Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kuserfeedback-1.0.0/tests/feedbackconfigwidgettest.cpp Examining data/kuserfeedback-1.0.0/tests/orwell.h Examining data/kuserfeedback-1.0.0/tests/notificationpopuptest.cpp Examining data/kuserfeedback-1.0.0/tests/orwell.cpp Examining data/kuserfeedback-1.0.0/autotests/timeaggregationmodeltest.cpp Examining data/kuserfeedback-1.0.0/autotests/openglinfosourcetest.cpp Examining data/kuserfeedback-1.0.0/autotests/providertest.cpp Examining data/kuserfeedback-1.0.0/autotests/schemamodeltest.cpp Examining data/kuserfeedback-1.0.0/autotests/categoryaggregationmodeltest.cpp Examining data/kuserfeedback-1.0.0/autotests/selectionratiosourcetest.cpp Examining data/kuserfeedback-1.0.0/autotests/feedbackconfigtest.cpp Examining data/kuserfeedback-1.0.0/autotests/serverinfotest.cpp Examining data/kuserfeedback-1.0.0/autotests/schematemplatetest.cpp Examining data/kuserfeedback-1.0.0/autotests/servercontroller.h Examining data/kuserfeedback-1.0.0/autotests/datamodeltest.cpp Examining data/kuserfeedback-1.0.0/autotests/surveyapitest.cpp Examining data/kuserfeedback-1.0.0/autotests/producttest.cpp Examining data/kuserfeedback-1.0.0/autotests/surveyprovidertest.cpp Examining data/kuserfeedback-1.0.0/autotests/ratiosetaggregationmodeltest.cpp Examining data/kuserfeedback-1.0.0/autotests/productmodeltest.cpp Examining data/kuserfeedback-1.0.0/autotests/surveytargetexpressiontest.cpp Examining data/kuserfeedback-1.0.0/autotests/numericaggregationmodeltest.cpp Examining data/kuserfeedback-1.0.0/autotests/datasourcetest.cpp Examining data/kuserfeedback-1.0.0/autotests/productapitest.cpp Examining data/kuserfeedback-1.0.0/autotests/servercontroller.cpp Examining data/kuserfeedback-1.0.0/autotests/sampletest.cpp Examining data/kuserfeedback-1.0.0/autotests/submittest.cpp Examining data/kuserfeedback-1.0.0/src/common/surveytargetexpression.h Examining data/kuserfeedback-1.0.0/src/common/surveytargetexpression.cpp Examining data/kuserfeedback-1.0.0/src/common/surveytargetexpressionparser.h Examining data/kuserfeedback-1.0.0/src/common/surveytargetexpressionevaluator.h Examining data/kuserfeedback-1.0.0/src/common/surveytargetexpressionevaluator.cpp Examining data/kuserfeedback-1.0.0/src/common/surveytargetexpressionparser.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/startcountsource.h Examining data/kuserfeedback-1.0.0/src/provider/core/auditloguicontroller.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/localeinfosource.h Examining data/kuserfeedback-1.0.0/src/provider/core/feedbackconfiguicontroller.h Examining data/kuserfeedback-1.0.0/src/provider/core/platforminfosource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/applicationversionsource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/propertyratiosource.h Examining data/kuserfeedback-1.0.0/src/provider/core/selectionratiosource.h Examining data/kuserfeedback-1.0.0/src/provider/core/usagetimesource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/openglinfosource.h Examining data/kuserfeedback-1.0.0/src/provider/core/abstractdatasource_p.h Examining data/kuserfeedback-1.0.0/src/provider/core/openglinfosource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/startcountsource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/qtversionsource.h Examining data/kuserfeedback-1.0.0/src/provider/core/provider.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/provider_p.h Examining data/kuserfeedback-1.0.0/src/provider/core/feedbackconfiguicontroller.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/surveyinfo.