametest.cpp:298:81: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. RUN_TOKEN_TEST("[####length] Test", "[####length]", filename, QString().sprintf("%04i", filename.length())); data/krename-5.0.1/src/krenametest.cpp:299:85: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. RUN_TOKEN_TEST("[####length-0] Test", "[####length-0]", filename, QString().sprintf("%04i", filename.length())); data/krename-5.0.1/src/krenametest.cpp:300:85: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. RUN_TOKEN_TEST("[####length-1] Test", "[####length-1]", filename, QString().sprintf("%04i", filename.length() - 1)); data/krename-5.0.1/src/krenametest.cpp:301:85: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. RUN_TOKEN_TEST("[####length-2] Test", "[####length-2]", filename, QString().sprintf("%04i", filename.length() - 2)); data/krename-5.0.1/src/krenametest.cpp:552:22: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. expected.sprintf("%0*i", length, cur); data/krename-5.0.1/src/systemplugin.cpp:106:20: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return tmp.sprintf("%0*i", 2, d.month()); data/krename-5.0.1/src/systemplugin.cpp:108:20: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return tmp.sprintf("%0*i", 2, d.day()); data/krename-5.0.1/src/systemplugin.cpp:110:36: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. QString hour = QString().sprintf("%0*i", 2, t.hour()); data/krename-5.0.1/src/systemplugin.cpp:111:36: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. QString minute = QString().sprintf("%0*i", 2, t.minute()); data/krename-5.0.1/src/systemplugin.cpp:112:36: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. QString second = QString().sprintf("%0*i", 2, t.second()); data/krename-5.0.1/src/systemplugin.cpp:115:20: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return tmp.sprintf("%0*i", 2, t.hour()); data/krename-5.0.1/src/systemplugin.cpp:117:20: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return tmp.sprintf("%0*i", 2, t.minute()); data/krename-5.0.1/src/systemplugin.cpp:119:20: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. return tmp.sprintf("%0*i", 2, t.second()); data/krename-5.0.1/src/krenametokensorter.cpp:113:41: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return static_cast<double>(KRandom::random()) / static_cast<double>(RAND_MAX) < 0.5; data/krename-5.0.1/src/batchrenamer.cpp:645:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fundo->open(IO_WriteOnly)) { data/krename-5.0.1/src/exiv2plugin.cpp:398:53: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). Image::AutoPtr image = Exiv2::ImageFactory::open(strFilename); data/krename-5.0.1/src/krenametest.h:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_buffer[BUFFER_LENGTH]; ///< buffer in which messages are constructed data/krename-5.0.1/src/krenamewindow.h:80:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *pageTitles[KRenameWindow::MAX_PAGES]; data/krename-5.0.1/src/krenamewindow.h:82:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *pageIcons[KRenameWindow::MAX_PAGES]; data/krename-5.0.1/src/replacedialog.cpp:90:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QIODevice::WriteOnly | QIODevice::Text)) { data/krename-5.0.1/src/replacedialog.cpp:151:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly | QFile::Text)) { data/krename-5.0.1/src/scriptplugin.cpp:324:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly | QIODevice::Text)) { ANALYSIS SUMMARY: Hits = 37 Lines analyzed = 15870 in approximately 0.92 seconds (17229 lines/second) Physical Source Lines of Code (SLOC) = 9279 Hits@level = [0] 0 [1] 0 [2] 8 [3] 1 [4] 25 [5] 3 Hits@level+ = [0+] 37 [1+] 37 [2+] 37 [3+] 29 [4+] 28 [5+] 3 Hits/KSLOC@level+ = [0+] 3.9875 [1+] 3.9875 [2+] 3.9875 [3+] 3.12534 [4+] 3.01757 [5+] 0.323311 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.