Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kservice-5.74.0/autotests/ksycoca_xdgdirstest.cpp
Examining data/kservice-5.74.0/autotests/kmimeassociationstest.cpp
Examining data/kservice-5.74.0/autotests/kplugininfotest.cpp
Examining data/kservice-5.74.0/autotests/setupxdgdirs.h
Examining data/kservice-5.74.0/autotests/nsaplugin.h
Examining data/kservice-5.74.0/autotests/nsaplugin.cpp
Examining data/kservice-5.74.0/autotests/kservicetest.cpp
Examining data/kservice-5.74.0/autotests/kplugintradertest.h
Examining data/kservice-5.74.0/autotests/ksycocadicttest.cpp
Examining data/kservice-5.74.0/autotests/kplugintradertest.cpp
Examining data/kservice-5.74.0/autotests/ksycocathreadtest.cpp
Examining data/kservice-5.74.0/autotests/ksycocatest.cpp
Examining data/kservice-5.74.0/autotests/kautostarttest.h
Examining data/kservice-5.74.0/autotests/kapplicationtradertest.cpp
Examining data/kservice-5.74.0/autotests/kautostarttest.cpp
Examining data/kservice-5.74.0/autotests/kservicetest.h
Examining data/kservice-5.74.0/tests/findservice.cpp
Examining data/kservice-5.74.0/tests/kmimeassociations_dumper.cpp
Examining data/kservice-5.74.0/tests/kdbusservicestartertest.cpp
Examining data/kservice-5.74.0/tests/startserviceby.cpp
Examining data/kservice-5.74.0/tests/pluginlocator/plugintest.h
Examining data/kservice-5.74.0/tests/pluginlocator/main.cpp
Examining data/kservice-5.74.0/tests/pluginlocator/plugintest.cpp
Examining data/kservice-5.74.0/tests/kservicegroup_dumper.cpp
Examining data/kservice-5.74.0/src/sycoca/kctimefactory_p.h
Examining data/kservice-5.74.0/src/sycoca/kbuildservicegroupfactory_p.h
Examining data/kservice-5.74.0/src/sycoca/kbuildmimetypefactory.cpp
Examining data/kservice-5.74.0/src/sycoca/kbuildmimetypefactory_p.h
Examining data/kservice-5.74.0/src/sycoca/ksycocaentry_p.h
Examining data/kservice-5.74.0/src/sycoca/ksycocadevices.cpp
Examining data/kservice-5.74.0/src/sycoca/kbuildservicefactory_p.h
Examining data/kservice-5.74.0/src/sycoca/ksycocadict.cpp
Examining data/kservice-5.74.0/src/sycoca/ksycocaentry.h
Examining data/kservice-5.74.0/src/sycoca/kbuildservicegroupfactory.cpp
Examining data/kservice-5.74.0/src/sycoca/kbuildsycocainterface_p.h
Examining data/kservice-5.74.0/src/sycoca/ksycoca_p.h
Examining data/kservice-5.74.0/src/sycoca/ksycocaresourcelist_p.h
Examining data/kservice-5.74.0/src/sycoca/kbuildservicetypefactory.cpp
Examining data/kservice-5.74.0/src/sycoca/kbuildsycoca.cpp
Examining data/kservice-5.74.0/src/sycoca/kbuildservicefactory.cpp
Examining data/kservice-5.74.0/src/sycoca/ksycocafactory_p.h
Examining data/kservice-5.74.0/src/sycoca/kmemfile_p.h
Examining data/kservice-5.74.0/src/sycoca/vfolder_menu.cpp
Examining data/kservice-5.74.0/src/sycoca/kmemfile.cpp
Examining data/kservice-5.74.0/src/sycoca/ksycocaentry.cpp
Examining data/kservice-5.74.0/src/sycoca/kbuildservicetypefactory_p.h
Examining data/kservice-5.74.0/src/sycoca/kbuildsycoca_p.h
Examining data/kservice-5.74.0/src/sycoca/kmimeassociations.cpp
Examining data/kservice-5.74.0/src/sycoca/ksycoca.cpp
Examining data/kservice-5.74.0/src/sycoca/ksycocafactory.cpp
Examining data/kservice-5.74.0/src/sycoca/vfolder_menu_p.h
Examining data/kservice-5.74.0/src/sycoca/ksycoca.h
Examining data/kservice-5.74.0/src/sycoca/kctimefactory.cpp
Examining data/kservice-5.74.0/src/sycoca/kmimeassociations_p.h
Examining data/kservice-5.74.0/src/sycoca/ksycocadevices_p.h
Examining data/kservice-5.74.0/src/sycoca/ksycocautils_p.h
Examining data/kservice-5.74.0/src/sycoca/ksycocatype.h
Examining data/kservice-5.74.0/src/sycoca/ksycocadict_p.h
Examining data/kservice-5.74.0/src/kdeinit/ktoolinvocation.h
Examining data/kservice-5.74.0/src/kdeinit/ktoolinvocation_win.cpp
Examining data/kservice-5.74.0/src/kdeinit/ktoolinvocation.cpp
Examining data/kservice-5.74.0/src/kdeinit/ktoolinvocation_x11.cpp
Examining data/kservice-5.74.0/src/services/kservice.h
Examining data/kservice-5.74.0/src/services/kservice_p.h
Examining data/kservice-5.74.0/src/services/kservicetypetrader.h
Examining data/kservice-5.74.0/src/services/ktraderparse.cpp
Examining data/kservice-5.74.0/src/services/kservicetypeprofile.h
Examining data/kservice-5.74.0/src/services/kserviceaction.cpp
Examining data/kservice-5.74.0/src/services/kapplicationtrader.h
Examining data/kservice-5.74.0/src/services/kautostart.cpp
Examining data/kservice-5.74.0/src/services/kserviceaction.h
Examining data/kservice-5.74.0/src/services/kservicefactory_p.h
Examining data/kservice-5.74.0/src/services/kmimetypetrader.h
Examining data/kservice-5.74.0/src/services/kserviceoffer.cpp
Examining data/kservice-5.74.0/src/services/kserviceoffer.h
Examining data/kservice-5.74.0/src/services/kservicetype.h
Examining data/kservice-5.74.0/src/services/kautostart.h
Examining data/kservice-5.74.0/src/services/kservicetypefactory_p.h
Examining data/kservice-5.74.0/src/services/kservicetype_p.h
