Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ktp-text-ui-20.08.0/filters/geopoint/geopoint-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/geopoint/geopoint-filter.h
Examining data/ktp-text-ui-20.08.0/filters/emoticons/emoticon-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/emoticons/emoticon-filter.h
Examining data/ktp-text-ui-20.08.0/filters/emoticons/emoticon-config.h
Examining data/ktp-text-ui-20.08.0/filters/emoticons/emoticon-config.cpp
Examining data/ktp-text-ui-20.08.0/filters/searchexpansion/searchexpansion-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/searchexpansion/searchexpansion-filter.h
Examining data/ktp-text-ui-20.08.0/filters/youtube/youtube-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/youtube/youtube-filter.h
Examining data/ktp-text-ui-20.08.0/filters/highlight/highlight-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/highlight/highlight-filter.h
Examining data/ktp-text-ui-20.08.0/filters/urlexpansion/urlexpansion-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/urlexpansion/urlexpansion-filter.h
Examining data/ktp-text-ui-20.08.0/filters/formatting/format-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/formatting/format-filter.h
Examining data/ktp-text-ui-20.08.0/filters/images/images-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/images/images-filter.h
Examining data/ktp-text-ui-20.08.0/filters/bugzilla/bugzilla-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/bugzilla/bugzilla-filter.h
Examining data/ktp-text-ui-20.08.0/filters/otr/otr-filter.h
Examining data/ktp-text-ui-20.08.0/filters/otr/otr-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/latex/latex-filter.h
Examining data/ktp-text-ui-20.08.0/filters/latex/latex-config.cpp
Examining data/ktp-text-ui-20.08.0/filters/latex/latex-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/latex/latex-config.h
Examining data/ktp-text-ui-20.08.0/filters/texttospeech/tts-filter.cpp
Examining data/ktp-text-ui-20.08.0/filters/texttospeech/tts-filter.h
Examining data/ktp-text-ui-20.08.0/lib/otr-status.cpp
Examining data/ktp-text-ui-20.08.0/lib/adium-theme-message-info.h
Examining data/ktp-text-ui-20.08.0/lib/notify-filter.cpp
Examining data/ktp-text-ui-20.08.0/lib/chat-style-plist-file-reader.cpp
Examining data/ktp-text-ui-20.08.0/lib/adium-theme-message-info.cpp
Examining data/ktp-text-ui-20.08.0/lib/channel-contact-model.h
Examining data/ktp-text-ui-20.08.0/lib/text-chat-config.h
Examining data/ktp-text-ui-20.08.0/lib/otr-notifications.h
Examining data/ktp-text-ui-20.08.0/lib/chat-window-style-manager.h
Examining data/ktp-text-ui-20.08.0/lib/contact-delegate.cpp
Examining data/ktp-text-ui-20.08.0/lib/adium-theme-status-info.cpp
Examining data/ktp-text-ui-20.08.0/lib/chat-search-bar.cpp
Examining data/ktp-text-ui-20.08.0/lib/adium-theme-content-info.h
Examining data/ktp-text-ui-20.08.0/lib/contact-delegate.h
Examining data/ktp-text-ui-20.08.0/lib/chat-text-edit.cpp
Examining data/ktp-text-ui-20.08.0/lib/chat-window-style.cpp
Examining data/ktp-text-ui-20.08.0/lib/adium-theme-status-info.h
Examining data/ktp-text-ui-20.08.0/lib/otr-notifications.cpp
Examining data/ktp-text-ui-20.08.0/lib/emoticons-manager.h
Examining data/ktp-text-ui-20.08.0/lib/chat-widget.h
Examining data/ktp-text-ui-20.08.0/lib/types.h
Examining data/ktp-text-ui-20.08.0/lib/chat-window-style.h
Examining data/ktp-text-ui-20.08.0/lib/channel-contact-model.cpp
Examining data/ktp-text-ui-20.08.0/lib/adium-theme-content-info.cpp
Examining data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp
Examining data/ktp-text-ui-20.08.0/lib/adium-theme-header-info.h
Examining data/ktp-text-ui-20.08.0/lib/ktp-debug.cpp
Examining data/ktp-text-ui-20.08.0/lib/chat-text-edit.h
Examining data/ktp-text-ui-20.08.0/lib/proxy-service.h
Examining data/ktp-text-ui-20.08.0/lib/emoticons-manager.cpp
Examining data/ktp-text-ui-20.08.0/lib/ktpchat_export.h
Examining data/ktp-text-ui-20.08.0/lib/notify-filter.h
Examining data/ktp-text-ui-20.08.0/lib/proxy-service.cpp
Examining data/ktp-text-ui-20.08.0/lib/authenticationwizard.h
Examining data/ktp-text-ui-20.08.0/lib/ktp-debug.h
Examining data/ktp-text-ui-20.08.0/lib/authenticationwizard.cpp
Examining data/ktp-text-ui-20.08.0/lib/otr-status.h
Examining data/ktp-text-ui-20.08.0/lib/chat-window-style-manager.cpp
Examining data/ktp-text-ui-20.08.0/lib/chat-search-bar.h
Examining data/ktp-text-ui-20.08.0/lib/chat-style-plist-file-reader.h
Examining data/ktp-text-ui-20.08.0/lib/adium-theme-view.h
Examining data/ktp-text-ui-20.08.0/lib/chat-widget.cpp
