Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kshutdown-4.2/src/bookmarks.h Examining data/kshutdown-4.2/src/udialog.cpp Examining data/kshutdown-4.2/src/progressbar.cpp Examining data/kshutdown-4.2/src/pureqt.h Examining data/kshutdown-4.2/src/kshutdown.h Examining data/kshutdown-4.2/src/main.cpp Examining data/kshutdown-4.2/src/config.h Examining data/kshutdown-4.2/src/preferences.h Examining data/kshutdown-4.2/src/password.h Examining data/kshutdown-4.2/src/usystemtray.h Examining data/kshutdown-4.2/src/udialog.h Examining data/kshutdown-4.2/src/commandline.cpp Examining data/kshutdown-4.2/src/stats.h Examining data/kshutdown-4.2/src/actions/extras.cpp Examining data/kshutdown-4.2/src/actions/lock.cpp Examining data/kshutdown-4.2/src/actions/extras.h Examining data/kshutdown-4.2/src/actions/lock.h Examining data/kshutdown-4.2/src/actions/test.cpp Examining data/kshutdown-4.2/src/actions/bootentry.h Examining data/kshutdown-4.2/src/actions/bootentry.cpp Examining data/kshutdown-4.2/src/actions/test.h Examining data/kshutdown-4.2/src/version.h Examining data/kshutdown-4.2/src/log.h Examining data/kshutdown-4.2/src/log.cpp Examining data/kshutdown-4.2/src/commandline.h Examining data/kshutdown-4.2/src/usystemtray.cpp Examining data/kshutdown-4.2/src/infowidget.h Examining data/kshutdown-4.2/src/utils.cpp Examining data/kshutdown-4.2/src/triggers/idlemonitor.h Examining data/kshutdown-4.2/src/triggers/processmonitor.h Examining data/kshutdown-4.2/src/triggers/idlemonitor.cpp Examining data/kshutdown-4.2/src/triggers/processmonitor.cpp Examining data/kshutdown-4.2/src/mainwindow.h Examining data/kshutdown-4.2/src/mod.h Examining data/kshutdown-4.2/src/bookmarks.cpp Examining data/kshutdown-4.2/src/stats.cpp Examining data/kshutdown-4.2/src/kshutdown.cpp Examining data/kshutdown-4.2/src/preferences.cpp Examining data/kshutdown-4.2/src/infowidget.cpp Examining data/kshutdown-4.2/src/password.cpp Examining data/kshutdown-4.2/src/mainwindow.cpp Examining data/kshutdown-4.2/src/utils.h Examining data/kshutdown-4.2/src/config.cpp Examining data/kshutdown-4.2/src/progressbar.h Examining data/kshutdown-4.2/src/mod.cpp FINAL RESULTS: data/kshutdown-4.2/src/kshutdown.cpp:478:32: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QString timeFormat = QLocale::system() data/kshutdown-4.2/src/main.cpp:190:26: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QString lang = QLocale::system().name(); data/kshutdown-4.2/src/actions/bootentry.cpp:51:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (grubConfigFile.open(QFile::ReadOnly)) { data/kshutdown-4.2/src/actions/extras.cpp:152:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). setStringOption(config->read("Command", "").toString()); data/kshutdown-4.2/src/actions/extras.cpp:399:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool showInfo = config->read("Show Info", true).toBool(); data/kshutdown-4.2/src/actions/lock.cpp:57:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QString customCommand = config->read("Custom Command", "").toString(); data/kshutdown-4.2/src/actions/test.cpp:73:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_textField->setText(config->read("Text", "").toString()); data/kshutdown-4.2/src/bookmarks.cpp:162:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int count = config->read("Count", 0).toInt(); data/kshutdown-4.2/src/bookmarks.cpp:167:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read("Text " + index, "").toString(), data/kshutdown-4.2/src/bookmarks.cpp:169:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read("Action " + index, "").toString(), data/kshutdown-4.2/src/bookmarks.cpp:170:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read("Trigger " + index, "").toString(), data/kshutdown-4.2/src/bookmarks.cpp:171:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read("Action Option " + index, "").toString(), data/kshutdown-4.2/src/bookmarks.cpp:172:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read("Trigger Option " + index, "").toString() data/kshutdown-4.2/src/bookmarks.cpp:174:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bookmarkAction->m_confirmAction = config->read("Confirm Action " + index, true).toBool(); data/kshutdown-4.2/src/config.cpp:126:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVariant Config::read(const QString &key, const QVariant &defaultValue) { data/kshutdown-4.2/src/config.cpp:145:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool result = config->read(key, defaultValue).toBool(); data/kshutdown-4.2/src/config.cpp:217:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_lazyVariant = config->read(m_key, m_defaultVariant); data/kshutdown-4.2/src/config.h:64:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QVariant read(const QString &key, const QVariant &defaultValue); data/kshutdown-4.2/src/kshutdown.cpp:490:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_dateTime = config->read("Date Time", m_dateTime).toDateTime(); data/kshutdown-4.2/src/mainwindow.cpp:1066:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void MainWindow::pluginConfig(const bool read) { data/kshutdown-4.2/src/mainwindow.cpp:1071:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/kshutdown-4.2/src/mainwindow.cpp:1080:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/kshutdown-4.2/src/mainwindow.cpp:1093:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). setSelectedAction(config->read("Selected Action", "shutdown").toString()); data/kshutdown-4.2/src/mainwindow.cpp:1094:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). setSelectedTrigger(config->read("Selected Trigger", "time-from-now").toString()); data/kshutdown-4.2/src/mainwindow.h:131:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static void pluginConfig(const bool read); data/kshutdown-4.2/src/mod.cpp:113:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QString configMod = config->read("Value", "").toString(); data/kshutdown-4.2/src/password.cpp:110:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QString hash = config->read("Hash", "").toString(); data/kshutdown-4.2/src/password.cpp:245:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). config->read("Hash", "").toString().isEmpty() data/kshutdown-4.2/src/preferences.cpp:72:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int currentTabIndex = qBound(0, config->read("Current Tab Index", 0).toInt(), m_tabs->count() - 1); data/kshutdown-4.2/src/preferences.cpp:148:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_lockCommand->setText(config->read("Custom Command", "").toString()); data/kshutdown-4.2/src/stats.cpp:40:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_textView->setPlainText(Utils::read(process, ok)); data/kshutdown-4.2/src/triggers/processmonitor.cpp:145:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_recentCommand = config->read("Recent Command", "").toString(); data/kshutdown-4.2/src/triggers/processmonitor.cpp:272:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QString text = Utils::read(process, ok); data/kshutdown-4.2/src/utils.cpp:326:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QString Utils::read(QProcess &process, bool &ok) { data/kshutdown-4.2/src/utils.h:66:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static QString read(QProcess &process, bool &ok); ANALYSIS SUMMARY: Hits = 35 Lines analyzed = 10054 in approximately 0.98 seconds (10286 lines/second) Physical Source Lines of Code (SLOC) = 6831 Hits@level = [0] 0 [1] 32 [2] 1 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 35 [1+] 35 [2+] 3 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 5.1237 [1+] 5.1237 [2+] 0.439174 [3+] 0.292783 [4+] 0.292783 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.