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/qtversionsource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/applicationversionsource.h Examining data/kuserfeedback-1.0.0/src/provider/core/abstractdatasource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/provider.h Examining data/kuserfeedback-1.0.0/src/provider/core/qpainfosource.h Examining data/kuserfeedback-1.0.0/src/provider/core/compilerinfosource.h Examining data/kuserfeedback-1.0.0/src/provider/core/logging_p.h Examining data/kuserfeedback-1.0.0/src/provider/core/usagetimesource.h Examining data/kuserfeedback-1.0.0/src/provider/core/openglinfosource_p.h Examining data/kuserfeedback-1.0.0/src/provider/core/propertyratiosource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/platforminfosource.h Examining data/kuserfeedback-1.0.0/src/provider/core/screeninfosource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/compilerinfosource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/qpainfosource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/cpuinfosource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/selectionratiosource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/screeninfosource.h Examining data/kuserfeedback-1.0.0/src/provider/core/abstractdatasource.h Examining data/kuserfeedback-1.0.0/src/provider/core/localeinfosource.cpp Examining data/kuserfeedback-1.0.0/src/provider/core/auditloguicontroller.h Examining data/kuserfeedback-1.0.0/src/provider/core/cpuinfosource.h Examining data/kuserfeedback-1.0.0/src/provider/core/surveyinfo.h Examining data/kuserfeedback-1.0.0/src/provider/qml/qmlproviderextension.cpp Examining data/kuserfeedback-1.0.0/src/provider/qml/qmlpropertyratiosource.cpp Examining data/kuserfeedback-1.0.0/src/provider/qml/qmlpropertysource.cpp Examining data/kuserfeedback-1.0.0/src/provider/qml/qmldatasources.cpp Examining data/kuserfeedback-1.0.0/src/provider/qml/qmlplugin.h Examining data/kuserfeedback-1.0.0/src/provider/qml/qmlabstractdatasource.cpp Examining data/kuserfeedback-1.0.0/src/provider/qml/qmlabstractdatasource.h Examining data/kuserfeedback-1.0.0/src/provider/qml/qmlpropertysource.h Examining data/kuserfeedback-1.0.0/src/provider/qml/qmlpropertyratiosource.h Examining data/kuserfeedback-1.0.0/src/provider/qml/qmlproviderextension.h Examining data/kuserfeedback-1.0.0/src/provider/qml/qmlplugin.cpp Examining data/kuserfeedback-1.0.0/src/provider/qml/qmldatasources.h Examining data/kuserfeedback-1.0.0/src/provider/widgets/notificationpopup.cpp Examining data/kuserfeedback-1.0.0/src/provider/widgets/feedbackconfigdialog.cpp Examining data/kuserfeedback-1.0.0/src/provider/widgets/styleinfosource.cpp Examining data/kuserfeedback-1.0.0/src/provider/widgets/auditlogbrowserdialog.cpp Examining data/kuserfeedback-1.0.0/src/provider/widgets/styleinfosource.h Examining data/kuserfeedback-1.0.0/src/provider/widgets/feedbackconfigwidget.cpp Examining data/kuserfeedback-1.0.0/src/provider/widgets/feedbackconfigdialog.h Examining data/kuserfeedback-1.0.0/src/provider/widgets/notificationpopup.h Examining data/kuserfeedback-1.0.0/src/provider/widgets/feedbackconfigwidget.h Examining data/kuserfeedback-1.0.0/src/provider/widgets/auditlogbrowserdialog.h Examining data/kuserfeedback-1.0.0/src/console/core/aggregationelement.cpp Examining data/kuserfeedback-1.0.0/src/console/core/product.h Examining data/kuserfeedback-1.0.0/src/console/core/sample.h Examining data/kuserfeedback-1.0.0/src/console/core/survey.cpp Examining data/kuserfeedback-1.0.0/src/console/core/aggregationelement.h Examining data/kuserfeedback-1.0.0/src/console/core/schemaentrytemplates.h Examining data/kuserfeedback-1.0.0/src/console/core/schemaentrytemplates.cpp Examining data/kuserfeedback-1.0.0/src/console/core/schemaentryelement.h Examining data/kuserfeedback-1.0.0/src/console/core/schemaentry.h Examining data/kuserfeedback-1.0.0/src/console/core/product.cpp Examining data/kuserfeedback-1.0.0/src/console/core/aggregation.cpp Examining data/kuserfeedback-1.0.0/src/console/core/schemaentryelement.cpp Examining data/kuserfeedback-1.0.0/src/console/core/schemaentry.cpp Examining data/kuserfeedback-1.0.0/src/console/core/survey.h Examining data/kuserfeedback-1.0.0/src/console/core/aggregation.h Examining data/kuserfeedback-1.0.0/src/console/core/util.h Examining data/kuserfeedback-1.0.0/src/console/core/sample.cpp Examining data/kuserfeedback-1.0.0/src/console/rest/serverinfo.h Examining data/kuserfeedback-1.0.0/src/console/rest/serverinfo.cpp Examining data/kuserfeedback-1.0.0/src/console/rest/restapi.cpp Examining data/kuserfeedback-1.0.0/src/console/rest/restclient.cpp