Examining data/kservice-5.74.0/src/services/kservicegroup.cpp
Examining data/kservice-5.74.0/src/services/kservicetypeprofile_p.h
Examining data/kservice-5.74.0/src/services/kservicetypeprofile.cpp
Examining data/kservice-5.74.0/src/services/kservicetype.cpp
Examining data/kservice-5.74.0/src/services/kservicegroup_p.h
Examining data/kservice-5.74.0/src/services/kservicetypefactory.cpp
Examining data/kservice-5.74.0/src/services/kservicetypetrader.cpp
Examining data/kservice-5.74.0/src/services/kmimetypefactory.cpp
Examining data/kservice-5.74.0/src/services/kservicegroupfactory_p.h
Examining data/kservice-5.74.0/src/services/kplugininfo.h
Examining data/kservice-5.74.0/src/services/kservice.cpp
Examining data/kservice-5.74.0/src/services/ktraderparsetree.cpp
Examining data/kservice-5.74.0/src/services/ktraderparsetree_p.h
Examining data/kservice-5.74.0/src/services/kservicefactory.cpp
Examining data/kservice-5.74.0/src/services/kservicegroup.h
Examining data/kservice-5.74.0/src/services/kmimetypefactory_p.h
Examining data/kservice-5.74.0/src/services/kapplicationtrader.cpp
Examining data/kservice-5.74.0/src/services/kmimetypetrader.cpp
Examining data/kservice-5.74.0/src/services/kplugininfo.cpp
Examining data/kservice-5.74.0/src/services/kserviceutil_p.h
Examining data/kservice-5.74.0/src/services/ktraderparse_p.h
Examining data/kservice-5.74.0/src/services/kservicegroupfactory.cpp
Examining data/kservice-5.74.0/src/kbuildsycoca/kbuildsycoca_main.cpp
Examining data/kservice-5.74.0/src/plugin/kplugintrader.h
Examining data/kservice-5.74.0/src/plugin/kdbusservicestarter.cpp
Examining data/kservice-5.74.0/src/plugin/kdbusservicestarter.h
Examining data/kservice-5.74.0/src/plugin/kplugintrader.cpp
FINAL RESULTS:
data/kservice-5.74.0/autotests/kmimeassociationstest.cpp:236:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tempFile.open(QIODevice::WriteOnly));
data/kservice-5.74.0/autotests/kmimeassociationstest.cpp:290:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tempFileGlobal.open(QIODevice::WriteOnly));
data/kservice-5.74.0/autotests/kmimeassociationstest.cpp:304:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tempFile.open(QIODevice::WriteOnly));
data/kservice-5.74.0/autotests/kmimeassociationstest.cpp:486:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(mimeAppsFile.open(QIODevice::WriteOnly));
data/kservice-5.74.0/autotests/kplugininfotest.cpp:53:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(jsonFile.open(QFile::ReadOnly));
data/kservice-5.74.0/autotests/kplugininfotest.cpp:66:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(compatJsonFile.open(QFile::ReadOnly));
data/kservice-5.74.0/src/sycoca/kbuildsycoca.cpp:391:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool openedOK = database.open(QIODevice::WriteOnly);
data/kservice-5.74.0/src/sycoca/kbuildsycoca.cpp:395:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
openedOK = database.open(QIODevice::WriteOnly);
data/kservice-5.74.0/src/sycoca/kmemfile.cpp:65:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly)) {
data/kservice-5.74.0/src/sycoca/kmemfile.cpp:131:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool KMemFile::open(OpenMode mode)
data/kservice-5.74.0/src/sycoca/kmemfile.cpp:134:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QIODevice::open(mode);
data/kservice-5.74.0/src/sycoca/kmemfile.cpp:217:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &src[d->readWritePos], bytesToRead);
data/kservice-5.74.0/src/sycoca/kmemfile_p.h:57:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode) override;
data/kservice-5.74.0/src/sycoca/ksycoca.cpp:124:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const bool canRead = m_mmapFile->open(QIODevice::ReadOnly);
data/kservice-5.74.0/src/sycoca/ksycoca.cpp:247:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!device->device()->open(QIODevice::ReadOnly)) {
data/kservice-5.74.0/src/sycoca/ksycoca.cpp:255:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!device->device()->open(QIODevice::ReadOnly)) {
data/kservice-5.74.0/src/sycoca/ksycoca.cpp:262:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!device->device()->open(QIODevice::ReadOnly)) {
data/kservice-5.74.0/src/sycoca/vfolder_menu.cpp:449:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/kservice-5.74.0/src/sycoca/kmemfile.cpp:84:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytesRead = f.read(data, infoPtr->shmDataSize);
ANALYSIS SUMMARY:
Hits = 19
Lines analyzed = 22864 in approximately 1.00 seconds (22915 lines/second)
Physical Source Lines of Code (SLOC) = 14888
Hits@level = [0] 3 [1] 1 [2] 18 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 22 [1+] 19 [2+] 18 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.4777 [1+] 1.2762 [2+] 1.20903 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.