Examining data/ktp-text-ui-20.08.0/lib/adium-theme-header-info.cpp
Examining data/ktp-text-ui-20.08.0/lib/text-chat-config.cpp
Examining data/ktp-text-ui-20.08.0/app/emoticon-text-edit-selector.h
Examining data/ktp-text-ui-20.08.0/app/defines.h
Examining data/ktp-text-ui-20.08.0/app/emoticon-text-edit-action.h
Examining data/ktp-text-ui-20.08.0/app/chat-window.cpp
Examining data/ktp-text-ui-20.08.0/app/chat-tab.cpp
Examining data/ktp-text-ui-20.08.0/app/telepathy-chat-ui.h
Examining data/ktp-text-ui-20.08.0/app/emoticon-text-edit-selector.cpp
Examining data/ktp-text-ui-20.08.0/app/telepathy-chat-ui.cpp
Examining data/ktp-text-ui-20.08.0/app/emoticon-text-edit-action.cpp
Examining data/ktp-text-ui-20.08.0/app/chat-window.h
Examining data/ktp-text-ui-20.08.0/app/main.cpp
Examining data/ktp-text-ui-20.08.0/app/chat-tab.h
Examining data/ktp-text-ui-20.08.0/app/invite-contact-dialog.cpp
Examining data/ktp-text-ui-20.08.0/app/invite-contact-dialog.h
Examining data/ktp-text-ui-20.08.0/logviewer/dates-model.cpp
Examining data/ktp-text-ui-20.08.0/logviewer/entity-filter-model.cpp
Examining data/ktp-text-ui-20.08.0/logviewer/entity-view.h
Examining data/ktp-text-ui-20.08.0/logviewer/logs-import-dialog.h
Examining data/ktp-text-ui-20.08.0/logviewer/person-entity-merge-model.h
Examining data/ktp-text-ui-20.08.0/logviewer/debug.h
Examining data/ktp-text-ui-20.08.0/logviewer/dates-view-delegate.h
Examining data/ktp-text-ui-20.08.0/logviewer/dates-view-delegate.cpp
Examining data/ktp-text-ui-20.08.0/logviewer/entity-view-delegate.h
Examining data/ktp-text-ui-20.08.0/logviewer/entity-filter-model.h
Examining data/ktp-text-ui-20.08.0/logviewer/message-view.h
Examining data/ktp-text-ui-20.08.0/logviewer/log-viewer.h
Examining data/ktp-text-ui-20.08.0/logviewer/main.cpp
Examining data/ktp-text-ui-20.08.0/logviewer/entity-model.cpp
Examining data/ktp-text-ui-20.08.0/logviewer/log-viewer.cpp
Examining data/ktp-text-ui-20.08.0/logviewer/entity-model.h
Examining data/ktp-text-ui-20.08.0/logviewer/logs-import-dialog.cpp
Examining data/ktp-text-ui-20.08.0/logviewer/entity-view-delegate.cpp
Examining data/ktp-text-ui-20.08.0/logviewer/entity-view.cpp
Examining data/ktp-text-ui-20.08.0/logviewer/config/behavior-config.h
Examining data/ktp-text-ui-20.08.0/logviewer/config/behavior-config.cpp
Examining data/ktp-text-ui-20.08.0/logviewer/message-view.cpp
Examining data/ktp-text-ui-20.08.0/logviewer/dates-model.h
Examining data/ktp-text-ui-20.08.0/logviewer/person-entity-merge-model.cpp
Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/emoticon-set-installer.h
Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/chat-style-installer.h
Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/bundle-installer.h
Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/adiumxtra-protocol-handler.h
Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/adiumxtra-protocol-handler.cpp
Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/chat-style-installer.cpp
Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/main.cpp
Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/bundle-installer.cpp
Examining data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/emoticon-set-installer.cpp
Examining data/ktp-text-ui-20.08.0/config/appearance/appearance-config-tab.cpp
Examining data/ktp-text-ui-20.08.0/config/appearance/appearance-config-tab.h
Examining data/ktp-text-ui-20.08.0/config/appearance/appearance-config.cpp
Examining data/ktp-text-ui-20.08.0/config/appearance/appearance-config.h
Examining data/ktp-text-ui-20.08.0/config/messages/messages-config.h
Examining data/ktp-text-ui-20.08.0/config/messages/messages-config.cpp
Examining data/ktp-text-ui-20.08.0/config/otr/otr-config.h
Examining data/ktp-text-ui-20.08.0/config/otr/otr-config.cpp
Examining data/ktp-text-ui-20.08.0/config/behavior/behavior-config.h
Examining data/ktp-text-ui-20.08.0/config/behavior/behavior-config.cpp
Examining data/ktp-text-ui-20.08.0/image-sharer/mpform.h
Examining data/ktp-text-ui-20.08.0/image-sharer/imgursharer.cpp
Examining data/ktp-text-ui-20.08.0/image-sharer/abstractsharer.cpp
Examining data/ktp-text-ui-20.08.0/image-sharer/shareprovider.h
Examining data/ktp-text-ui-20.08.0/image-sharer/imagebinsharer.h
Examining data/ktp-text-ui-20.08.0/image-sharer/abstractsharer.h
Examining data/ktp-text-ui-20.08.0/image-sharer/imgursharer.h
Examining data/ktp-text-ui-20.08.0/image-sharer/shareprovider.cpp
Examining data/ktp-text-ui-20.08.0/image-sharer/simplestimagehostingsharer.cpp
Examining data/ktp-text-ui-20.08.0/image-sharer/imagebinsharer.cpp