Examining data/kuserfeedback-1.0.0/src/console/rest/restapi.h Examining data/kuserfeedback-1.0.0/src/console/rest/restclient.h Examining data/kuserfeedback-1.0.0/src/console/connectdialog.h Examining data/kuserfeedback-1.0.0/src/console/connectdialog.cpp Examining data/kuserfeedback-1.0.0/src/console/mainwindow.h Examining data/kuserfeedback-1.0.0/src/console/main.cpp Examining data/kuserfeedback-1.0.0/src/console/analytics/aggregator.cpp Examining data/kuserfeedback-1.0.0/src/console/analytics/analyticsview.cpp Examining data/kuserfeedback-1.0.0/src/console/analytics/numericaggregator.cpp Examining data/kuserfeedback-1.0.0/src/console/analytics/chartutil.cpp Examining data/kuserfeedback-1.0.0/src/console/analytics/totalaggregator.cpp Examining data/kuserfeedback-1.0.0/src/console/analytics/categoryaggregator.cpp Examining data/kuserfeedback-1.0.0/src/console/analytics/ratiosetaggregator.cpp Examining data/kuserfeedback-1.0.0/src/console/analytics/categoryaggregator.h Examining data/kuserfeedback-1.0.0/src/console/analytics/chartexportdialog.cpp Examining data/kuserfeedback-1.0.0/src/console/analytics/analyticsview.h Examining data/kuserfeedback-1.0.0/src/console/analytics/aggregator.h Examining data/kuserfeedback-1.0.0/src/console/analytics/totalaggregator.h Examining data/kuserfeedback-1.0.0/src/console/analytics/chartexportdialog.h Examining data/kuserfeedback-1.0.0/src/console/analytics/ratiosetaggregator.h Examining data/kuserfeedback-1.0.0/src/console/analytics/chartutil.h Examining data/kuserfeedback-1.0.0/src/console/analytics/numericaggregator.h Examining data/kuserfeedback-1.0.0/src/console/model/timeaggregationmodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/aggregationelementmodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/aggregationelementeditmodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/aggregateddatamodel.h Examining data/kuserfeedback-1.0.0/src/console/model/extrarowsproxymodel.h Examining data/kuserfeedback-1.0.0/src/console/model/ratiosetaggregationmodel.h Examining data/kuserfeedback-1.0.0/src/console/model/aggregationeditormodel.h Examining data/kuserfeedback-1.0.0/src/console/model/singlerowfilterproxymodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/productmodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/aggregateddatamodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/singlerowfilterproxymodel.h Examining data/kuserfeedback-1.0.0/src/console/model/datamodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/surveymodel.h Examining data/kuserfeedback-1.0.0/src/console/model/schemamodel.h Examining data/kuserfeedback-1.0.0/src/console/model/aggregationelementmodel.h Examining data/kuserfeedback-1.0.0/src/console/model/productmodel.h Examining data/kuserfeedback-1.0.0/src/console/model/numericaggregationmodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/ratiosetaggregationmodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/rolemappingproxymodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/surveymodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/numericaggregationmodel.h Examining data/kuserfeedback-1.0.0/src/console/model/categoryaggregationmodel.h Examining data/kuserfeedback-1.0.0/src/console/model/datamodel.h Examining data/kuserfeedback-1.0.0/src/console/model/timeaggregationmodel.h Examining data/kuserfeedback-1.0.0/src/console/model/schemamodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/aggregationelementeditmodel.h Examining data/kuserfeedback-1.0.0/src/console/model/extrarowsproxymodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/categoryaggregationmodel.cpp Examining data/kuserfeedback-1.0.0/src/console/model/rolemappingproxymodel.h Examining data/kuserfeedback-1.0.0/src/console/model/aggregationeditormodel.cpp Examining data/kuserfeedback-1.0.0/src/console/surveyeditor/surveyeditor.h Examining data/kuserfeedback-1.0.0/src/console/surveyeditor/surveydialog.h Examining data/kuserfeedback-1.0.0/src/console/surveyeditor/surveyeditor.cpp Examining data/kuserfeedback-1.0.0/src/console/surveyeditor/surveydialog.cpp Examining data/kuserfeedback-1.0.0/src/console/helpcontroller.cpp Examining data/kuserfeedback-1.0.0/src/console/mainwindow.cpp Examining data/kuserfeedback-1.0.0/src/console/helpcontroller.h Examining data/kuserfeedback-1.0.0/src/console/widgets/metaenumcombobox.h Examining data/kuserfeedback-1.0.0/src/console/widgets/metaenumcombobox.cpp Examining data/kuserfeedback-1.0.0/src/console/jobs/job.h Examining data/kuserfeedback-1.0.0/src/console/jobs/productimportjob.cpp Examining data/kuserfeedback-1.0.0/src/console/jobs/job.cpp Examining data/kuserfeedback-1.0.0/src/console/jobs/securityscanjob.h Examining data/kuserfeedback-1.0.0/src/console/jobs/productexportjob.h Examining data/kuserfeedback-1.0.0/src/console/jobs/handshakejob.cpp Examining data/kuserfeedback-1.0.0/src/console/jobs/securityscanjob.cpp Examining data/kuserfeedback-1.0.0/src/console/jobs/productimportjob.h Examining data/kuserfeedback-1.0.0/src/console/jobs/productexportjob.cpp Examining data/kuserfeedback-1.0.0/src/console/jobs/handshakejob.h Examining data/kuserfeedback-1.0.0/src/console/schemaeditor/schemaeditor.h Examining data/kuserfeedback-1.0.0/src/console/schemaeditor/schemaeditor.cpp Examining data/kuserfeedback-1.0.0/src/console/schemaeditor/aggregationeditwidget.h Examining data/kuserfeedback-1.0.0/src/console/schemaeditor/schemaeditwidget.cpp Examining data/kuserfeedback-1.0.0/src/console/schemaeditor/schemaentryitemeditorfactory.h Examining data/kuserfeedback-1.0.0/src/console/schemaeditor/schemaentryitemeditorfactory.cpp Examining data/kuserfeedback-1.0.0/src/console/schemaeditor/schemaeditwidget.h Examining data/kuserfeedback-1.0.0/src/console/schemaeditor/aggregationeditwidget.cpp Examining data/kuserfeedback-1.0.0/src/cli/main.cpp FINAL RESULTS: data/kuserfeedback-1.0.0/src/console/analytics/analyticsview.cpp:279:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::WriteOnly)) { data/kuserfeedback-1.0.0/src/console/analytics/analyticsview.cpp:296:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/kuserfeedback-1.0.0/src/console/core/schemaentrytemplates.cpp:50:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) data/kuserfeedback-1.0.0/src/console/jobs/productexportjob.cpp:79:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::WriteOnly)) { data/kuserfeedback-1.0.0/src/console/jobs/productexportjob.cpp:99:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::WriteOnly)) { data/kuserfeedback-1.0.0/src/console/jobs/productexportjob.cpp:119:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::WriteOnly)) { data/kuserfeedback-1.0.0/src/console/jobs/productimportjob.cpp:54:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/kuserfeedback-1.0.0/src/console/jobs/productimportjob.cpp:81:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/kuserfeedback-1.0.0/src/console/jobs/productimportjob.cpp:112:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/kuserfeedback-1.0.0/src/console/schemaeditor/schemaeditor.cpp:141:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::WriteOnly)) { data/kuserfeedback-1.0.0/src/console/schemaeditor/schemaeditor.cpp:156:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/kuserfeedback-1.0.0/src/provider/core/auditloguicontroller.cpp:172:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly)) data/kuserfeedback-1.0.0/src/provider/core/provider.cpp:727:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly)) { data/kuserfeedback-1.0.0/src/common/surveytargetexpressionparser.cpp:40:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const auto size = strlen(str) - 2; data/kuserfeedback-1.0.0/src/provider/core/propertyratiosource.cpp:99:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). previousValue = valueToString(property.read(obj)); ANALYSIS SUMMARY: Hits = 15 Lines analyzed = 21145 in approximately 1.46 seconds (14482 lines/second) Physical Source Lines of Code (SLOC) = 13055 Hits@level = [0] 0 [1] 2 [2] 13 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 15 [1+] 15 [2+] 13 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.14899 [1+] 1.14899 [2+] 0.995787 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.