Examining data/ktp-text-ui-20.08.0/image-sharer/imagesharer_export.h
Examining data/ktp-text-ui-20.08.0/image-sharer/mpform.cpp
Examining data/ktp-text-ui-20.08.0/image-sharer/simplestimagehostingsharer.h
FINAL RESULTS:
data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:643:66: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
htmlTemplate.replace(QLatin1String("%timeOpened%"), QLocale::system().toString(info.timeOpened().time()));
data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:644:66: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
htmlTemplate.replace(QLatin1String("%dateOpened%"), QLocale::system().toString(info.timeOpened().date(), QLocale::LongFormat));
data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:648:104: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
"Conversation began %1", QLocale::system().toString(info.timeOpened().time())));
data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:652:96: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
"Joined at %1", QLocale::system().toString(info.timeOpened().time())));
data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:719:60: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
htmlTemplate.replace(QLatin1String("%time%"), QLocale::system().toString(info.time().time()));
data/ktp-text-ui-20.08.0/lib/adium-theme-view.cpp:721:65: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
htmlTemplate.replace(QLatin1String("%shortTime%"), QLocale::system().toString(info.time().time(), QLocale::ShortFormat));
data/ktp-text-ui-20.08.0/logviewer/dates-model.cpp:332:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QLocale::system().toString(node->date, QLocale::ShortFormat);
data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/adiumxtra-protocol-handler.cpp:65:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tmpFile->open()) {
data/ktp-text-ui-20.08.0/adiumxtra-protocol-handler/adiumxtra-protocol-handler.cpp:101:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!archive->open(QIODevice::ReadOnly)) {
data/ktp-text-ui-20.08.0/filters/latex/latex-filter.cpp:94:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!texFile.open()) {
data/ktp-text-ui-20.08.0/filters/latex/latex-filter.cpp:157:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/ktp-text-ui-20.08.0/filters/urlexpansion/urlexpansion-filter.cpp:52:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool b = servicesFile.open(QIODevice::ReadOnly);
data/ktp-text-ui-20.08.0/image-sharer/mpform.cpp:114:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!imageFile.open(QIODevice::ReadOnly))
data/ktp-text-ui-20.08.0/image-sharer/shareprovider.cpp:142:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
KIO::FileJob *fjob = KIO::open(mjob->url(), QIODevice::ReadOnly);
data/ktp-text-ui-20.08.0/image-sharer/shareprovider.cpp:143:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(fjob, SIGNAL(open(KIO::Job*)), this, SLOT(onFileOpened(KIO::Job*)));
data/ktp-text-ui-20.08.0/lib/chat-style-plist-file-reader.cpp:57:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/ktp-text-ui-20.08.0/lib/chat-widget.cpp:481:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmpFile.open()) {
data/ktp-text-ui-20.08.0/lib/chat-window-style-manager.cpp:144:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!archive->open(QIODevice::ReadOnly)) {
data/ktp-text-ui-20.08.0/lib/chat-window-style-manager.cpp:148:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!archive->open(QIODevice::ReadOnly)) {
data/ktp-text-ui-20.08.0/lib/chat-window-style-manager.cpp:160:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (archive == 0 || !archive->open(QIODevice::ReadOnly)) {
data/ktp-text-ui-20.08.0/lib/chat-window-style.cpp:406:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileAccess.open(QIODevice::ReadOnly);
data/ktp-text-ui-20.08.0/lib/chat-window-style.cpp:457:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileAccess.open(QIODevice::ReadOnly);
data/ktp-text-ui-20.08.0/image-sharer/shareprovider.cpp:152:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fjob->read(fjob->size());
ANALYSIS SUMMARY:
Hits = 23
Lines analyzed = 19619 in approximately 0.96 seconds (20420 lines/second)
Physical Source Lines of Code (SLOC) = 12707
Hits@level = [0] 0 [1] 1 [2] 15 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 23 [1+] 23 [2+] 22 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 1.81003 [1+] 1.81003 [2+] 1.73133 [3+] 0.550877 [4+] 0.550877 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.